VULHUB ™

A vulnerability exists in Emacs 20, that allows any user on a multiuser system to eavesdrop on, or forge responses to, an Emacs client. The vulnerability stems from Emacs failure to properly set permissions for slave PTY devices. Operating systems where Emacs is affected include Linux, FreeBSD, HP-UX 10.x and 11.00, and AIX 4. Solaris is not affected.

A vulnerability exists in Emacs 20, that allows any user on a multiuser system to eavesdrop on, or forge responses to, an Emacs client. The vulnerability stems from Emacs failure to properly set permissions for slave PTY devices. Operating systems where Emacs is affected include Linux, FreeBSD, HP-UX 10.x and 11.00, and AIX 4. Solaris is not affected.