oss-sec mailing list archives
Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10
From: "Jan Minář" <rdancer () rdancer org>
Date: Mon, 21 Jul 2008 15:05:28 +0100
On Mon, Jul 21, 2008 at 2:44 PM, Tomas Hoger <thoger () redhat com> wrote:
On Mon, 21 Jul 2008 12:57:48 +0100 "Jan Minář" <rdancer () rdancer org> wrote:Version 109 is probably too old. There has been a lot of functionality added since, and I presume a lot of refactoring done too. According to the [0]Netrw version history, marking files (used by netrw.v2 & netrw.v3) was introduced in version 111.Agree. netrw 109 bundled with vim 7.1 does not implement mz and mc commands, so is not affected by .v2 and .v3. This was already mentioned in this thread.On the other hand, these vulnerabilities should not depend on the Vim version; the TIOCSTI method used in netrw.v4 ``test'' target may not be very portable outside Un*x though.But 109 (and older) is affected by D command / .v4 issue, just the test case does not work with 109 out of the box. Test assumes that the cursor in on the line right above the one showing crafted file name, but that does not seem to be correct assumption for 109 (netrw version differences or locale changes, I haven't really investigated). See suggestion in my other reply.
I have updated the test suite, it tests v110 correctly as VULNERABLE now: http://www.rdancer.org/vulnerablevim-latest.tar.bz2 Thanks. Jan.
Current thread:
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10, (continued)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Tomas Hoger (Jul 15)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Jan Minář (Jul 16)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Tomas Hoger (Jul 16)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Jan Minář (Jul 16)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Jonathan Smith (Jul 20)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Tomas Hoger (Jul 20)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Steven M. Christey (Jul 31)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Tomas Hoger (Aug 05)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Jan Minář (Jul 21)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Tomas Hoger (Jul 21)
- Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Jan Minář (Jul 21)
- Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Bram Moolenaar (Jul 07)