A bug was found in vim which can allow a malicious modeline to execute arbitrary code. The initial discovery is here: http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html The fix for this issue seems to span two patchsets (the second fixes what the first misses) ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.081 ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.082
This issue should also affects RHEL2.1 and RHEL3
I'm not sure about 2.1. Do you really want me to do an RHSA for 2.1 ?
Created attachment 117631 [details] Demo exploit for this issue If you open this file with vim, it will create the file /tmp/vim-test-1.exec I just verified it on RHEL2.1, so yes, we'll want to patch that as well.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-745.html