{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-06T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-04-08T13:57:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"name": "[emacs-diffs] 20140506 emacs-24 r117071: Fix Bug#17415.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html"}, {"name": "MDVSA-2015:117", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3424", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"name": "[emacs-diffs] 20140506 emacs-24 r117071: Fix Bug#17415.", "refsource": "MLIST", "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html"}, {"name": "MDVSA-2015:117", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}, {"name": "http://advisories.mageia.org/MGASA-2014-0250.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"name": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8", "refsource": "CONFIRM", "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:43:05.773Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"name": "[emacs-diffs] 20140506 emacs-24 r117071: Fix Bug#17415.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html"}, {"name": "MDVSA-2015:117", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3424", "datePublished": "2014-05-08T10:00:00.000Z", "dateReserved": "2014-05-07T00:00:00.000Z", "dateUpdated": "2024-08-06T10:43:05.773Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*", "matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA", "vulnerable": true}, {"criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*", "matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BAE0411-D27E-49B6-8F8B-972A2E9985FC", "versionEndIncluding": "24.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*", "matchCriteriaId": "E460F3A1-71DD-4A37-9F17-6B4E5C9A46AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F9D5B3C-7534-4DC6-BE44-91A0031FBA6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EB2E29F-371A-43AB-8CBF-DDFABDB103BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*", "matchCriteriaId": "05F6124D-F3C1-4E4C-B580-85AB01833885", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*", "matchCriteriaId": "9571E866-AB82-4B95-8097-ED0DA038331F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A773690-9650-40E1-BCE3-7E020AF61BCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*", "matchCriteriaId": "26D9A554-CB40-461D-9C95-78051B0CA354", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*", "matchCriteriaId": "0AFE5D6E-1979-4CF2-ACE0-BB6F31F80434", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*", "matchCriteriaId": "7731A395-328A-4435-A388-1419224A4256", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*", "matchCriteriaId": "05BDDB87-0AFF-4BDC-995A-94F221ED3641", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*", "matchCriteriaId": "F9ADBEE6-3B38-4284-B9F8-37F7FFEBDE81", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4389884-70D2-4915-80A7-CFA4A420A024", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA95B19B-F35D-4644-9E75-5A138A960C10", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE5CB6EB-74D8-4CA8-8B86-08E06859E2E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*", "matchCriteriaId": "FC7E9FE5-E87C-440B-A16E-327501BC8977", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*", "matchCriteriaId": "9ADF55EE-0F79-414A-B701-14DDA1C9C3B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*", "matchCriteriaId": "37E5A757-C2C8-49D4-AFCD-156CCF4B7262", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*", "matchCriteriaId": "F1D047EC-2354-430D-B44C-FE8574F7617B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*", "matchCriteriaId": "99B66AEA-D831-4A17-A7D6-4DEDA28985C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*", "matchCriteriaId": "944A2F7B-375B-4466-8A98-934123C209FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*", "matchCriteriaId": "123EF408-7950-4856-8A8D-B5553A0FFF58", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*", "matchCriteriaId": "D9948287-D8A4-4B29-9240-FCD25E73B00D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*", "matchCriteriaId": "ECC26DAB-A671-47BE-84DD-AD0A4CF72079", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:24.2:*:*:*:*:*:*:*", "matchCriteriaId": "38737529-7787-45AD-81FB-8571789BAEDB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file."}, {"lang": "es", "value": "lisp/net/tramp-sh.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un archivo /tmp/tramp.##### temporal."}], "id": "CVE-2014-3424", "lastModified": "2026-05-06T22:30:45.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-08T10:55:05.577", "references": [{"source": "cve@mitre.org", "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"source": "cve@mitre.org", "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}, {"source": "cve@mitre.org", "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0250.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2014/05/07/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "emacs: multiple temporary file issues", "id": "1095586", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095586"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-377", "details": ["lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file."], "name": "CVE-2014-3424", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-05-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3424\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3424"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}

{}