{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-06T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-04-08T13:57:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"name": "[emacs-diffs] 20140506 emacs-24 r117066: * gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html"}, {"name": "MDVSA-2015:117", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3421", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"name": "[emacs-diffs] 20140506 emacs-24 r117066: * gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name.", "refsource": "MLIST", "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html"}, {"name": "MDVSA-2015:117", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}, {"name": "http://advisories.mageia.org/MGASA-2014-0250.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"name": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8", "refsource": "CONFIRM", "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:43:05.509Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"name": "[emacs-diffs] 20140506 emacs-24 r117066: * gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html"}, {"name": "MDVSA-2015:117", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3421", "datePublished": "2014-05-08T10:00:00.000Z", "dateReserved": "2014-05-07T00:00:00.000Z", "dateUpdated": "2024-08-06T10:43:05.509Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*", "matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA", "vulnerable": true}, {"criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*", "matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BAE0411-D27E-49B6-8F8B-972A2E9985FC", "versionEndIncluding": "24.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*", "matchCriteriaId": "E460F3A1-71DD-4A37-9F17-6B4E5C9A46AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F9D5B3C-7534-4DC6-BE44-91A0031FBA6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EB2E29F-371A-43AB-8CBF-DDFABDB103BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*", "matchCriteriaId": "05F6124D-F3C1-4E4C-B580-85AB01833885", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*", "matchCriteriaId": "9571E866-AB82-4B95-8097-ED0DA038331F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A773690-9650-40E1-BCE3-7E020AF61BCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*", "matchCriteriaId": "26D9A554-CB40-461D-9C95-78051B0CA354", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*", "matchCriteriaId": "0AFE5D6E-1979-4CF2-ACE0-BB6F31F80434", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*", "matchCriteriaId": "7731A395-328A-4435-A388-1419224A4256", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*", "matchCriteriaId": "05BDDB87-0AFF-4BDC-995A-94F221ED3641", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*", "matchCriteriaId": "F9ADBEE6-3B38-4284-B9F8-37F7FFEBDE81", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4389884-70D2-4915-80A7-CFA4A420A024", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA95B19B-F35D-4644-9E75-5A138A960C10", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE5CB6EB-74D8-4CA8-8B86-08E06859E2E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*", "matchCriteriaId": "FC7E9FE5-E87C-440B-A16E-327501BC8977", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*", "matchCriteriaId": "9ADF55EE-0F79-414A-B701-14DDA1C9C3B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*", "matchCriteriaId": "37E5A757-C2C8-49D4-AFCD-156CCF4B7262", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*", "matchCriteriaId": "F1D047EC-2354-430D-B44C-FE8574F7617B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*", "matchCriteriaId": "99B66AEA-D831-4A17-A7D6-4DEDA28985C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*", "matchCriteriaId": "944A2F7B-375B-4466-8A98-934123C209FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*", "matchCriteriaId": "123EF408-7950-4856-8A8D-B5553A0FFF58", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*", "matchCriteriaId": "D9948287-D8A4-4B29-9240-FCD25E73B00D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*", "matchCriteriaId": "ECC26DAB-A671-47BE-84DD-AD0A4CF72079", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:24.2:*:*:*:*:*:*:*", "matchCriteriaId": "38737529-7787-45AD-81FB-8571789BAEDB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file."}, {"lang": "es", "value": "lisp/gnus/gnus-fun.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre el archivo /tmp/gnus.face.ppm temporal."}], "id": "CVE-2014-3421", "lastModified": "2026-05-06T22:30:45.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-08T10:55:05.217", "references": [{"source": "cve@mitre.org", "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"source": "cve@mitre.org", "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}, {"source": "cve@mitre.org", "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "emacs: multiple temporary file issues", "id": "1095586", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095586"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-377", "details": ["lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file."], "name": "CVE-2014-3421", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-05-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3421\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3421"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}

{}