{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-31T00:00:00", "descriptions": [{"lang": "en", "value": "GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file (\"[ORIGINAL_FILENAME]~\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-07T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20171031 Fw: Security risk of vim swap files", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/10/31/1"}, {"name": "101671", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101671"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-1000383", "REQUESTER": "kurt@seifried.org", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file (\"[ORIGINAL_FILENAME]~\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20171031 Fw: Security risk of vim swap files", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/10/31/1"}, {"name": "101671", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101671"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:00:41.080Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20171031 Fw: Security risk of vim swap files", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/10/31/1"}, {"name": "101671", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101671"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000383", "datePublished": "2017-10-31T20:00:00", "dateReserved": "2017-10-31T00:00:00", "dateUpdated": "2024-08-05T22:00:41.080Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD011634-56BE-4D2A-B6CC-320C6DB7FC9B", "versionEndIncluding": "25.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file (\"[ORIGINAL_FILENAME]~\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary."}, {"lang": "es", "value": "GNU Emacs en la versi\u00f3n 25.3.1 (y, muy probablemente, en otras versiones) ignora la m\u00e1scara de usuario cuando se crea un archivo de guardado de copia de seguridad (\"[ORIGINAL_FILENAME]~\"), lo que da como resultado archivos que podr\u00edan ser legibles por cualquier usuario o accesibles de formas no planeadas por el usuario que ejecuta el binario de emacs."}], "id": "CVE-2017-1000383", "lastModified": "2024-11-21T03:04:36.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-31T20:29:00.310", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/10/31/1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101671"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/10/31/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101671"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "emacs: Ignores umask when creating a swap file", "id": "1508788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508788"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-266", "details": ["GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file (\"[ORIGINAL_FILENAME]~\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.", "It was found that emacs applies the opened file read permissions to the swap file, overriding the process' umask. An attacker might search for vim swap files, that were not deleted properly, in order to retrieve sensible data."], "name": "CVE-2017-1000383", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2017-10-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-1000383\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000383"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}