Описание
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| vim | fixed | 6.1.263-1 | package |
Примечания
woody seems to be still vulnerable
according to bug #178102 a fixed package was uploaded to the security team in January 2003
but no advisory (nor fixed package) have been published yet.
I've mailed maintainer Luca Filipozzi <lfilipoz@debian.org> about this.
No response from maintainer, I have mailed security team.
Martin Schulze don't consider this as an issue for updating woody.
Связанные уязвимости
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.