CVE-2008-3294

CVE-2008-3294 affects Vim 5.0–7.1 when built with Python support. The vulnerability stems from Makefile-conf temporary file not having guaranteed ownership/permissions, allowing local users to execute arbitrary code by modifying this file during a window or by creating it beforehand with restrict...

Vim不安全文件建立漏洞

BUGTRAQ ID: 30279 CNCAN ID：CNCAN-2008072101 Vim是一款常用的文本编辑器。 Vim configure.in不安全建立临时文件，本地攻击者可以利用漏洞以运行应用程序权限覆盖或删除系统文件。 当构建过程中，在'/tmp'目录中会建立可猜测名字的临时文件，当VIM使用Python支持构建时运行如下代码： src/configure.in: 677 dnl -- we need to examine Python's config/Makefile too 678 dnl see what the interpreter is built from...