what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 13841

Secunia Security Advisory 13841
Posted Jan 16, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - vim 6.x is susceptible to an insecure file creation vulnerability.

tags | advisory
SHA-256 | 0a6c8478c70c9b7ce82c1be1a0db07dbf6569637bd528a554b11559350e82996

Secunia Security Advisory 13841

Change Mirror Download

TITLE:
vim Insecure Temporary File Creation

SECUNIA ADVISORY ID:
SA13841

VERIFY ADVISORY:
http://secunia.com/advisories/13841/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
Vim 6.x
http://secunia.com/product/2919/

DESCRIPTION:
Javier Fernández-Sanguino Peña has reported some vulnerabilities in
vim, which can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.

The vulnerabilities are caused due to the tcltags and vimspell.sh
scripts creating temporary files insecurely. This can be exploited
via symlink attacks to overwrite arbitrary files with the privileges
of the user running a vulnerable scripts.

The vulnerabilities have been reported in version 6.3. Other versions
may also be affected.

SOLUTION:
Grant only trusted users access to affected systems.

PROVIDED AND/OR DISCOVERED BY:
Javier Fernández-Sanguino Peña

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

November 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    1 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    0 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    219 Files
  • 14
    Nov 14th
    19 Files
  • 15
    Nov 15th
    66 Files
  • 16
    Nov 16th
    38 Files
  • 17
    Nov 17th
    9 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    11 Files
  • 22
    Nov 22nd
    56 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    36 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    14 Files
  • 28
    Nov 28th
    30 Files
  • 29
    Nov 29th
    35 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close