vim: temporary file vulnerabilities (CAN-2005-0069)
Bug #12027 reported by
Debian Bug Importer
This bug report is a duplicate of:
Bug #12030: vim: Race conditions and symlink attacks in vim (tcltags and vimspell).
Edit
Remove
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vim (Debian) |
Fix Released
|
Unknown
|
|||
vim (Ubuntu) |
Invalid
|
High
|
Martin Pitt |
Bug Description
Automatically imported from Debian bug report #291125 http://
Changed in vim: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Message-ID: <email address hidden>
Date: Tue, 18 Jan 2005 16:50:17 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: vim: temporary file vulnerabilities (CAN-2005-0069)
--XF85m9dhOBO43t/C "CE+1k2dSO48ffg eK" Disposition: inline
Content-Type: multipart/mixed; boundary=
Content-
--CE+1k2dSO48ffgeK Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=iso-8859-1
Content-
Content-
Package: vim
Version: 1:6.3-054+1
Severity: grave
Tags: patch security
As described in the Ubuntu advisory below, vim's tcltags and vimspell
scripts use temp files insecurely. I've attached a patch I extraced from
the Ubuntu diff.
----- Forwarded message from Martin Pitt <email address hidden> -----
=46rom: Martin Pitt <email address hidden> 5.6+20040907i
Date: Tue, 18 Jan 2005 17:56:58 +0100
To: <email address hidden>
Cc: <email address hidden>, <email address hidden>
Subject: [USN-61-1] vim vulnerabilities
User-Agent: Mutt/1.
=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D= 3D=3D=3D= 3D=3D=3D= 3D 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D= 3D=3D=3D= 3D=3D=3D= 3D
=3D=3D=
=3D=3D=
Ubuntu Security Notice USN-61-1 January 18, 2005
vim vulnerabilities
CAN-2005-0069
=3D=3D=
=3D=3D=
=3D=3D=
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
kvim
vim
vim-gnome
vim-gtk
vim-lesstif
vim-perl
vim-python
vim-tcl
The problem can be corrected by upgrading the affected package to 1ubuntu2. 2. In general, a standard system upgrade is
version 1:6.3-025+
sufficient to effect the necessary changes.
Details follow:
Javier Fern=E1ndez- Sanguino Pe=F1a noticed that the auxillary scripts
"tcltags" and "vimspell.sh" created temporary files in an insecure
manner. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the script
(either by calling it directly or by execution through vim).
Source archives:
http:// security. ubuntu. com/ubuntu/ pool/main/ v/vim/vim_ 6.3-025+ 1ubuntu2. = 5329bf5773e610a d6 security. ubuntu. com/ubuntu/ pool/main/ v/vim/vim_ 6.3-025+ 1ubuntu2. = 562f4b97566b9a0 5a security. ubuntu. com/ubuntu/ pool/main/ v/vim/vim_ 6.3.orig. tar.gz 538da87d2d73fd1 17
2.diff.gz
Size/MD5: 425421 ee7e4653fb70fd4
http://
2.dsc
Size/MD5: 1122 9bd9428dd29c8aa
http://
Size/MD5: 5624622 de1c964ceedbc13
Architecture independent packages:
http:// security. ubuntu. com/ubuntu/ pool/main/ v/vim/vim- common_ 6.3-025+ 1u= ccb2896e2f6e80e 0d security. ubuntu. com/ubuntu/ pool/main/ v/vim/vim- doc_6.3- 025+1ubun= 2baaaf28ebc0de3 a6
buntu2.2_all.deb
Size/MD5: 3421084 8dc7b200376add6
http://
tu2.2_all.deb
Size/MD5: 1646686 2c2716a1dad4061
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http:// security. ubuntu. com/ubuntu/ pool/universe/ v/vim/kvim_ 6.3-025+ 1ubu= 2bcff3a02acaacb c5
ntu2.2_amd64.deb
Size/MD5: 2586 1e0b1528b70e54e
...