Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora Core 2 2005-017 Critical: VIM Modeline Command Execution

fedora
Calendar Grey January 12, 2005
Dist Fedora Esm H88
The latest Fedora Core 2 release tackles a critical modeline flaw and a symbolic link vulnerability found in the VIM text editor, prioritizing user security.
Ciaran McCreesh discovered a modeline vulnerability in VIM

Summary

VIM (VIsual editor iMproved) is an updated and improved version of the

vi editor. Vi was the first real screen-based editor for UNIX, and is

still very popular. VIM improves on vi by adding new features:

multiple windows, multi-level undo, block highlighting and more.

These packages fix a lot of minor issues and update vim to version 6.3 with

the latest patch level currently available.

Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible

that a malicious user could create a file containing a specially crafted

modeline which could cause arbitrary command execution when viewed by a

victim. Please note that this issue only affects users who have modelines

and filetype plugins enabled, which is not the default. The Common

Vulnerabilities and Exposures project has assigned the name CAN-2004-1138

to this issue.

Javier Fernández-Sanguino Peña discovered insecure usage of temporary files

in two scripts shipped with vim. It is possible that a malicious user could

guess the names of the temporary files and start a symlink attack.

- patchlevel 54

- fix usage of temporary files (#144698)

* Tue Dec 14 2004 Karsten Hopp 6.3.046-0.fc3.1

- patchlevel 46 (#142446) CAN-2004-1138

* Tue Oct 19 2004 Karsten Hopp 6.3.030-3

- fix dependencies on vim-common (#132371)

* Mon Oct 11 2004 Karsten Hopp 6.3.030-2

- add cscope to vimrc so that cscope DB will be used

automatically when available

* Fri Oct 08 2004 Karsten Hopp 6.3.030-2

- patchlevel 30

b6c258b80caab8a3b2b5ce9f2e27740c SRPMS/vim-6.3.054-0.fc2.1.src.rpm

fcd204307748c400f700113b3f483dd6 x86_64/vim-common-6.3.054-0.fc2.1.x86_64.rpm

ec0d100831f5ebca86d05cb8dd706162 x86_64/vim-minimal-6.3.054-0.fc2.1.x86_64.rpm

9c080e2547b11bae9e798c76e14fed67 x86_64/vim-enhanced-6.3.054-0.fc2.1.x86_64.rpm

92e5f1e2ffb98d2aa8908110a9ba3422 x86_64/vim-X11-6.3.054-0.fc2.1.x86_64.rpm

5aee899af794d4d7b9500d1851fe9fd8 x86_64/debug/vim-debuginfo-6.3.054-0.fc2.1.x86_64.rpm

e71dc4c541260a63247e8827a613d913 i386/vim-common-6.3.054-0.fc2.1.i386.rpm

09638541a07d7a812f2828f881584dbf i386/vim-minimal-6.3.054-0.fc2.1.i386.rpm

b1900f8fdac96db659a305c3f6018572 i386/vim-enhanced-6.3.054-0.fc2.1.i386.rpm

3cc4b0f836d405c9924e1dadd1a477b8 i386/vim-X11-6.3.054-0.fc2.1.i386.rpm

fb0fe667dc0d601f7522c865ca64f8c7 i386/debug/vim-debuginfo-6.3.054-0.fc2.1.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: vim
Version: 6.3.054
Release: 0.fc2.1
Summary: The VIM editor.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here