=========================================================== Ubuntu Security Notice USN-76-1 February 07, 2005 emacs21 vulnerability CAN-2005-0100 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: emacs21-bin-common The problem can be corrected by upgrading the affected package to version 21.3+1-5ubuntu4.2. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Max Vozeler discovered a format string vulnerability in the "movemail" utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could have been exploited to execute arbitrary code with the privileges of the user and the "mail" group (since "movemail" is installed as "setgid mail"). Reproducible: Didn't try Steps to Reproduce:
Thanks Marco for finding that it is now public. *** This bug has been marked as a duplicate of 79686 ***