vim security update

CentOS Errata and Security Advisory CESA-2007:0346 Updated vim packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. VIM VIsual editor iMproved is a version of the v...

Fedora Core 6 : vim-7.0.235-1.fc6 (2007-492)

This update fixes several issues where opening a malicious file with vim can run an arbitrary command via modeline Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format i...

Mandrake Linux Security Advisory : vim (MDKSA-2007:101)

A vulnerability in vim 7.0's modeline processing capabilities was discovered where a user with modelines enabled could open a text file containing a carefully crafted modeline, executing arbitrary commands as the user running vim. Updated packages have been patched to prevent this issue...

vim-7 modeline security issue

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

Moderate: Red Hat Security Advisory: vim security update

Updated vim packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. VIM VIsual editor iMproved is a version of the vi editor. An arbitrary command execution flaw was...

[SECURITY] Fedora Core 6 Update: vim-7.0.235-1.fc6

VIM VIsual editor iMproved is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more...

CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

Command injection

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

DEBIAN-CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

CVE-2007-2438

CVE-2007-2438 targets Vim’s sandbox, where modeline parsing grants access to dangerous functions (writefile, feedkeys, system), enabling user-assisted execution of shell commands and file writes. The issue affects Vim components exposed to modelines and has been addressed in multiple advisories a...

CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

CentOS 3 / 4 : vim (CESA-2005:745)

Updated vim packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. VIM VIsual editor iMproved is a version of the vi editor. A bug was found in the way VIM processes modelines. If a user with modelines...

Ubuntu 4.10 : vim vulnerability (USN-52-1)

Ciaran McCreesh found several vulnerabilities related to the use of options in Vim modeline commands, such as 'termcap', 'printdevice', 'titleold', 'filetype', 'syntax', 'backupext', 'keymap', 'patchmode', and 'langmenu'. If an attacker tricked an user to open a file with a specially crafted...

Ubuntu 4.10 : vim vulnerabilities (USN-61-1)

Javier Fernandez-Sanguino Pena noticed that the auxillary scripts 'tcltags' and 'vimspell.sh' created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the script either by calling it...

Ubuntu 4.10 / 5.04 : vim vulnerability (USN-154-1)

Georgi Guninski discovered that it was possible to construct Vim modelines that execute arbitrary shell commands by wrapping them in glob or expand function calls. If an attacker tricked an user to open a file with a specially crafted modeline, he could exploit this to execute arbitrary commands...

Mandrake Linux Security Advisory : vim (MDKSA-2005:148)

A vulnerability was discovered in the way that vim processed modelines. If a user with modelines enabled opened a textfile with a specially crafted modeline, arbitrary commands could be executed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

DTSA-12-1 vim - modeline exploits

Bulletin has no description...