Key Information Summary Vulnerability Identifier CVE ID: CVE-2005-0103 CVSS 1.0 Base Score: 7 Vulnerability Details CVSS Vector: - Access Vector: Remote - Access Complexity: Low - Authentication: None Required - Confidentiality Impact: Partial - Integrity Impact: Partial - Availability Impact: Partial Consequences Gain Access Remediation For Emacs: - Upgrade to the latest version of Emacs (21.4 or higher), available from the GNU website. See references. For XEmacs: - Upgrade to the latest version of XEmacs (21.4.17 or higher), available from the XEmacs website. See references. For Ubuntu Linux: - Refer to USN-76-1, released on February 7, 2005, for patch, upgrade, or recommended temporary workaround information. See references. For Gentoo Linux: - Upgrade to the latest version of emacs (21.4 or higher) or xemacs (21.4.15-r3 or higher), as listed in GLSA 200502-20. See references. For Debian GNU/Linux 3.0 (woody): - Upgrade to the latest version of emacs 20 (20.7-13.3 or higher), as listed in DSA-670-1. See references. - Or upgrade to the latest version of xemacs 21 (21.4.16-2 or higher), as listed in DSA-671-1. See references. - Or upgrade to the latest version of emacs 21 (21.2-1woody3 or higher), as listed in DSA-685-1. See references. For Red Hat Linux (emacs): - Refer to RHSA-2005:110-06 or RHSA-2005:112-03 for information on patches, upgrades, or recommended temporary workarounds. See references. For Red Hat Linux (XEmacs): - Refer to RHSA-2005:133-05 or RHSA-2005:134-02 for information on patches, upgrades, or recommended temporary workarounds. See references. For Other Distributions: - Contact your vendor for upgrade or patch information. Affected Products GNU XEmacs 21.3 GNU Emacs 20.0 GNU Emacs 21.3 GNU XEmacs 21.4 Related Products Canonical Ubuntu 4.10 Debian Debian Linux 3.0 Gentoo Linux MandrakeSoft Mandrake Linux 10.0 External Links CVE-2005-0103 Bugtraq ID 12462 XEmacs Announcement Website GNU Website