oss-sec mailing list archives
[oss-list] CVE request (vim)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 11 Sep 2008 16:56:36 +0200
Hello Steve, found relatively old issue in Vim, which was not covered by the CVE-2008-2712 patch. Could you please assign a new CVE id for it: Report: http://www.rdancer.org/vulnerablevim-K.html [1] Proposed patch: http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2 Other references: https://bugzilla.redhat.com/show_bug.cgi?id=461927 Affected versions: Successfully reproduced on vim-6.0-7.15 through vim-7.1.291-1. Proof of concept: See part "4. EXPLOIT" from [1] report. The xclock part is easily reproducible. Impact: Arbitrary code execution. Thank you in advance Kind regards Jan iankko Lieskovsky RH Security Response Team
Current thread:
- [oss-list] CVE request (vim) Jan Lieskovsky (Sep 11)
- Re: [oss-list] CVE request (vim) Pınar Yanardağ (Sep 11)
- Re: [oss-list] CVE request (vim) Steven M. Christey (Sep 15)
- Re: [oss-list] CVE request (vim) Jan Minář (Sep 11)
- Re: [oss-list] CVE request (vim) Steven M. Christey (Sep 15)
- Re: [oss-list] CVE request (vim) Pınar Yanardağ (Sep 11)