Vulnerability Description
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
CVSS Score
1.2
LOW
AV:L/AC:H/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Emacs | 20.4 |
| Xemacs | Xemacs | 21.1.10 |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-08/0093.htmlVendor Advisory
- http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_ta
- http://www.iss.net/security_center/static/11210.php
- http://archives.neohapsis.com/archives/bugtraq/2001-08/0093.htmlVendor Advisory
- http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_ta
- http://www.iss.net/security_center/static/11210.php
FAQ
What is CVE-2001-1301?
CVE-2001-1301 is a vulnerability with a CVSS score of 1.2 (LOW). rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
How severe is CVE-2001-1301?
CVE-2001-1301 has been rated LOW with a CVSS base score of 1.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1301?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Emacs, Xemacs Xemacs.