Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1398227 - (CVE-2016-1248) CVE-2016-1248 vim: Lack of validation of values for few options results in code exection
CVE-2016-1248 vim: Lack of validation of values for few options results in co...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20161120,repor...
: Security
Depends On: 1398228 1399008 1399009 1399010 1399011
Blocks: 1398230
  Show dependency treegraph
 
Reported: 2016-11-24 05:15 EST by Andrej Nemec
Modified: 2016-12-21 19:43 EST (History)
8 users (show)

See Also:
Fixed In Version: vim 8.0.0056
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-12-21 19:43:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2972 normal SHIPPED_LIVE Moderate: vim security update 2016-12-21 02:08:53 EST

  None (edit)
Description Andrej Nemec 2016-11-24 05:15:02 EST 
A vulnerability was found in Vim which would allow arbitrary shell commands to be run if a user opened a file with a malicious modeline.  This is due to lack of validation of values for a few options.  Those options' values are then used in Vim's scripts to build a command string that's evaluated by :execute, which is what allows the shell commands to be run.

Upstream patch:

https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a

References:

http://seclists.org/oss-sec/2016/q4/506
Comment 1 Andrej Nemec 2016-11-24 05:15:30 EST 
Created vim tracking bugs for this issue:

Affects: fedora-all [bug 1398228]
Comment 2 Doran Moppert 2016-11-27 22:19:29 EST 
Mitigation:

Disabling modeline support in .vimrc by adding "set nomodeline" will prevent exploitation of this flaw. By default, modeline is enabled for ordinary users but disabled for root.
Comment 10 errata-xmlrpc 2016-12-20 21:09:07 EST 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:2972 https://rhn.redhat.com/errata/RHSA-2016-2972.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.