Vigil@nce: Emacs, code execution via emacs.py
September 2008 by Vigil@nce
A local attacker can create the emacs.py file in order to execute
code with privileges of the Emacs user.
– Gravity: 1/4
– Consequences: user access/rights
– Provenance: user shell
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: medium (2/3)
– Creation date: 09/09/2008
– Identifier: VIGILANCE-VUL-8096
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION
The Emacs editor supports the Python language:
– the "run-python" command executes a Python program
– in "eldoc-mode" mode, the command "run-python" is called when a
Python file is opened
When "run-python" is executed, the "emacs.py" configuration file
is searched and automatically run. However, this file is first
searched in the current directory.
An attacker can therefore create an "emacs.py" file in a
directory, and invite the victim to open a Python file in this
same directory, in order to force the code from "emacs.py" to be
executed.
CHARACTERISTICS
– Identifiers: BID-31052, VIGILANCE-VUL-8096
– Url: https://vigilance.aql.fr/tree/1/8096