CVE-2010-0825

Description

lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.

How to fix CVE-2010-0825

To remediate CVE-2010-0825, upgrade the affected package to a fixed version below.

• Debian/xemacs21—upgrade to 21.4.22-3.1 or later

Is CVE-2010-0825 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 21.4.22-3.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-0825