USN-154-1: vim vulnerability

26 July 2005

vim vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Georgi Guninski discovered that it was possible to construct Vim modelines that execute arbitrary shell commands by wrapping them in glob() or expand() function calls. If an attacker tricked an user to open a file with a specially crafted modeline, he could exploit this to execute arbitrary commands with the user’s privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
kvim
kvim-perl
kvim-python
kvim-tcl
vim
vim-gnome
vim-gtk
vim-lesstif
vim-perl
vim-python
vim-tcl
Ubuntu 4.10
kvim
kvim-perl
kvim-python
kvim-tcl
vim
vim-gnome
vim-gtk
vim-lesstif
vim-perl
vim-python
vim-tcl

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References