CVE-2014-3424
NONE
Published May 8, 201412y ago · Modified Jun 17, 20262w ago
Published May 8, 2014 12y ago
Last Modified Jun 17, 2026 2w ago
Description
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-59
Affected Products 27
| Vendor | Product | Version | Range |
|---|---|---|---|
| mageia_project | mageia | 3 | any |
| mageia_project | mageia | 4 | any |
| gnu | emacs | * | ≤24.3 |
| gnu | emacs | 20.0 | any |
| gnu | emacs | 20.1 | any |
| gnu | emacs | 20.2 | any |
| gnu | emacs | 20.3 | any |
| gnu | emacs | 20.4 | any |
| gnu | emacs | 20.5 | any |
| gnu | emacs | 20.6 | any |
| gnu | emacs | 20.7 | any |
| gnu | emacs | 21 | any |
| gnu | emacs | 21.1 | any |
| gnu | emacs | 21.2 | any |
| gnu | emacs | 21.2.1 | any |
| gnu | emacs | 21.3 | any |
| gnu | emacs | 21.3.1 | any |
| gnu | emacs | 21.4 | any |
| gnu | emacs | 22.1 | any |
| gnu | emacs | 22.2 | any |
| gnu | emacs | 22.3 | any |
| gnu | emacs | 23.1 | any |
| gnu | emacs | 23.2 | any |
| gnu | emacs | 23.3 | any |
| gnu | emacs | 23.4 | any |
| gnu | emacs | 24.1 | any |
| gnu | emacs | 24.2 | any |
References 5
- advisories.mageia.org http://advisories.mageia.org/MGASA-2014-0250.html
- debbugs.gnu.org http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8
- lists.gnu.org http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html
- openwall.com http://openwall.com/lists/oss-security/2014/05/07/7
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:117
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.