CVE-2000-0271

read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/1125	Patch Vendor Advisory
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:emacs:20.0:::::::*
	cpe:2.3:a:gnu:emacs:20.1:::::::*
	cpe:2.3:a:gnu:emacs:20.2:::::::*
	cpe:2.3:a:gnu:emacs:20.3:::::::*
	cpe:2.3:a:gnu:emacs:20.4:::::::*
	cpe:2.3:a:gnu:emacs:20.5:::::::*
	cpe:2.3:a:gnu:emacs:20.6:::::::*

History

07 Nov 2023, 01:55

Type	Values Removed	Values Added
References	{'url': 'http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de', 'name': '20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20', 'tags': [], 'refsource': 'BUGTRAQ'}	() http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de -

Information

Published : 2000-04-18 04:00

Updated : 2023-12-10 10:17

NVD link : CVE-2000-0271

Mitre link : CVE-2000-0271

CVE.ORG link : CVE-2000-0271

JSON object : View

Products Affected

gnu

emacs

CWE

NVD-CWE-Other

{"id": "CVE-2000-0271", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2000-04-18T04:00:00.000", "references": [{"url": "http://www.securityfocus.com/bid/1125", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords."}], "lastModified": "2023-11-07T01:55:15.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460F3A1-71DD-4A37-9F17-6B4E5C9A46AE"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F9D5B3C-7534-4DC6-BE44-91A0031FBA6C"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EB2E29F-371A-43AB-8CBF-DDFABDB103BB"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05F6124D-F3C1-4E4C-B580-85AB01833885"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9571E866-AB82-4B95-8097-ED0DA038331F"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A773690-9650-40E1-BCE3-7E020AF61BCD"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26D9A554-CB40-461D-9C95-78051B0CA354"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}