CVE-2012-1103

Sažetak

emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.

Reference

http://git.notmuchmail.org/git/notmuch/blobdiff/3f2050ac221a4c940c12442f156f12fff11600c6..ae438ccd8c77831158c7c30f19710d798ee4a6b4:/emacs/notmuch-mua.el
http://notmuchmail.org/news/release-0.11.1/
http://secunia.com/advisories/48139
http://www.debian.org/security/2012/dsa-2416
http://www.openwall.com/lists/oss-security/2012/03/04/5
http://www.openwall.com/lists/oss-security/2012/03/05/6
http://www.securityfocus.com/bid/52155

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

26-09-2012 - 04:00

Objavljeno

25-09-2012 - 23:55