Full Disclosure mailing list archives
FLEA-2007-0014-1: vim
From: Foresight Linux Essential Announcement Service <foresight-security-noreply () foresightlinux org>
Date: Mon, 30 Apr 2007 13:11:52 -0400
Foresight Linux Essential Advisory: 2007-0014-1 Published: 2007-04-30 Rating: Minor Updated Versions: gvim=/foresight.rpath.org@fl:1-devel//1/7.0.235-1-1 vim=/foresight.rpath.org@fl:1-devel//1/7.0.235-1-1 vim-minimal=/foresight.rpath.org@fl:1-devel//1/7.0.235-1-1 group-dist=/foresight.rpath.org@fl:1-devel//1/1.2.1-0.3-2 References: https://issues.rpath.com/browse/RPL-1320 http://marc.info/?t=117762599300001&r=1&w=2 Description: Previous versions of the vim package allowed two functions, feedkeys() and writefile(), to be used in the sandbox. Functions executed via modelines in files being edited are verified by the sandbox; a user who is coerced into opening a specially-crafted file could cause the system to execute arbitrary shell code supplied by the attacker. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FLEA-2007-0014-1: vim Foresight Linux Essential Announcement Service (Apr 30)