Bug 1580431 (CVE-2018-11319)

Summary: CVE-2018-11319 vim-syntastic: Improper handling of searches for configuration files can lead to arbitrary code execution
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: praiskup
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-05-21 12:45:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1580432    
Bug Blocks:    

Description Adam Mariš 2018-05-21 12:44:28 UTC 
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a directory that is a parent of the base directory of the project being checked. NOTE: exploitation is more difficult after 3.8.0 because filename prediction may be needed.

Upstream bug:

https://github.com/vim-syntastic/syntastic/issues/2170
Comment 1 Adam Mariš 2018-05-21 12:44:45 UTC 
Created vim-syntastic tracking bugs for this issue:

Affects: fedora-all [bug 1580432]