What Are You Looking For?

Sign Up

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200301-13
- - --------------------------------------------------------------------

PACKAGE : vim vim-core gvim
SUMMARY : arbitrary code execution
DATE    : 2003-01-22 11:48 UTC
EXPLOIT : remote

- - --------------------------------------------------------------------

- From advisory: 

"Opening a specially crafted text file with vim can execute arbitrary shell 
commands and pass parameters to them."
 
Read the full advisory at  
https://www.guninski.com/vim1.html
 
SOLUTION

It is recommended that all Gentoo Linux users who are running
affected versions of app-editors/{vim,vim-core,gvim} upgrade as follows:

emerge sync

If you are running app-editos/vim-core upgrade to vim-core-6.1-r4 :

emerge -u vim-core

If you are running app-editos/vim upgrade to vim-6.1-r19 :

emerge -u vim

If you are running app-editos/gvim upgrade to gvim-6.1-r6 :

emerge -u gvim

emerge clean

- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at rphillips@gentoo.org
- - --------------------------------------------------------------------

Gentoo: vim command execution vulnerability

Opening a specially crafted text file with vim can execute arbitrary shell commands and pass parameters to them.

Summary


- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200301-13
- - --------------------------------------------------------------------
DATE    : 2003-01-22 11:48 UTC

- - --------------------------------------------------------------------

- From advisory: 

"Opening a specially crafted text file with vim can execute arbitrary shell 
commands and pass parameters to them."

Read the full advisory at  
https://www.guninski.com/vim1.html

SOLUTION

It is recommended that all Gentoo Linux users who are running
affected versions of app-editors/{vim,vim-core,gvim} upgrade as follows:

emerge sync

If you are running app-editos/vim-core upgrade to vim-core-6.1-r4 :

emerge -u vim-core

If you are running app-editos/vim upgrade to vim-6.1-r19 :

emerge -u vim

If you are running app-editos/gvim upgrade to gvim-6.1-r6 :

emerge -u gvim

emerge clean

- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at rphillips@gentoo.org
- - --------------------------------------------------------------------

Resolution

References

Availability

Concerns

Severity
PACKAGE : vim vim-core gvim
SUMMARY : arbitrary code execution
EXPLOIT : remote

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

GNOME Linux Systems Exposed to RCE Attacks Via File Downloads

Oct 9, 2023

Hackers Using BlueShell Malware to Attack Windows, Linux, and Mac Systems

Sep 8, 2023

How OpenSSF Aims to Make Log4j-Like Incidents Rare

Mar 13, 2023

PHP Vuln Threatens Confidentiality of Impacted Systems

May 11, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo