FreeBSD : emacs -- enriched text remote code execution vulnerability (47e2e52c-975c-11e7-942d-5404a68a61a2)

High Nessus Plugin ID 103152


The remote FreeBSD host is missing one or more security-related updates.


Paul Eggert reports :

Charles A. Roelli has found a security flaw in the enriched mode in GNU Emacs.

When Emacs renders MIME text/enriched data (Internet RFC 1896), it is vulnerable to arbitrary code execution. Since Emacs-based mail clients decode 'Content-Type: text/enriched', this code is exploitable remotely. This bug affects GNU Emacs versions 19.29 through 25.2.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 103152

File Name: freebsd_pkg_47e2e52c975c11e7942d5404a68a61a2.nasl

Version: $Revision: 3.2 $

Type: local

Published: 2017/09/13

Modified: 2017/09/14

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:emacs-devel, p-cpe:/a:freebsd:freebsd:emacs-nox11, p-cpe:/a:freebsd:freebsd:emacs25, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2017/09/12

Vulnerability Publication Date: 2017/09/04