full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] [PLSA 2008-30] Vim: Arbitr

[Full-disclosure] [PLSA 2008-30] Vim: Arbitrary code execution

From: Pınar Yanardağ <pinar_at_nospam>
Date: Mon Aug 25 2008 - 00:47:45 GMT
To: pardus-security@pardus.org.tr



Pardus Linux Security Advisory 2008-30 security@pardus.org.tr
Date: 2008-08-25 Severity: 3 Type: Local
------------------------------------------------------------------------

Summary


Insufficient sanitization can lead to Vim executing arbitrary commands when performing keyword or tag lookup.

Description


(This vulnerability discovered by Ben Schmidt)

Affected packages:

   Pardus 2008:
     vim, all before 7.2.002-44-11

Resolution


There are update(s) for vim. You can update them via Package Manager or with a single command from console:

     pisi up vim

References


-- Pınar Yanardağ Pardus Security Team http://security.pardus.org.tr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/