Main Archive Page > Month Archives  > full-disclosure-uk archives

[Full-disclosure] [PLSA 2008-30] Vim: Arbitrary code execution

From: Pınar Yanardağ <pinar_at_nospam>
Date: Mon Aug 25 2008 - 00:47:45 GMT
To: pardus-security@pardus.org.tr

---

Pardus Linux Security Advisory 2008-30 security@pardus.org.tr

---

Date: 2008-08-25 Severity: 3 Type: Local
------------------------------------------------------------------------

Summary

---

Insufficient sanitization can lead to Vim executing arbitrary commands when performing keyword or tag lookup.

Description

---

(This vulnerability discovered by Ben Schmidt)

Affected packages:

   Pardus 2008:
     vim, all before 7.2.002-44-11

Resolution

---

There are update(s) for vim. You can update them via Package Manager or with a single command from console:

     pisi up vim

References

---

• http://www.rdancer.org/vulnerablevim-K.html
• http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e

  ---

-- Pınar Yanardağ Pardus Security Team http://security.pardus.org.tr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/