The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Emacs: code execution via enable-local-variables

Synthesis of the vulnerability 

The enable-local-variables directive of Emacs is ignored, which permits to execute code when victim opens a malicious file.
Vulnerable software: Fedora, Mandriva Linux, Unix (platform) ~ not comprehensive.
Severity of this announce: 2/4.
Creation date: 05/11/2007.
Références of this computer vulnerability: 449008, BID-26327, CERTA-2007-AVI-479, CVE-2007-5795, FEDORA-2007-2946, FEDORA-2007-3056, MDVSA-2008:034, VIGILANCE-VUL-7309.

Description of the vulnerability 

A text file can contain local variables for Emacs. For example (ignore the '_'):
 _Local Variables:
 _comment-column: 0
 _End:

The enable-local-variables directive of Emacs can contain:
 - t : asks user to approve local variables
 - nil : ignores all local variables
 - all : accepts all local variables
 - safe : accepts safe variables such as "comment-column", but rejects variables such as "load-path"

However, when enable-local-variables is set to "safe", it is interpreted as "all". All local variables indicated in the file are thus allowed.

An attacker can therefore create a malicious file, which executes code on victim's computer when it is opened.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat announce impacts software or systems such as Fedora, Mandriva Linux, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this cybersecurity alert.

Solutions for this threat 

Emacs: patch for enable-local-variables.
A patch is available.

Fedora 7: new emacs packages.
New packages are available:
98594d383704a50c85318a126c76f2c3c58f207e emacs-22.1-5.fc7.ppc64.rpm
9d41ebd19f91c2770033175586492b58242a8d23 emacs-common-22.1-5.fc7.ppc64.rpm
53995dc81ee627c48d16ce21cb9ef6e5d3cf2dc3 emacs-nox-22.1-5.fc7.ppc64.rpm
07ec663f4d4f91b7ce3e4c7914039b6489f320e3 emacs-debuginfo-22.1-5.fc7.ppc64.rpm
6e70d4d169dbf60f6ca49a86478eac16d580e028 emacs-el-22.1-5.fc7.ppc64.rpm
a35026bf40af6317f5206fda6691e667b669ff89 emacs-22.1-5.fc7.i386.rpm
af5511c7af708c278ee369650afd4547d08cd691 emacs-nox-22.1-5.fc7.i386.rpm
240a32962b5e10e3838031b9db97e93cdf5c553f emacs-debuginfo-22.1-5.fc7.i386.rpm
420c694a8428cc48803c567df03712e6278111dc emacs-common-22.1-5.fc7.i386.rpm
24410fdd05874e6f56f59fa50a80f8d976d8fa97 emacs-el-22.1-5.fc7.i386.rpm
c9ea3853f1345665c19d47fd6128ee5ed4a5aa38 emacs-common-22.1-5.fc7.x86_64.rpm
3809c898a47ec050ba4b1c55f93021a972bc18a7 emacs-22.1-5.fc7.x86_64.rpm
0cf41ffc198c1a9289468fa5ffefb63536fbf33e emacs-el-22.1-5.fc7.x86_64.rpm
a7527a5139411e9bc7009e0f7a321495cc5e1cd0 emacs-debuginfo-22.1-5.fc7.x86_64.rpm
39acd65e3cef7477cda4e83b139dcf943674b3cb emacs-nox-22.1-5.fc7.x86_64.rpm
659f72ecfc4f2b402b56d5b7d33bcda9aa0e6179 emacs-el-22.1-5.fc7.ppc.rpm
ff3f1c5423bcd6815b3e79b50cc0a7b5307d44ce emacs-22.1-5.fc7.ppc.rpm
f020da57d704a19865fc8e1679af5e4a30fe49a5 emacs-nox-22.1-5.fc7.ppc.rpm
e34f412a150eec7aba31092c6e6c0c60ad5daff6 emacs-common-22.1-5.fc7.ppc.rpm
9420b0a8646cd2fc8b8ca8d94f87548441f43b95 emacs-debuginfo-22.1-5.fc7.ppc.rpm
06ff6e4fb3d1d4ddbc6347e2a54b2a8d96940302 emacs-22.1-5.fc7.src.rpm

