The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


FLEA-2007-0014-1: vim


<< Previous INDEX Search src / Print Next >>
Date: Mon, 30 Apr 2007 13:11:52 -0400
From: Foresight Linux Essential Announcement Service <foresight-security-noreply@foresightlinux.org.>
To: [email protected]
Subject: FLEA-2007-0014-1: vim
References: <45EF374E.1090207@foresightlinux.org.> <45EF8D85.3050102@moritz-naumann.com.>
In-Reply-To: <45EF8D85.3050102@moritz-naumann.com.>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru

Foresight Linux Essential Advisory: 2007-0014-1
Published: 2007-04-30

Rating: Minor

Updated Versions:
     gvim=/foresight.rpath.org@fl:1-devel//1/7.0.235-1-1
     vim=/foresight.rpath.org@fl:1-devel//1/7.0.235-1-1
     vim-minimal=/foresight.rpath.org@fl:1-devel//1/7.0.235-1-1
     group-dist=/foresight.rpath.org@fl:1-devel//1/1.2.1-0.3-2

References:
     https://issues.rpath.com/browse/RPL-1320
     http://marc.info/?t=117762599300001&r=1&w=2

Description:
     Previous versions of the vim package allowed two functions, feedkeys() and 
writefile(), to be used in the sandbox. Functions executed via modelines in 
files being edited are verified by the sandbox; a user who is coerced into 
opening a specially-crafted file could cause the system to execute arbitrary 
shell code supplied by the attacker.



<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру