79847 – VIM security issues when using modelines

Bug 79847 - VIM security issues when using modelines

Summary: VIM security issues when using modelines

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 2.1
Classification:	Red Hat
Component:	vim
Sub Component:
Version:	2.1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Karsten Hopp
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-12-17 15:03 UTC by Mark J. Cox
Modified:	2007-11-30 22:06 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2003-04-15 14:28:40 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Mark J. Cox 2002-12-17 15:03:46 UTC

VIM allows a user to set the modeline differently for each edited text file
by placing special comments in the files. These comments can also be
carefully crafted in order to call external programs. An attacker could
create a text file so that when it is opened arbitrary commands are executed.

CAN-2002-1377

A workaround to this issue without updating to the new packages is to
disable modelines.  This can be done by placing the following line in the
~/.vimrc user configuration file or in the /usr/share/vim/vim*/macros/vimrc
system-wide configuration file:

set modelines=0

The drawback of this workaround is that any user could still re-enable
modelines by placing 'set modelines=1' in their ~/.vimrc file.

Comment 1 Karsten Hopp 2003-04-15 14:28:40 UTC

RHSA-2002:302-09

Note You need to log in before you can comment on or make changes to this bug.