Bug 164488
Summary: | CAN-2005-2368 modelines in vim can own you | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | Pavel Kankovsky <peak> |
Component: | vim | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | jpdalbec, sheltren |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-08-30 19:57:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Pavel Kankovsky
2005-07-28 08:27:24 UTC
See https://rhn.redhat.com/errata/RHSA-2005-745.html for updated packages. This effects all legacy distributions. FYI: 05.30.24 CVE: CAN-2005-2368 Platform: Cross Platform Title: Vim ModeLines Further Variant Arbitrary Command Execution Description: Vim is a text editor. It is susceptible to an arbitrary command execution vulnerability which can be caused by modifying a text file to include "ModeLines" containing the "glob()" or "expand()" functions with shell metacharacters. Vim version 6.3.082 is released to fix this issue. Ref: http://www.securityfocus.com/advisories/8955 Fedora Legacy project has ended. These will not be fixed by Fedora Legacy. |