PDA

View Full Version : [USN-52-1] vim vulnerability



Martin Pitt
December 23rd, 2004, 03:15 PM
================================================== =========
Ubuntu Security Notice USN-52-1 December 23, 2004
vim vulnerability
CAN-2004-1138
================================================== =========

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

kvim
vim
vim-gnome
vim-gtk
vim-lesstif
vim-perl
vim-python
vim-tcl

The problem can be corrected by upgrading the affected package to
version 1:6.3-025+1ubuntu2.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Ciaran McCreesh found several vulnerabilities related to the use of
options in Vim modeline commands, such as 'termcap', 'printdevice',
'titleold', 'filetype', 'syntax', 'backupext', 'keymap', 'patchmode',
and 'langmenu'.

If an attacker tricked an user to open a file with a specially crafted
modeline, he could exploit this to execute arbitrary commands with the
user's privileges.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.1.diff.gz
Size/MD5: 424979 4965410b651e6f5ac01ba2500e45d1ad
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.1.dsc
Size/MD5: 1122 fbabe18da525c6874e00e7144dc1015f
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3.orig.tar.gz
Size/MD5: 5624622 de1c964ceedbc13538da87d2d73fd117

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.3-025+1ubuntu2.1_all.deb
Size/MD5: 3421062 5e19fadc78b2d58baf8b9c0e469bffe9
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_6.3-025+1ubuntu2.1_all.deb
Size/MD5: 1646594 0aacbc8f415aac67d4ff67c2567ea9fc

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.1_amd64.deb
Size/MD5: 2586 dffb544da03f75c78a04240c1a226034
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.1_amd64.deb
Size/MD5: 805718 684db5c3346c4369b47131fa1e12130e
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.1_amd64.deb
Size/MD5: 802444 d62cb45626f58a3d04286734c9f0fff4
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.1_amd64.deb
Size/MD5: 784098 b6023cf232ce1177206aebc3a002ea10
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.1_amd64.deb
Size/MD5: 809126 2414707b703fb83ac166eef291e00f14
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.1_amd64.deb
Size/MD5: 802464 f9fc02b7e2bddaf8c579b88556b49e52
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.1_amd64.deb
Size/MD5: 801154 63c0de866afbe3e898c22dd1c571e4f9
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.1_amd64.deb
Size/MD5: 764954 4efd27d92715dd0b3d518b85a5fdaa23

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.1_i386.deb
Size/MD5: 2590 d66ae294e991c2a7795800ce109c4ed2
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.1_i386.deb
Size/MD5: 702646 0b2b804684a446045fc7b459f80b1c33
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.1_i386.deb
Size/MD5: 699996 38435bc2a97e3dae68aeacb41aa6ee46
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.1_i386.deb
Size/MD5: 682456 7346dca98d32990cbda11b28dcf9de98
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.1_i386.deb
Size/MD5: 707678 0cebe040f27ff421c046c0bba0c7be5a
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.1_i386.deb
Size/MD5: 700016 218129f6116b1ed0cac566b4ed3bb91a
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.1_i386.deb
Size/MD5: 699624 8f41f595aeb4b798b932cafdae5b428c
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.1_i386.deb
Size/MD5: 680000 648b6f8d31502eb282c6c8e598b1bfb3

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.1_powerpc.deb
Size/MD5: 2594 9b73d310934283adb3443ba1cf698cfc
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.1_powerpc.deb
Size/MD5: 788010 a0fb73fac7af675b50670878eff5e7a1
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.1_powerpc.deb
Size/MD5: 785336 fa097c36bb3fbdde3cc61131e06894b3
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.1_powerpc.deb
Size/MD5: 769820 960874ca1a9d2f184fb70a7c67712ff2
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.1_powerpc.deb
Size/MD5: 792352 33cdd008c6f7ee7ce5b7eb207e3a23d3
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.1_powerpc.deb
Size/MD5: 785350 f9ea0ded3300b32c8f464469666a2739
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.1_powerpc.deb
Size/MD5: 784864 1b286b54ecb25d6aa7b611122c5ad7b3
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.1_powerpc.deb
Size/MD5: 754470 04d272608873af561b091de313b7167c

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBys3+DecnbV4Fd/IRAqKYAJ9v1rgjWAXtPZoWj7xI72kDmy95vwCeJFgG
6+UqrToH/UROeoax5Ss3akE=
=OHGE
-----END PGP SIGNATURE-----