lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050726134254.GA22280@piware.de>
Date: Tue Jul 26 14:43:03 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-154-1] vim vulnerability

===========================================================
Ubuntu Security Notice USN-154-1	      July 26, 2005
vim vulnerability
http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

kvim
kvim-perl
kvim-python
kvim-tcl
vim
vim-gnome
vim-gtk
vim-lesstif
vim-perl
vim-python
vim-tcl

The problem can be corrected by upgrading the affected package to
version 1:6.3-025+1ubuntu2.3 (for Ubuntu 4.10), or
1:6.3-046+1ubuntu7.1 (for Ubuntu 5.04).  In general, a standard system
upgrade is sufficient to effect the necessary changes.

Details follow:

Georgi Guninski discovered that it was possible to construct Vim
modelines that execute arbitrary shell commands by wrapping them in
glob() or expand() function calls. If an attacker tricked an user to
open a file with a specially crafted modeline, he could exploit this
to execute arbitrary commands with the user's privileges.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3.diff.gz
      Size/MD5:   425402 46df91478804bd8012a9668c586cbcb9
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3.dsc
      Size/MD5:     1122 a704610235ce19ca0543972f3bf3d7b0
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3.orig.tar.gz
      Size/MD5:  5624622 de1c964ceedbc13538da87d2d73fd117

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.3-025+1ubuntu2.3_all.deb
      Size/MD5:  3421110 e3b442a4a638156fbc42cfc12a5af52d
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_6.3-025+1ubuntu2.3_all.deb
      Size/MD5:  1646908 0f4b3523857e3c6fa89d0ca1637114c9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.3_amd64.deb
      Size/MD5:     2586 e8509546623b703acdb8638f9f26c3e5
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.3_amd64.deb
      Size/MD5:   805746 016a733b0545c73a3a78f28d2680f935
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.3_amd64.deb
      Size/MD5:   802474 8bb3bb58053c7c2170ec3a1dd587e505
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.3_amd64.deb
      Size/MD5:   784112 8c8566c6beb776582eec475a68826823
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.3_amd64.deb
      Size/MD5:   809150 3e660c1659fb8b5ceef3b63fdec54efb
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.3_amd64.deb
      Size/MD5:   802482 95b7643d58d92f1b75470829ebf15637
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.3_amd64.deb
      Size/MD5:   801214 4f00d2f0f446f2ffa1a6d5bb88b79126
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3_amd64.deb
      Size/MD5:   765242 92db4aa0afedf6560e6d814106fc39bd

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.3_i386.deb
      Size/MD5:     2582 569dff747e323ffbecc51dfc46231eae
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.3_i386.deb
      Size/MD5:   702714 b6ccf017bc4ede502cc3f7de2633d8d8
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.3_i386.deb
      Size/MD5:   700032 9192290f1ee400f32792c018fc400794
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.3_i386.deb
      Size/MD5:   682460 28ee7bfe4bb7f5db3fc62a913b789e2b
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.3_i386.deb
      Size/MD5:   707766 c803b8d61f37c1c11b9a6604d6dd7cb3
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.3_i386.deb
      Size/MD5:   700046 44a50e1630e7fc2f3324c5e9e17967d8
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.3_i386.deb
      Size/MD5:   699644 0fc4d26312a3efe74c68c179617acaeb
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3_i386.deb
      Size/MD5:   680364 6522a45f622db9606a49f2e279aedd85

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.3_powerpc.deb
      Size/MD5:     2586 51bb0268530d68f4d6accd8ac91c6034
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.3_powerpc.deb
      Size/MD5:   788070 be7fd4db97ecae833b657212b9fc1192
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.3_powerpc.deb
      Size/MD5:   785426 b49f7f79b503b4eb88958a660e2be6de
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.3_powerpc.deb
      Size/MD5:   769950 b711cc88b16ad3a1667e875aeb405a1d
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.3_powerpc.deb
      Size/MD5:   792554 92782eccb7325d9392b7cae97b8701a7
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.3_powerpc.deb
      Size/MD5:   785436 5ffa9b0c49799fa084b0739ea1166a44
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.3_powerpc.deb
      Size/MD5:   784680 6a5668dac91865f401fca0500c880696
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3_powerpc.deb
      Size/MD5:   754792 c9883d66dca90ccdae1502f949001021

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1.diff.gz
      Size/MD5:   450699 eeae6f784198638fe22e0fb9b4059526
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1.dsc
      Size/MD5:     1158 e299658c7896e93efc973d7734285c45
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3.orig.tar.gz
      Size/MD5:  5624622 de1c964ceedbc13538da87d2d73fd117

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.3-046+1ubuntu7.1_all.deb
      Size/MD5:  3422002 cfc4e75008273ad7fecef65edb01b68b
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_6.3-046+1ubuntu7.1_all.deb
      Size/MD5:  1599848 5c1bc833e4476508a2e8883720406b7f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-perl_6.3-046+1ubuntu7.1_amd64.deb
      Size/MD5:   929292 67231fe6f041e650a7a16818035232ad
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-python_6.3-046+1ubuntu7.1_amd64.deb
      Size/MD5:   922458 4acb994818d57741bedeafaa59162f20
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-tcl_6.3-046+1ubuntu7.1_amd64.deb
      Size/MD5:   880502 a78fe2f10d94c2b6b60f356ff4c901d5
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/kvim_6.3-046+1ubuntu7.1_amd64.deb
      Size/MD5:   922556 24391c4a94fdb951e9e461cdfee9fc87
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-046+1ubuntu7.1_amd64.deb
      Size/MD5:   805754 2972c0afcd3bfacd02e86bc9ff317bde
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-046+1ubuntu7.1_amd64.deb
      Size/MD5:   803084 014e6c6bcb0a6a0abbe09de6f8ba5505
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-046+1ubuntu7.1_amd64.deb
      Size/MD5:   783614 69ca26b900196fc09fdadc8dfdd90632
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-046+1ubuntu7.1_amd64.deb
      Size/MD5:   809558 f6c371ca6625e3ce1bf2e8d8469810da
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-046+1ubuntu7.1_amd64.deb
      Size/MD5:   803100 85df978e39de3674eb18d37aa3e4611f
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-046+1ubuntu7.1_amd64.deb
      Size/MD5:   763210 a26548a49bb3d56eb4998a7c8f9a9f52
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1_amd64.deb
      Size/MD5:   768434 2586fb240bb4d64b26639ee4b7cbb902

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-perl_6.3-046+1ubuntu7.1_i386.deb
      Size/MD5:   830852 17c7d608b5bd48562518a55752d83981
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-python_6.3-046+1ubuntu7.1_i386.deb
      Size/MD5:   824368 75cf8bc7d3c14b75f4eb4f6e96eed13c
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-tcl_6.3-046+1ubuntu7.1_i386.deb
      Size/MD5:   781820 7472daf1c24079b55bafd09c71ee6021
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/kvim_6.3-046+1ubuntu7.1_i386.deb
      Size/MD5:   824478 7339ff8e39518ba52f96a2eb3a59a943
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-046+1ubuntu7.1_i386.deb
      Size/MD5:   701422 e09e1d3ec4b3cc62db58235ac3f3d3ac
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-046+1ubuntu7.1_i386.deb
      Size/MD5:   699414 443baeff48ccaea338d36cd1a2fc886c
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-046+1ubuntu7.1_i386.deb
      Size/MD5:   681288 99075faa2aaa28e9b3ed5ba054fd9e77
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-046+1ubuntu7.1_i386.deb
      Size/MD5:   706964 557b4e74547160070dc7d52e8ba01d35
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-046+1ubuntu7.1_i386.deb
      Size/MD5:   699422 078226d68630da3730cfceff27420f38
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-046+1ubuntu7.1_i386.deb
      Size/MD5:   660104 ab1bd893eb7eb1d027da38112af1a196
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1_i386.deb
      Size/MD5:   688162 b040b9a0527aee33789113186ac7a84f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-perl_6.3-046+1ubuntu7.1_powerpc.deb
      Size/MD5:   914962 f1e687aa0600d392f3b2eb1b1da676d1
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-python_6.3-046+1ubuntu7.1_powerpc.deb
      Size/MD5:   907440 64b803346a6a52315e3eaba6b5c123bd
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-tcl_6.3-046+1ubuntu7.1_powerpc.deb
      Size/MD5:   864418 b1ce07cbfe3e161523f148a0dc612b9f
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/kvim_6.3-046+1ubuntu7.1_powerpc.deb
      Size/MD5:   907536 0a7cbc632a48118980ce2c0c03723315
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-046+1ubuntu7.1_powerpc.deb
      Size/MD5:   788114 d78cd2bdd4addd55780f7765734b6a01
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-046+1ubuntu7.1_powerpc.deb
      Size/MD5:   786034 221063d416add0709f6bb6ccbc160246
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-046+1ubuntu7.1_powerpc.deb
      Size/MD5:   769730 1944e9137f227f487c64486b48ff8412
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-046+1ubuntu7.1_powerpc.deb
      Size/MD5:   793164 33b54d6a7f45122eeec12c300adbd836
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-046+1ubuntu7.1_powerpc.deb
      Size/MD5:   786050 57d16f0c8b161927bbca8febeb05be36
    http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-046+1ubuntu7.1_powerpc.deb
      Size/MD5:   745090 f9288ea7b5c161c42b2d8f73600b9a5b
    http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1_powerpc.deb
      Size/MD5:   757766 fdf7d4727c036b69c3100203df9ba8a7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050726/26f4b24d/attachment.bin

Powered by blists - more mailing lists