Fedora 8: new emacs packages.
New packages are available:
c1e0034a6635e2da30fc539d19ff642e5cbf3796 emacs-el-22.1-8.fc8.ppc64.rpm
01ed0c587b59f3654054d88db54e5723a5dbc007 emacs-debuginfo-22.1-8.fc8.ppc64.rpm
5e5221f9f6885db39769ac331f9d0c44e569dab8 emacs-common-22.1-8.fc8.ppc64.rpm
0cd0c73e830de77232badb7140aeeb708e5dc51a emacs-22.1-8.fc8.ppc64.rpm
633401bbf469c1fddbf4d914270b4cefdfee8cc4 emacs-nox-22.1-8.fc8.ppc64.rpm
857651ca84a073485c8e271c2fcd7405951459dd emacs-debuginfo-22.1-8.fc8.i386.rpm
3a470676945503fcbcf74665cfb4282cf007a616 emacs-nox-22.1-8.fc8.i386.rpm
12055d54cbb670c9a916ff4908638f4804369de5 emacs-el-22.1-8.fc8.i386.rpm
22d7cd097a1b5cb7dcfb3d9c292a175884735b37 emacs-common-22.1-8.fc8.i386.rpm
d1c16cdad67cd9849540022e51f5ce6b1a3d764e emacs-22.1-8.fc8.i386.rpm
2b8494d9b8bc43823b6c3759e97f5bd8e7133ae2 emacs-el-22.1-8.fc8.x86_64.rpm
c972701d3ebeb7975574b26e2b83568505c6b287 emacs-22.1-8.fc8.x86_64.rpm
6dfe7d0f11a02965dfbbfdf2f3b8d205ba1da098 emacs-debuginfo-22.1-8.fc8.x86_64.rpm
dadc7c34bd33fbf57fc51e051cb0e94bea8b7c71 emacs-common-22.1-8.fc8.x86_64.rpm
d0d0856323e00ba182b5862f3e51113ef447fcdb emacs-nox-22.1-8.fc8.x86_64.rpm
f574918bf01c1b633f6d64aa1cf14ce1d46f6856 emacs-el-22.1-8.fc8.ppc.rpm
c5da646527fcb265d793f83e7c22695eb0af48ee emacs-common-22.1-8.fc8.ppc.rpm
6f908b7e1bec893b8d06cfee09a5bfdba56ca291 emacs-nox-22.1-8.fc8.ppc.rpm
0a2c80abe3ce9ed544ff5eb25a8ba0caccbae858 emacs-22.1-8.fc8.ppc.rpm
241d11621162b80254876d0225736f088408a184 emacs-debuginfo-22.1-8.fc8.ppc.rpm
78711155481c0ab2f8f381360e36ce920370f11d emacs-22.1-8.fc8.src.rpm

Mandriva: new emacs packages.
New packages are available:
 
