Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 232890
Alias:
Product:
Component:
Status: ASSIGNED
Resolution:
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 232890 depends on: Show dependency tree
Bug 232890 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-07-25 00:53 0000 
CVE-2008-3294 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3294):
  src/configure.in in Vim 5.0 through 7.1, when used for a build with Python
  support, does not ensure that the Makefile-conf temporary file has the
  intended ownership and permissions, which allows local users to execute
  arbitrary code by writing to this file during a time window associated with a
  race condition.

------- Comment #1 From Robert Buchholz 2008-07-25 01:17:40 0000 ------- 
Just for reference, here's a reproducer.

create /tmp/Makefile-conf$$ with the expected PID range, 644 mode and following
content:

__:
        echo echo "Hey there"
        echo id
        echo whoami
        echo pwd


then "emerge vim"
...
checking Python's configuration directory... /usr/lib/python2.5/config
auto/configure: line 4858: /tmp/Makefile-conf2247: Permission denied
echo Hey there
Hey there
id
uid=250(portage) gid=250(portage) groups=250(portage)
whoami
portage
pwd
/var/tmp/portage/app-editors/vim-7.1.319/work/vim71/src

------- Comment #2 From Robert Buchholz 2008-07-31 00:28:45 0000 ------- 
There's a patch for this issue against 7.2b, but the patch also applies to 7.1
ftp://ftp.vim.org/pub/vim/unstable/patches/7.2b/7.2b.014

------- Comment #3 From Ali Polatel (RETIRED) 2008-08-14 08:45:11 0000 ------- 
{vim,gvim}-7.2 are in CVS.

------- Comment #4 From Robert Buchholz 2008-08-14 12:47:56 0000 ------- 
Arches, please test and mark stable:
=app-editors/vim-7.2
=app-editors/vim-core-7.2
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

=app-editors/gvim-7.2
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"

------- Comment #5 From Ferris McCormick 2008-08-14 13:34:35 0000 ------- 
Sparc stable, even if rushed.  Works fine for me, and this looks like a rather
unpleasant security bug.

------- Comment #6 From Raúl Porcel 2008-08-14 15:12:26 0000 ------- 
alpha/ia64/x86 stable

------- Comment #7 From Brent Baude 2008-08-14 17:04:27 0000 ------- 
ppc & ppc64

------- Comment #8 From Jeroen Roovers 2008-08-15 10:47:48 0000 ------- 
Stable for HPPA.

------- Comment #9 From Markus Meier 2008-08-15 18:59:42 0000 ------- 
amd64 stable
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug