Red Hat Bugzilla – Bug 164279
CAN-2005-2368 vim modeline arbitrary command execution
Last modified: 2007-11-30 17:07:19 EST
A bug was found in vim which can allow a malicious modeline to execute arbitrary
The initial discovery is here:
The fix for this issue seems to span two patchsets (the second fixes what the
This issue should also affects RHEL2.1 and RHEL3
I'm not sure about 2.1. Do you really want me to do an RHSA for 2.1 ?
Created attachment 117631 [details]
Demo exploit for this issue
If you open this file with vim, it will create the file /tmp/vim-test-1.exec
I just verified it on RHEL2.1, so yes, we'll want to patch that as well.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.