Rapid7 Vulnerability & Exploit Database

RHSA-2003:234: Updated semi packages fix vulnerability

Back to Search

RHSA-2003:234: Updated semi packages fix vulnerability

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
08/18/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated semi packages that fix vulnerabilities in semi's temporary file handling are now available for Red Hat Linux 7.1, 7.2, and 7.3.

semi is a MIME library for GNU Emacs and XEmacs used by the wl mail package. A vulnerability in semi version 1.14.3 and earlier allows an attacker to overwrite arbitrary files with potentially arbitrary contents using the privileges of the user running Emacs and semi. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0440 to this issue. Users of semi are advised to upgrade to these packages, which contain a backported patch correcting this issue.

Solution(s)

  • redhat-upgrade-semi
  • redhat-upgrade-semi-xemacs
  • redhat-upgrade-wl
  • redhat-upgrade-wl-common
  • redhat-upgrade-wl-xemacs

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;