LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

vim: arbitrary command execution

Package(s):vim CVE #(s):CAN-2005-2368
Created:July 26, 2005 Updated:August 23, 2005
Description: Georgi Guninski discovered that it was possible to construct Vim 6.3 modelines that execute arbitrary shell commands by wrapping them in glob() or expand() function calls. If an attacker tricked an user to open a file with a specially crafted modeline, he could exploit this to execute arbitrary commands with the user's privileges.
Alerts:
Mandriva MDKSA-2005:148 2005-08-22
Red Hat RHSA-2005:745-01 2005-08-22
Fedora FEDORA-2005-741 2005-08-15
Fedora FEDORA-2005-738 2005-08-10
Fedora FEDORA-2005-737 2005-08-10
Ubuntu USN-154-1 2005-07-26
(Log in to post comments)

vim: arbitrary command execution

Posted Jul 28, 2005 18:38 UTC (Thu) by kreutzm (guest, #4700) [Link]

This will be CAN-2005-2368 (cf. Bug 320017)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds