|
|
Log in / Subscribe / Register

vim: arbitrary command execution

Package(s):vim CVE #(s):CAN-2005-2368
Created:July 26, 2005 Updated:August 23, 2005
Description: Georgi Guninski discovered that it was possible to construct Vim 6.3 modelines that execute arbitrary shell commands by wrapping them in glob() or expand() function calls. If an attacker tricked an user to open a file with a specially crafted modeline, he could exploit this to execute arbitrary commands with the user's privileges.
Alerts:
Mandriva MDKSA-2005:148 vim 2005-08-22
Red Hat RHSA-2005:745-01 vim 2005-08-22
Fedora FEDORA-2005-741 vim 2005-08-15
Fedora FEDORA-2005-738 vim 2005-08-10
Fedora FEDORA-2005-737 vim 2005-08-10
Ubuntu USN-154-1 vim 2005-07-26
to post comments

vim: arbitrary command execution

Posted Jul 28, 2005 18:38 UTC (Thu) by kreutzm (guest, #4700) [Link]

This will be CAN-2005-2368 (cf. Bug 320017)


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds