[<prev] [next>] [day] [month] [year] [list]
Message-ID: <46362358.1010309@foresightlinux.org>
Date: Mon, 30 Apr 2007 13:11:52 -0400
From: Foresight Linux Essential Announcement Service
<foresight-security-noreply@...esightlinux.org>
To: foresight-security-announce@...ts.rpath.org
Cc: lwn@....net, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: FLEA-2007-0014-1: vim
Foresight Linux Essential Advisory: 2007-0014-1
Published: 2007-04-30
Rating: Minor
Updated Versions:
gvim=/foresight.rpath.org@fl:1-devel//1/7.0.235-1-1
vim=/foresight.rpath.org@fl:1-devel//1/7.0.235-1-1
vim-minimal=/foresight.rpath.org@fl:1-devel//1/7.0.235-1-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.2.1-0.3-2
References:
https://issues.rpath.com/browse/RPL-1320
http://marc.info/?t=117762599300001&r=1&w=2
Description:
Previous versions of the vim package allowed two functions, feedkeys() and
writefile(), to be used in the sandbox. Functions executed via modelines in
files being edited are verified by the sandbox; a user who is coerced into
opening a specially-crafted file could cause the system to execute arbitrary
shell code supplied by the attacker.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists