| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.7 | $0-$5k | 0.00 |
Summary
A vulnerability was found in GNU Emacs 22.1. It has been classified as problematic. This vulnerability affects unknown code of the component Variables Handler. Performing a manipulation results in privileges management. This vulnerability is known as CVE-2007-5795. Furthermore, an exploit is available. It is preferable to disable the affected component.
Details
A vulnerability was found in GNU Emacs 22.1 (Word Processing Software). It has been classified as critical. This affects an unknown code block of the component Variables Handler. The manipulation with an unknown input leads to a privileges management vulnerability. CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
The bug was discovered 11/02/2007. The weakness was published 11/05/2007 by Drake Wilson (Website). It is possible to read the advisory at bugs.debian.org. This vulnerability is uniquely identified as CVE-2007-5795 since 11/02/2007. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are unknown but a public exploit is available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
The exploit is shared for download at securityfocus.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 28255 (Fedora 7 : emacs-22.1-5.fc7 (2007-3056)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks and running in the context l.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at cvs.savannah.gnu.org. A possible mitigation has been published 2 months after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (38263), Exploit-DB (30736), Tenable (28255), SecurityFocus (BID 26327†) and OSVDB (42060†). Similar entry is available at VDB-39960. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.gnu.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.6VulDB Meta Temp Score: 7.7
VulDB Base Score: 8.6
VulDB Temp Score: 7.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Privileges managementCWE: CWE-269 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 28255
Nessus Name: Fedora 7 : emacs-22.1-5.fc7 (2007-3056)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 861435
OpenVAS Name: Family Connections argv[1] Parameter Remote Arbitrary Command Execution Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: DisableStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: cvs.savannah.gnu.org
Timeline
02/11/2007 🔍11/02/2007 🔍
11/02/2007 🔍
11/02/2007 🔍
11/02/2007 🔍
11/05/2007 🔍
11/05/2007 🔍
11/11/2007 🔍
11/20/2007 🔍
12/03/2007 🔍
12/09/2007 🔍
12/10/2007 🔍
01/12/2025 🔍
Sources
Vendor: gnu.orgAdvisory: bugs.debian.org
Researcher: Drake Wilson
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2007-5795 (🔍)
GCVE (CVE): GCVE-0-2007-5795
GCVE (VulDB): GCVE-100-3435
OVAL: 🔍
X-Force: 38263 - GNU Emacs hack-local-variables function security bypass, Medium Risk
SecurityFocus: 26327 - GNU Emacs Local Variable Handling Code Execution Vulnerability
Secunia: 27984
OSVDB: 42060 - GNU Emacs hack-local-variables Function Crafted File Local Variable Manipulation
Vulnerability Center: 16753 - Emacs < 22.2 Security Restrictions Bypass when enable-local-variables Is Set to \, Medium
Vupen: ADV-2007-3715
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 12/03/2007 13:49Updated: 01/12/2025 14:45
Changes: 12/03/2007 13:49 (98), 07/29/2019 17:54 (1), 01/12/2025 14:45 (22)
Complete: 🔍
Cache ID: 216:ECA:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.