CVE-2000-0270

The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/1126	Patch Vendor Advisory
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:emacs:20.0:::::::*
	cpe:2.3:a:gnu:emacs:20.1:::::::*
	cpe:2.3:a:gnu:emacs:20.2:::::::*
	cpe:2.3:a:gnu:emacs:20.3:::::::*
	cpe:2.3:a:gnu:emacs:20.4:::::::*
	cpe:2.3:a:gnu:emacs:20.5:::::::*
	cpe:2.3:a:gnu:emacs:20.6:::::::*

History

07 Nov 2023, 01:55

Type	Values Removed	Values Added
References	{'url': 'http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de', 'name': '20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20', 'tags': [], 'refsource': 'BUGTRAQ'}	() http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de -

Information

Published : 2000-04-18 04:00

Updated : 2023-12-10 10:17

NVD link : CVE-2000-0270

Mitre link : CVE-2000-0270

CVE.ORG link : CVE-2000-0270

JSON object : View

Products Affected

gnu

emacs

CWE

NVD-CWE-Other

{"id": "CVE-2000-0270", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2000-04-18T04:00:00.000", "references": [{"url": "http://www.securityfocus.com/bid/1126", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack."}], "lastModified": "2023-11-07T01:55:15.903", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460F3A1-71DD-4A37-9F17-6B4E5C9A46AE"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F9D5B3C-7534-4DC6-BE44-91A0031FBA6C"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EB2E29F-371A-43AB-8CBF-DDFABDB103BB"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05F6124D-F3C1-4E4C-B580-85AB01833885"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9571E866-AB82-4B95-8097-ED0DA038331F"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A773690-9650-40E1-BCE3-7E020AF61BCD"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26D9A554-CB40-461D-9C95-78051B0CA354"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}