CVE-2008-3294 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3294): src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by writing to this file during a time window associated with a race condition.
Just for reference, here's a reproducer. create /tmp/Makefile-conf$$ with the expected PID range, 644 mode and following content: __: echo echo "Hey there" echo id echo whoami echo pwd then "emerge vim" ... checking Python's configuration directory... /usr/lib/python2.5/config auto/configure: line 4858: /tmp/Makefile-conf2247: Permission denied echo Hey there Hey there id uid=250(portage) gid=250(portage) groups=250(portage) whoami portage pwd /var/tmp/portage/app-editors/vim-7.1.319/work/vim71/src
There's a patch for this issue against 7.2b, but the patch also applies to 7.1 ftp://ftp.vim.org/pub/vim/unstable/patches/7.2b/7.2b.014
{vim,gvim}-7.2 are in CVS.
Arches, please test and mark stable: =app-editors/vim-7.2 =app-editors/vim-core-7.2 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" =app-editors/gvim-7.2 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Sparc stable, even if rushed. Works fine for me, and this looks like a rather unpleasant security bug.
alpha/ia64/x86 stable
ppc & ppc64
Stable for HPPA.
amd64 stable
This issue has been fixed since Aug 15, 2008. No GLSA will be issued.
