VIM allows a user to set the modeline differently for each edited text file by placing special comments in the files. These comments can also be carefully crafted in order to call external programs. An attacker could create a text file so that when it is opened arbitrary commands are executed. CAN-2002-1377 A workaround to this issue without updating to the new packages is to disable modelines. This can be done by placing the following line in the ~/.vimrc user configuration file or in the /usr/share/vim/vim*/macros/vimrc system-wide configuration file: set modelines=0 The drawback of this workaround is that any user could still re-enable modelines by placing 'set modelines=1' in their ~/.vimrc file.
RHSA-2002:302-09