 Mandriva Linux 2007.0:
 f21e7e74502d46bc080f4a48080c574a 2007.0/i586/emacs-21.4-26.2mdv2007.0.i586.rpm
 a73d62aee609e6be32937b681780a0b6 2007.0/i586/emacs-X11-21.4-26.2mdv2007.0.i586.rpm
 589a15364fb4cfbf12e8e47b7104a7fa 2007.0/i586/emacs-doc-21.4-26.2mdv2007.0.i586.rpm
 2253dd2b8b5aa563add08e7350a65f44 2007.0/i586/emacs-el-21.4-26.2mdv2007.0.i586.rpm
 919175eea98794b2a4ea7b3626119a8a 2007.0/i586/emacs-leim-21.4-26.2mdv2007.0.i586.rpm
 a8c1c605bd854db7637b8318f7b5c7f5 2007.0/i586/emacs-nox-21.4-26.2mdv2007.0.i586.rpm
 58b7e26033084006cda510468ebc75ac 2007.0/SRPMS/emacs-21.4-26.2mdv2007.0.src.rpm
 Mandriva Linux 2007.0/X86_64:
 a6ff38fc50ebb49e211bc5cf10231e01 2007.0/x86_64/emacs-21.4-26.2mdv2007.0.x86_64.rpm
 d8bc4c5f8663c2c4e3fef168db4f16b9 2007.0/x86_64/emacs-X11-21.4-26.2mdv2007.0.x86_64.rpm
 c5c6dd9d95905c838ca6d731f208f67e 2007.0/x86_64/emacs-doc-21.4-26.2mdv2007.0.x86_64.rpm
 a5ae4708158e52a3de4bdeb3e3c203fc 2007.0/x86_64/emacs-el-21.4-26.2mdv2007.0.x86_64.rpm
 0ef28ab5726ae394499645062c633602 2007.0/x86_64/emacs-leim-21.4-26.2mdv2007.0.x86_64.rpm
 e90514c50fd5cef37dc59a27b705d13c 2007.0/x86_64/emacs-nox-21.4-26.2mdv2007.0.x86_64.rpm
 58b7e26033084006cda510468ebc75ac 2007.0/SRPMS/emacs-21.4-26.2mdv2007.0.src.rpm
 Mandriva Linux 2007.1:
 bacb82a95ab9babc66aa7a46e6b4dc82 2007.1/i586/emacs-21.4-26.2mdv2007.1.i586.rpm
 954785ebcf994cea467008606ceb7865 2007.1/i586/emacs-X11-21.4-26.2mdv2007.1.i586.rpm
 77e9d3072e695b29d07ebac0f40fd262 2007.1/i586/emacs-doc-21.4-26.2mdv2007.1.i586.rpm
 880b385fea1eb26b5bac57427c86ba08 2007.1/i586/emacs-el-21.4-26.2mdv2007.1.i586.rpm
 4f2e9e2a7a5099f4de32c53822cf736a 2007.1/i586/emacs-leim-21.4-26.2mdv2007.1.i586.rpm
 bb2fce94cb107de86bff7b0727be023c 2007.1/i586/emacs-nox-21.4-26.2mdv2007.1.i586.rpm
 93460555120ee14779b4090ab77425a4 2007.1/SRPMS/emacs-21.4-26.2mdv2007.1.src.rpm
 Mandriva Linux 2007.1/X86_64:
 8285245a590680e2cee5520e4a627703 2007.1/x86_64/emacs-21.4-26.2mdv2007.1.x86_64.rpm
 bc97da27f378af323630a2f318c24155 2007.1/x86_64/emacs-X11-21.4-26.2mdv2007.1.x86_64.rpm
 306c2ea8ecc96094195ed970e6648245 2007.1/x86_64/emacs-doc-21.4-26.2mdv2007.1.x86_64.rpm
 4dddafd86ec989b8329062c44a909a9c 2007.1/x86_64/emacs-el-21.4-26.2mdv2007.1.x86_64.rpm
 024fed6e709952488ef2d6ed0397de9d 2007.1/x86_64/emacs-leim-21.4-26.2mdv2007.1.x86_64.rpm
 c096d01ea9be0779f46d8a1474d5318f 2007.1/x86_64/emacs-nox-21.4-26.2mdv2007.1.x86_64.rpm
 93460555120ee14779b4090ab77425a4 2007.1/SRPMS/emacs-21.4-26.2mdv2007.1.src.rpm
 Mandriva Linux 2008.0:
 e6dd6abf0cb27d303b22e80d1091bd1e 2008.0/i586/emacs-22.1-5.1mdv2008.0.i586.rpm
 4dfa152d8998fc5c8fe78e3cbaf125f6 2008.0/i586/emacs-common-22.1-5.1mdv2008.0.i586.rpm
 ff9cc6e64a7142198b49f551944f7357 2008.0/i586/emacs-doc-22.1-5.1mdv2008.0.i586.rpm
 25af5a88aacdbaa419a67d4adf125589 2008.0/i586/emacs-el-22.1-5.1mdv2008.0.i586.rpm
 dd847a0b9e3eb8cd59d69dc365320ff1 2008.0/i586/emacs-gtk-22.1-5.1mdv2008.0.i586.rpm
 3592f389b333475fa94cb4dc84cde8be 2008.0/i586/emacs-leim-22.1-5.1mdv2008.0.i586.rpm
 0fb982382245c7858def3f788820cdac 2008.0/i586/emacs-nox-22.1-5.1mdv2008.0.i586.rpm
 fc5ae7001cfd746c5eedcb7172a0445c 2008.0/SRPMS/emacs-22.1-5.1mdv2008.0.src.rpm
 Mandriva Linux 2008.0/X86_64:
