Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 79686 - app-editors/[x]emacs: movemail arbitrary code execution (CAN-2005-0100)
Summary: app-editors/[x]emacs: movemail arbitrary code execution (CAN-2005-0100)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
: 81098 (view as bug list)
Depends on:
Reported: 2005-01-27 02:10 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2006-03-23 19:33 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

emacs21-movemail-popfmt.diff (emacs21-movemail-popfmt.diff,346 bytes, patch)
2005-01-27 02:12 UTC, Sune Kloppenborg Jeppesen (RETIRED)
no flags Details | Diff
xemacs21-movemail-popfmt.diff (xemacs21-movemail-popfmt.diff,1.22 KB, patch)
2005-01-27 02:13 UTC, Sune Kloppenborg Jeppesen (RETIRED)
no flags Details | Diff
emacs-21.3-r6.ebuild (emacs-21.3-r6.ebuild,3.96 KB, text/plain)
2005-02-04 07:13 UTC, Mamoru KOMACHI (RETIRED)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-27 02:10:56 UTC
Max Vozeler discovered several format string vulnerabilities in the
movemail utility of Emacs, the well-known editor.  Via connecting to a
malicious POP server an attacker can execute arbitrary code under the
privileges of group mail (or worse, depending on the permissions of
the movemail binary).
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-27 02:12:46 UTC
Created attachment 49636 [details, diff]
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-27 02:13:17 UTC
Created attachment 49637 [details, diff]
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-01-27 06:26:19 UTC
What are the permissions of our movemail(s) ?

usata: this is confidential, please prepare patched emacs ebuilds that you can attach to this bug for arch testing. Nothing in CVS yet.
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2005-01-31 01:35:41 UTC
usata: Coordinated release date set to Febraury 6, please prepare patched ebuilds and attach them to the bug.
Comment 5 Mamoru KOMACHI (RETIRED) gentoo-dev 2005-01-31 23:40:04 UTC
Our movemails permissions are
-rwxr-xr-x  1 root root 18824 Aug  2  2004 movemail (emacs)
-rwxr-xr-x  1 root root   60304 Sep  2 08:58 movemail (xemacs)

I'll prepare patched ebuilds.
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2005-02-04 06:03:46 UTC
usata: if you have ebuilds, you can attach them to the bug so that we can call some arch people to test them.
Comment 7 Mamoru KOMACHI (RETIRED) gentoo-dev 2005-02-04 07:13:25 UTC
Created attachment 50337 [details]

Patched version of Emacs ebuild.
Comment 8 Mamoru KOMACHI (RETIRED) gentoo-dev 2005-02-04 07:15:14 UTC
rac: could you make a patched ebuild for XEmacs?
(I'm not a member of XEmacs herd)
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2005-02-07 05:01:24 UTC
Now public.
Emacs/xemacs teams, please commit ebuilds to CVS.
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2005-02-07 05:03:01 UTC
*** Bug 81098 has been marked as a duplicate of this bug. ***
Comment 11 Mamoru KOMACHI (RETIRED) gentoo-dev 2005-02-08 02:53:18 UTC
I've just committed emacs-21.4.ebuild (upstream released 21.4) to CVS.
The only difference between 21.3 and 21.4 is the movemail patch.
Arch maintainers: please test and keyword it stable.
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2005-02-08 04:26:13 UTC
ppc-macos: please test and keyword emacs-21.4 ~ppc-macos if you can.
Other arches, please test and mark emacs-21.4 stable.

xemacs herd, please commit an updated xemacs ebuild.
Comment 13 Mamoru KOMACHI (RETIRED) gentoo-dev 2005-02-08 05:24:57 UTC
Emacs 21.4 won't compile on ppc-macos (21.4 is only 21.3 + movemail patch).
I'll create updated another cvs snapshot ebuild for ppc-macos.
Comment 14 Gustavo Zacarias (RETIRED) gentoo-dev 2005-02-08 06:17:41 UTC
sparc stable.
Comment 15 Olivier Crete (RETIRED) gentoo-dev 2005-02-08 09:03:51 UTC
emacs stable on x86..
Comment 16 Markus Rothe (RETIRED) gentoo-dev 2005-02-08 11:53:42 UTC
emacs is stable on ppc64.
Comment 17 Homer Parker (RETIRED) gentoo-dev 2005-02-08 17:48:47 UTC
Compiles and runs for me

emerge --info
Portage 2.0.51-r15 (default-linux/amd64/2005.0, gcc-3.4.3, glibc-, 2.6.10-gentoo-r6 x86_64)
System uname: 2.6.10-gentoo-r6 x86_64 AMD Athlon(tm) 64 Processor 3200+
Gentoo Base System version 1.6.9
Python:              dev-lang/python-2.3.4 [2.3.4 (#1, Jan 30 2005, 21:39:15)]
dev-lang/python:     2.3.4
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.5, 1.6.3, 1.7.9-r1, 1.4_p6, 1.9.4, 1.8.5-r3
sys-devel/libtool:   1.5.10-r4
ACCEPT_KEYWORDS="amd64 ~amd64"
CFLAGS="-march=k8 -fomit-frame-pointer -O2 -pipe"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=k8 -fomit-frame-pointer -O2 -pipe"
FEATURES="autoaddcvs autoconfig ccache distlocks fixpackages sandbox"
USE="amd64 X acpi alsa bash-completion berkdb bitmap-fonts bonobo bzip2 bzlib cdr crypt css cups dga directfb divx4linux dvd dvdread encode esd ethereal exif f77 fam fbcon flac foomaticdb fortran gdbm geoip gif gimpprint gmp gnome gnomedb gphoto2 gps gstreamer gtk gtk2 gtkhtml howl icq ieee1394 imagemagick imap imlib jabber jp2 jpeg lzw lzw-tiff memlimit mozilla moznocompose moznoirc moznomail mpeg mpi msession msn ncurses nls no-old-linux nodrm nptl nptlonly offensive oggvorbis opengl oscar oss pam pcmcia pcntl pcre pdflib perl pic png pnp posix ppds pthreads python quicktime readline samba sasl sdl session slp speex spell ssl sysvipc szip tcltk tcpd tidy tiff truetype truetype-fonts type1-fonts usb userlocales vim-with-x wxwindows xml2 xmms xpm xrandr xv xvid xvmc yahoo zlib"
Comment 18 Marcus D. Hanwell (RETIRED) gentoo-dev 2005-02-09 03:03:47 UTC
emacs-21.4 stable on amd64.
Comment 19 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-02-09 03:31:23 UTC
Stable on ppc.
Comment 20 Bryan Østergaard (RETIRED) gentoo-dev 2005-02-09 15:47:17 UTC
emacs-21.4 stable on alpha.
Comment 21 Thierry Carrez (RETIRED) gentoo-dev 2005-02-11 07:22:47 UTC
Sent en email to rac, would be a pity to mask xemacs because it's late :)
Comment 22 Matthew Kennedy (RETIRED) gentoo-dev 2005-02-15 06:44:22 UTC
I created xemacs-21.4.15-r3 which includes the fix and committed it to CVS.
Since its stable on all archs I didn't apply it to all previous ebuilds.  Should
we package.mask as follows?


Comment 23 Thierry Carrez (RETIRED) gentoo-dev 2005-02-15 07:51:53 UTC
No need to package.mask, but you can remove old versions if you want. 
Committed stable on all arches by maintainer, so ready for a GLSA.
Comment 24 Thierry Carrez (RETIRED) gentoo-dev 2005-02-15 13:48:40 UTC
GLSA 200502-20