Hide Forgot
Untrusted search path vulnerability in the of Vim allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. References (test case, PoC): http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html Proposed patch: The Debian patch for similar dia's Python related issue, available at: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=pythonpath.diff;att=1;bug=504251 should be sufficient to resolve this issue.
This issue does NOT affect the version of the Vim package, as shipped with Red Hat Enterprise Linux 2.1. This issue affects the versions of the Vim package, as shipped with Red Hat Enterprise Linux 3, 4, and 5. Comment relevant to fixes for RHEL-{3,4,5}: The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
This issue affects the versions of the Vim package, as shipped with Fedora releases of 9, 10 and devel. Please fix.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937 This has been fixed upstream with patch 7.2.045 Fedora releases 9, 10 and devel are at least at patchlevel 60 and are not vulnerable.
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0316 to this vulnerability: Untrusted search path vulnerability in the Python module in vim allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0316 http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html http://www.openwall.com/lists/oss-security/2009/01/26/2
I guess this issue does not affect RHEL-{3,4} as the vim package is compiled without python support on these. # vim --version VIM - Vi IMproved 6.3 (2004 June 7, compiled Nov 17 2008 08:14:13) ... +path_extra +perl +postscript +printer -python +quickfix +rightleft -ruby
(In reply to comment #3) > This has been fixed upstream with patch 7.2.045 Upstream fix: http://vim.svn.sourceforge.net/viewvc/vim/vim7/src/if_python.c?r1=1124&r2=1257 ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.045
Statement: This issue did not affect vim as shipped in Red Hat Enterprise Linux 3 and 4. This issue is not planned to be fixed in vim packages in Red Hat Enterprise Linux 5.