CVE-2005-0100
First published: Mon Feb 07 2005(Updated: )
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Emacs | <=20.0 | |
| GNU Emacs | =21.3 | |
| XEmacs | <=21.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2005/dsa-670
- http://www.debian.org/security/2005/dsa-671
- http://www.debian.org/security/2005/dsa-685
- http://www.redhat.com/support/errata/RHSA-2005-110.html
- http://www.redhat.com/support/errata/RHSA-2005-112.html
- http://www.redhat.com/support/errata/RHSA-2005-133.html
- http://www.securityfocus.com/bid/12462
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:038
- http://marc.info/?l=bugtraq&m=110780416112719&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19246
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9408
- http://www.securityfocus.com/archive/1/433928/30/5010/threaded
Frequently Asked Questions
What is the severity of CVE-2005-0100?
CVE-2005-0100 is considered to have a high severity level due to the potential for arbitrary code execution.
How do I fix CVE-2005-0100?
To mitigate CVE-2005-0100, upgrade to a patched version of Emacs or XEmacs that resolves the format string vulnerability.
Which versions are affected by CVE-2005-0100?
CVE-2005-0100 affects GNU Emacs versions 20.x, 21.3 and XEmacs versions up to and including 21.4.
What is a format string vulnerability in the context of CVE-2005-0100?
A format string vulnerability allows an attacker to manipulate the format string used in functions, potentially leading to arbitrary code execution.
Can CVE-2005-0100 be exploited by local attackers?
No, CVE-2005-0100 is primarily an issue exploited through remote malicious POP3 servers.
- agent/references
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/gnu
- canonical/gnu emacs
- version/gnu emacs/20.0
- version/gnu emacs/21.3
- canonical/xemacs
- version/xemacs/21.4