VMware Security Advisory - ESX patches for OpenSSL, vim and bind resolve several security issues. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. Various vulnerabilities were discovered in vim such as format string issues and input validation problems.
6cb3c24c65b6ce75a60be81d773ffe92365d8866329c83302255f5fa55cec7f1
Debian Security Advisory 1364-2 - Several vulnerabilities have been discovered in the vim editor. Ulf Harnhammar discovered that a format string flaw in helptags_one() from src/ex_cmds.c (triggered through the "helptags" command) can lead to the execution of arbitrary code. Editors often provide a way to embed editor configuration commands (aka modelines) which are executed once a file is opened. Harmful commands are filtered by a sandbox mechanism. It was discovered that function calls to writefile(), feedkeys() and system() were not filtered, allowing shell command execution with a carefully crafted file opened in vim. This updated advisory repairs issues with missing files in the packages for the oldstable distribution (sarge) for the alpha, mips, and mipsel architectures.
c3785b66e8f5c4940f2f5cff8cbacf0010c2280153e65ca2f3c5312f02e34028
Debian Security Advisory 1364-1 - Several vulnerabilities have been discovered in the vim editor. Ulf Harnhammar discovered that a format string flaw in helptags_one() from src/ex_cmds.c (triggered through the "helptags" command) can lead to the execution of arbitrary code. Editors often provide a way to embed editor configuration commands (aka modelines) which are executed once a file is opened. Harmful commands are filtered by a sandbox mechanism. It was discovered that function calls to writefile(), feedkeys() and system() were not filtered, allowing shell command execution with a carefully crafted file opened in vim.
568c5f44ec4fc3ee2bced8b7d5302fe9094997142525e4dbfc74de8974db733e
Ubuntu Security Notice 505-1 - Ulf Harnhammar discovered that vim does not properly sanitize the "helptags_one()" function when running the "helptags" command. By tricking a user into running a crafted help file, a remote attacker could execute arbitrary code with the user's privileges.
a4ff9395ae549536c4373cde02a1f6dfa2a8967393ffff174cbba478f7413dd9
Mandriva Linux Security Advisory - A format string vulnerability in the helptags support in vim allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file.
ffceeb2928369cb3507e109462f3e55dc1ed6df6089ae7ae50cc8afa49e581f6