[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [PLSA 2008-30] Vim: Arbitrary code execution

To: pardus-security@xxxxxxxxxxxxx
Subject: [Full-disclosure] [PLSA 2008-30] Vim: Arbitrary code execution
From: Pınar Yanardağ <pinar@xxxxxxxxxxxxx>
Date: Mon, 25 Aug 2008 03:47:45 +0300

------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-30            security@xxxxxxxxxxxxx
------------------------------------------------------------------------
       Date: 2008-08-25
   Severity: 3
       Type: Local
------------------------------------------------------------------------

Summary
=======

Insufficient sanitization can lead to Vim executing arbitrary  commands
when performing keyword or tag lookup.


Description
===========

(This vulnerability discovered by Ben Schmidt)


Affected packages:

   Pardus 2008:
     vim, all before 7.2.002-44-11


Resolution
==========

There are update(s) for vim. You can update them via Package Manager or
with a single command from console:

     pisi up vim

References
==========

   * http://www.rdancer.org/vulnerablevim-K.html
   * 
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e

------------------------------------------------------------------------

-- 
Pınar Yanardağ
Pardus Security Team
http://security.pardus.org.tr


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [PLSA 2008-29] Vlc: Multiple Vulnerabilities
Next by Date: [Full-disclosure] [IVIZ-08-004] Intel BIOS Plain Text Password Disclosure
Previous by thread: [Full-disclosure] [PLSA 2008-29] Vlc: Multiple Vulnerabilities
Next by thread: [Full-disclosure] [IVIZ-08-004] Intel BIOS Plain Text Password Disclosure
Index(es):
- Date
- Thread