6.4 Medium
AI Score
Confidence
Low
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
Javier Fernández-Sanguino Peña noticed that the auxillary scripts
“tcltags” and “vimspell.sh” created temporary files in an insecure
manner. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the script
(either by calling it directly or by execution through vim).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 4.10 | noarch | vim-tcl | < * | UNKNOWN |
Ubuntu | 4.10 | noarch | vim-gnome | < * | UNKNOWN |
Ubuntu | 4.10 | noarch | vim-lesstif | < * | UNKNOWN |
Ubuntu | 4.10 | noarch | vim-gtk | < * | UNKNOWN |
Ubuntu | 4.10 | noarch | kvim | < * | UNKNOWN |
Ubuntu | 4.10 | noarch | vim | < * | UNKNOWN |
Ubuntu | 4.10 | noarch | vim-python | < * | UNKNOWN |
Ubuntu | 4.10 | noarch | vim-perl | < * | UNKNOWN |