 551b608acfd97bd227f3d3c8b5b6f155 2008.0/x86_64/emacs-22.1-5.1mdv2008.0.x86_64.rpm
 88e56aabb7dd52cdc9fd813ecc376c12 2008.0/x86_64/emacs-common-22.1-5.1mdv2008.0.x86_64.rpm
 6f1a0ffb0600cf3e076257f0972793a9 2008.0/x86_64/emacs-doc-22.1-5.1mdv2008.0.x86_64.rpm
 f6a8a3d45feb6d04e66fc5ffd4eb2067 2008.0/x86_64/emacs-el-22.1-5.1mdv2008.0.x86_64.rpm
 0377fec7fb8f09dfd84db6fa6de6ff0a 2008.0/x86_64/emacs-gtk-22.1-5.1mdv2008.0.x86_64.rpm
 f914847423ed5c5fa217f77c19d0b312 2008.0/x86_64/emacs-leim-22.1-5.1mdv2008.0.x86_64.rpm
 f834fbcb86b540946dbbb7fd68ef97d8 2008.0/x86_64/emacs-nox-22.1-5.1mdv2008.0.x86_64.rpm
 fc5ae7001cfd746c5eedcb7172a0445c 2008.0/SRPMS/emacs-22.1-5.1mdv2008.0.src.rpm
 Corporate 3.0:
 846bc555f6e24843329bc971a0d86e7d corporate/3.0/i586/emacs-21.3-9.3.C30mdk.i586.rpm
 e5f5a7c2885801f69284d2cf83cc7657 corporate/3.0/i586/emacs-X11-21.3-9.3.C30mdk.i586.rpm
 fbd6b3dcdbe55b8f6a238c6c28c819ac corporate/3.0/i586/emacs-el-21.3-9.3.C30mdk.i586.rpm
 920d56462f970bd5228a3a9729ec149c corporate/3.0/i586/emacs-leim-21.3-9.3.C30mdk.i586.rpm
 9a762f39fda7e8af966f2d8580ff561d corporate/3.0/i586/emacs-nox-21.3-9.3.C30mdk.i586.rpm
 adc16c5f9ad32295db6ea036101069e2 corporate/3.0/SRPMS/emacs-21.3-9.3.C30mdk.src.rpm
 Corporate 3.0/X86_64:
 91a59e872e88638df84b32cd7cdb7fe4 corporate/3.0/x86_64/emacs-21.3-9.3.C30mdk.x86_64.rpm
 a4ccc81d17b1397d5fdec6eb6e2ddad9 corporate/3.0/x86_64/emacs-X11-21.3-9.3.C30mdk.x86_64.rpm
 4f08fc2400cc2ef9ed3d2970f3324ffe corporate/3.0/x86_64/emacs-el-21.3-9.3.C30mdk.x86_64.rpm
 d77294d54d8908cf3016cd7f1cafe1ea corporate/3.0/x86_64/emacs-leim-21.3-9.3.C30mdk.x86_64.rpm
 7eba0bf35e01c4a6e1018a8cb5225115 corporate/3.0/x86_64/emacs-nox-21.3-9.3.C30mdk.x86_64.rpm
 adc16c5f9ad32295db6ea036101069e2 corporate/3.0/SRPMS/emacs-21.3-9.3.C30mdk.src.rpm
 Corporate 4.0:
 ce19613054ce62dd96433b01b91258b1 corporate/4.0/i586/emacs-21.4-20.2.20060mlcs4.i586.rpm
 b67b18e5f5fccbb9c4012f49f31325f0 corporate/4.0/i586/emacs-X11-21.4-20.2.20060mlcs4.i586.rpm
 146214a37b174b2b59d7e883bb29802f corporate/4.0/i586/emacs-doc-21.4-20.2.20060mlcs4.i586.rpm
 0bf2f09a9a5a0b02c0f9600e34ba9f84 corporate/4.0/i586/emacs-el-21.4-20.2.20060mlcs4.i586.rpm
 92cd0e9c3bfa881f0303810d6e9e8cbf corporate/4.0/i586/emacs-leim-21.4-20.2.20060mlcs4.i586.rpm
 7a75213230a1f3a905ee91d588b6cd08 corporate/4.0/i586/emacs-nox-21.4-20.2.20060mlcs4.i586.rpm
 af9fa010f39b56f24803926854f0595e corporate/4.0/SRPMS/emacs-21.4-20.2.20060mlcs4.src.rpm
 Corporate 4.0/X86_64:
 173a3addd59c8706d407be4926712920 corporate/4.0/x86_64/emacs-21.4-20.2.20060mlcs4.x86_64.rpm
 a445eb2f6c731ac7b11da483d533911a corporate/4.0/x86_64/emacs-X11-21.4-20.2.20060mlcs4.x86_64.rpm
 46385585ed5da20703584623f862c8eb corporate/4.0/x86_64/emacs-doc-21.4-20.2.20060mlcs4.x86_64.rpm
 32a6678ddee851f69d541cfafa3e101e corporate/4.0/x86_64/emacs-el-21.4-20.2.20060mlcs4.x86_64.rpm
 980dce6cf406dac7c3ee1d89073c6d91 corporate/4.0/x86_64/emacs-leim-21.4-20.2.20060mlcs4.x86_64.rpm
 5814b72ab37b9bdd8ea2b58de765ebad corporate/4.0/x86_64/emacs-nox-21.4-20.2.20060mlcs4.x86_64.rpm
 af9fa010f39b56f24803926854f0595e corporate/4.0/SRPMS/emacs-21.4-20.2.20060mlcs4.src.rpm
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability analysis. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.