oss-sec mailing list archives
Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10
From: "Jan Minář" <rdancer () rdancer org>
Date: Mon, 21 Jul 2008 12:57:48 +0100
On Sun, Jul 20, 2008 at 8:12 PM, Jonathan Smith <smithj () freethemallocs com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sorry it took so long to get back; I've been rather busy lately. Tomas Hoger wrote:Jonathan, did new netrw tests work for you? With which vim version? They all failed for me with vim 7.1.245 / netrw 109.No vulnerability was found for me for vim 7.1.213 with netrw 109, as compiled for rPath Linux.
Version 109 is probably too old. There has been a lot of functionality added since, and I presume a lot of refactoring done too. According to the [0]Netrw version history, marking files (used by netrw.v2 & netrw.v3) was introduced in version 111. On the other hand, these vulnerabilities should not depend on the Vim version; the TIOCSTI method used in netrw.v4 ``test'' target may not be very portable outside Un*x though. [0] http://www.vim.org/scripts/script.php?script_id=1075 Hope that helps. Jan.
Current thread:
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10, (continued)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Tomas Hoger (Jul 10)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Jan Minář (Jul 12)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Tomas Hoger (Jul 15)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Jan Minář (Jul 16)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Tomas Hoger (Jul 16)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Jan Minář (Jul 16)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Tomas Hoger (Jul 10)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Jonathan Smith (Jul 20)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Tomas Hoger (Jul 20)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Steven M. Christey (Jul 31)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Tomas Hoger (Aug 05)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Jan Minář (Jul 21)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Tomas Hoger (Jul 21)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Jan Minář (Jul 21)
- Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Bram Moolenaar (Jul 07)