This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Emacs developers report :
The Emacs command `run-python' launches an interactive Python
interpreter. After the Python process starts up, Emacs automatically
sends it the line :
which normally imports a script named emacs.py which is distributed
with Emacs. This script, which is typically located in a
write-protected installation directory with other Emacs program files,
defines various functions to help the Python process communicate with
The vulnerability arises because Python, by default, prepends '' to
the module search path, so modules are looked for in the current
directory. If the current directory is world-writable, an attacker may
insert malicious code by adding a fake Python module named emacs.py
into that directory.
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.2