Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 46421 - vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines
Summary: vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arb...
Status: RESOLVED DUPLICATE of bug 14088
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-03-31 16:21 UTC by Tobias Weisserth
Modified: 2011-10-30 22:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Weisserth 2004-03-31 16:21:19 UTC 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1377

vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used as an editor for other products such as mutt.

It's the "possibly other versions" part that makes me enter this bug. I guess it's not critical but it might be better to check out whether our 6.2 releases are affected or not. I couldn't verify this yet.

regards,
Tobias

Reproducible: Always
Steps to Reproduce:
Comment 1 Seemant Kulleen (RETIRED) gentoo-dev 2004-03-31 16:38:27 UTC 
aron & the vim team, can we have a fix plz?
Comment 2 Ciaran McCreesh 2004-03-31 17:04:42 UTC 
Unless I'm missing something, this was fixed ages ago. 6.2* should be unaffected.
Comment 3 Aron Griffis (RETIRED) gentoo-dev 2004-03-31 18:30:22 UTC 
This was fixed over a year ago in Gentoo.  Please check for dups before filing

*** This bug has been marked as a duplicate of 14088 ***