USN-52-1: vim vulnerability

23 December 2004

vim vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

Ciaran McCreesh found several vulnerabilities related to the use of options in Vim modeline commands, such as ‘termcap’, ‘printdevice’, ‘titleold’, ‘filetype’, ‘syntax’, ‘backupext’, ‘keymap’, ‘patchmode’, and ‘langmenu’.

If an attacker tricked an user to open a file with a specially crafted modeline, he could exploit this to execute arbitrary commands with the user’s privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
kvim
vim
vim-gnome
vim-gtk
vim-lesstif
vim-perl
vim-python
vim-tcl

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References