GNU Emacs Temporary File Creation Vulnerability

A vulnerability exists in Emacs 20, from GNU. Current versions of Emacs are incapable of securely creating temporary files from emacs-lisp. File names are predictable, and will follow existing symlinks. This would allow for a myriad of attacks, from overwriting files, to gaining access to any Emacs user's account.


 

Privacy Statement
Copyright 2010, SecurityFocus