Comment 1 Jean-François Brunette (RETIRED) 2005-01-13 07:56:27 UTC

Description:
Javier Fernández-Sanguino Peña has reported some vulnerabilities in vim, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.

The vulnerabilities are caused due to the tcltags and vimspell.sh scripts creating temporary files insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with the privileges of the user running a vulnerable scripts.

The vulnerabilities have been reported in version 6.3. Other versions may also be affected.

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) 2005-01-13 10:00:14 UTC

Vim please verify and advise.

We don't install either of these.

Comment 4 Thierry Carrez (RETIRED) 2005-01-13 11:31:58 UTC

Those scripts are shipped with app-editors/vim-core :

/usr/share/vim/vim63/tools/vimspell.sh
/usr/share/vim/vim63/tools/tcltags

I guess we should patch them (or remove them) even if they are not directly accessible.

*shrug* I could stick in an rm in the eclass if "being able to mildly irritate users (all one of them) who use a not really working script which isn't placed anywhere inside $PATH and isn't of any use since ctags and vimspell do the job far better" is considered an issue.

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) 2005-01-13 12:51:25 UTC

Ciaran please either delete them or patch them.

Committed to vim.eclass, r1.89.

Comment 8 Sune Kloppenborg Jeppesen (RETIRED) 2005-01-13 14:13:08 UTC

Thx Ciaran.

Security please vote for GLSA on this one. Personally I vote for no GLSA.

Comment 9 Thierry Carrez (RETIRED) 2005-01-14 00:37:39 UTC

I agree we shouldn't issue an advisory over such scripts (not in common PATH and clearly misc/contrib/not_useful). Fixing this is already a little overkill :)