FreeBSD : emacs -- run-python vulnerability (66657bd5-ac92-11dd-b541-001f3b19d541)

High Nessus Plugin ID 34732


The remote FreeBSD host is missing a security-related update.


Emacs developers report :

The Emacs command `run-python' launches an interactive Python interpreter. After the Python process starts up, Emacs automatically sends it the line :

import emacs

which normally imports a script named which is distributed with Emacs. This script, which is typically located in a write-protected installation directory with other Emacs program files, defines various functions to help the Python process communicate with Emacs.

The vulnerability arises because Python, by default, prepends '' to the module search path, so modules are looked for in the current directory. If the current directory is world-writable, an attacker may insert malicious code by adding a fake Python module named into that directory.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 34732

File Name: freebsd_pkg_66657bd5ac9211ddb541001f3b19d541.nasl

Version: $Revision: 1.12 $

Type: local

Published: 2008/11/11

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:emacs, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2008/11/07

Vulnerability Publication Date: 2008/09/05

Reference Information

CVE: CVE-2008-3949

CWE: 94