oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10

From: "Jan Minář" <rdancer () rdancer org>
Date: Mon, 21 Jul 2008 12:57:48 +0100
On Sun, Jul 20, 2008 at 8:12 PM, Jonathan Smith
<smithj () freethemallocs com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Sorry it took so long to get back; I've been rather busy lately.

Tomas Hoger wrote:

Jonathan, did new netrw tests work for you?  With which vim version?
They all failed for me with vim 7.1.245 / netrw 109.


No vulnerability was found for me for vim 7.1.213 with netrw 109, as
compiled for rPath Linux.


Version 109 is probably too old.  There has been a lot of
functionality added since, and I presume a lot of refactoring done
too.  According to the [0]Netrw version history, marking files (used
by netrw.v2 & netrw.v3) was introduced in version 111.

On the other hand, these vulnerabilities should not depend on the Vim
version; the TIOCSTI method used in netrw.v4 ``test'' target may not
be very portable outside Un*x though.

[0] http://www.vim.org/scripts/script.php?script_id=1075

Hope that helps.

Jan.
Previous By Date Next
Previous By Thread Next

Current thread: