Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10

["Jan Minář" <rdancer () rdancer org>]

On Mon, Jul 21, 2008 at 2:44 PM, Tomas Hoger <thoger () redhat com> wrote:
> On Mon, 21 Jul 2008 12:57:48 +0100 "Jan Minář" <rdancer () rdancer org>
> wrote:
>
> > Version 109 is probably too old.  There has been a lot of
> > functionality added since, and I presume a lot of refactoring done
> > too.  According to the [0]Netrw version history, marking files (used
> > by netrw.v2 & netrw.v3) was introduced in version 111.
>
> Agree.  netrw 109 bundled with vim 7.1 does not implement mz and mc
> commands, so is not affected by .v2 and .v3.  This was already
> mentioned in this thread.
>
> > On the other hand, these vulnerabilities should not depend on the Vim
> > version; the TIOCSTI method used in netrw.v4 ``test'' target may not
> > be very portable outside Un*x though.
>
> But 109 (and older) is affected by D command / .v4 issue, just the test
> case does not work with 109 out of the box.  Test assumes that the
> cursor in on the line right above the one showing crafted file name,
> but that does not seem to be correct assumption for 109 (netrw version
> differences or locale changes, I haven't really investigated).  See
> suggestion in my other reply.

I have updated the test suite, it tests v110 correctly as VULNERABLE now:

http://www.rdancer.org/vulnerablevim-latest.tar.bz2

Thanks.

Jan.