what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

suse.vim.txt

suse.vim.txt
Posted Apr 13, 2001
Site suse.de

SuSE Security Advisory SuSE-SA:2001:12 - Vim and gvim have two vulnerabilities - A /tmp race condition and vim commands in regular files will be executed if the status line of vim is enabled in vimrc. Both vulnerabilities could be used to gain unauthorized access to more privileges. Patches available.

tags | vulnerability
systems | linux, suse
SHA-256 | 8070dd0cc8be8aa8f30511aa9b4fe1c976358e0623d82c15c16cdb092b7c1942

suse.vim.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

SuSE Security Announcement

Package: vim/gvim
Announcement-ID: SuSE-SA:2001:12
Date: Tuesday, April 10th, 2001 15.23 MEST
Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1
Vulnerability Type: local privilege escalation
Severity (1-10): 5
SuSE default package: yes
Other affected systems: all system using vim/gvim

Content of this advisory:
1) security vulnerability resolved: vim/gvim
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)

______________________________________________________________________________

1) problem description, brief discussion, solution, upgrade information

The text editor vim, Vi IMproved, was found vulnerable to two security
bugs.
1.) a tmp race condition
2.) vim commands in regular files will be executed if the status line
of vim is enabled in vimrc
Both vulnerabilities could be used to gain unauthorized access to more
privileges.


Download the update package from locations desribed below and install
the package with the command `rpm -Uhv file.rpm'. The md5sum for each
file is in the line below. You can verify the integrity of the rpm
files using the command
`rpm --checksig --nogpg file.rpm',
independently from the md5 signatures below.



vim:
----
i386 Intel Platform:

SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/a1/vim-5.7-71.i386.rpm
db368baa134c23b3578c8022a66d2703
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/vim-5.7-71.src.rpm
00cf66142e477e24824410c8bf9e8702

SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/vim-5.7-73.i386.rpm
3a35734d8737c4f1e97ca9a6c1f68073
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/vim-5.7-73.src.rpm
6275c8d938a7254e648ba33765613573

SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/vim-5.7-72.i386.rpm
7db6e43273fcfccf0f019246ba43fd05
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/vim-5.7-72.src.rpm
f2d7177a61b1794068412ea687b9ecf6

SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/a1/vim-5.7-72.i386.rpm
c12a03ff18235ea3421b18c48d6448af
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/vim-5.7-72.src.rpm
b6e46176215691fc398fc6184e437a36

SuSE-6.2
ftp://ftp.suse.com/pub/suse/i386/update/6.2/a1/vim-5.7-71.i386.rpm
a9f2154d991f9eb848dff3ffa1dcf430
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/vim-5.7-71.src.rpm
8e554dbfe786562204039358df810984

SuSE-6.1
ftp://ftp.suse.com/pub/suse/i386/update/6.1/a1/vim-5.7-72.i386.rpm
fcef6ade53f01ffe4cd8a7b8c033e176
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/vim-5.7-72.src.rpm
e3d554b1354208ca6175c4757bab0373



Sparc Platform:

SuSE-7.1
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/a1/vim-5.7-54.sparc.rpm
6746fc4eafc91ba5fa6d6377f22efdbd
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/vim-5.7-54.src.rpm
de427c49af200e5fefa62a39959eaaaf

SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/vim-5.7-54.sparc.rpm
7648859cc6a584ce1a2715cf7bc34bdc
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/vim-5.7-54.src.rpm
934385ba01d59fc7bdd1bbaeca0cf260



AXP Alpha Platform:

SuSE-7.0
ftp://ftp.suse.com/pub/suse/axp/update/7.0/a1/vim-5.7-57.alpha.rpm
ebe9dfc83dd1294b83d6b3aaad92fca0
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/vim-5.7-57.src.rpm
038ab54d8a08f96b61118373f5e00948

SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/vim-5.7-57.alpha.rpm
24d5f1365522d267650be44f80ab0b52
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/vim-5.7-57.src.rpm
0a7a5bbde8e645254f4a5bd6cd402943

SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/a1/vim-5.7-57.alpha.rpm
b496518ea1640852e17ddb1274759fc4
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/vim-5.7-57.src.rpm
1760adfac8e70bff334d74330acbefed

SuSE-6.1
ftp://ftp.suse.com/pub/suse/axp/update/6.1/a1/vim-5.7-57.alpha.rpm
dc633df2ac8fafa41c76d5c0216ed149
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/vim-5.7-57.src.rpm
610088cca725fec62a4e7d6f1b030af1



PPC PowerPC Platform:

SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/vim-5.7-20.ppc.rpm
0b9ecb77901b15a90bf25623701d834b
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/vim-5.7-20.src.rpm
3224f60fa80f27a9fb249a69c0ceaf01

SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/a1/vim-5.7-19.ppc.rpm
2044541d409bd756a166a75515214ffa
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/vim-5.7-19.src.rpm
cac70ab3c2dee163d490bd85126f70aa




gvim:
-----
i386 Intel Platform:

SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/xap2/gvim-5.7-79.i386.rpm
066d163c43a6bb58f7a4a3770f179770
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/gvim-5.7-79.src.rpm
e6e92c8c4de39bd3a5899a55d6003d82

SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/xap1/gvim-5.7-79.i386.rpm
16973a740f4a1fc2f2a189f036a10fe9
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/gvim-5.7-79.src.rpm
fecbd910f57b351e992f7b7015e3149b

SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/xap1/gvim-5.7-78.i386.rpm
1700470566ac4fb2e5588771f07638ed
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/gvim-5.7-78.src.rpm
43a49e33acb8b9f017e6e5846ba636df

SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/xap1/gvim-5.7-78.i386.rpm
db2abf1a9414b36466eb3d1186df5a7e
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/gvim-5.7-78.src.rpm
0b0b50b4987d594ee48a146e939f7152

SuSE-6.2
ftp://ftp.suse.com/pub/suse/i386/update/6.2/xap1/gvim-5.7-77.i386.rpm
125171df7f45c80c10ea0fd52f944a6a
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/gvim-5.7-77.src.rpm
634e7b355274aed0af0fd7ac83218d78

SuSE-6.1
ftp://ftp.suse.com/pub/suse/i386/update/6.1/xap1/gvim-5.7-78.i386.rpm
1d18996bf9666269db7893ae340e5642
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/gvim-5.7-78.src.rpm
9279a59d6eb1942186e1233c6f0ebcf1



Sparc Platform:

SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/xap1/gvim-5.7-59.sparc.rpm
d415a24027510882b68d4ddcf1970ab4
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/gvim-5.7-59.src.rpm
57bfa58f0f7c46354edc78f0fc694d43



AXP Alpha Platform:

SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/xap1/gvim-5.7-57.alpha.rpm
4cd25502d4ac5067fc64cd917ebd9018
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/gvim-5.7-57.src.rpm
347a84634805a6efa1ebf76df2a8ddb5

SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/xap1/gvim-5.7-57.alpha.rpm
5808f168b8632c85518d61ecec33e3d1
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/gvim-5.7-57.src.rpm
9402b1f0440b71a6aa0c1a60748dd26d

SuSE-6.1
ftp://ftp.suse.com/pub/suse/axp/update/6.1/xap1/gvim-5.7-57.alpha.rpm
b74d1cb6f7200d0bcf6ddbe1310e28c7
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/gvim-5.7-57.src.rpm
599e9ed0a326a9b86a6584f0a24ae4ad



PPC PowerPC Paltform:

SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/xap1/gvim-5.7-58.ppc.rpm
27e579ff062662425a3581da6d08bce9
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/gvim-5.7-58.src.rpm
42a9a5b423848bbe381251c15a095a65

SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/xap1/gvim-5.7-57.ppc.rpm
07b386f3dbaca5c9b3f8c440ba59c782
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/gvim-5.7-57.src.rpm
4ddef3c55da33c3b548dd055d3d9b75b


______________________________________________________________________________

2) Pending vulnerabilities in SuSE Distributions and Workarounds:

- We are in the process of preparing update packages for the man package
which has been found vulnerable to a commandline format string bug.
The man command is installed suid man on SuSE systems. When exploited,
the bug can be used to install a different man binary to introduce a
trojan into the system. As an interim workaround, we recommend to
`chmod -s /usr/bin/man´ and ignore the warnings and errors when
viewing manpages.

- A bufferoverflow in sudo was discovered and fixed RPMs will be
available as soon as possible. A exploit was not made public until
now.

- NEdit a GUI-style text editor needs an update due to a tmp race
condition. The source code is currently being reviewed and new
RPMs will be available within the next days.

______________________________________________________________________________

3) standard appendix:

SuSE runs two security mailing lists to which any interested party may
subscribe:

suse-security@suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe@suse.com>.

suse-security-announce@suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe@suse.com>.

For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info@suse.com> or
<suse-security-faq@suse.com> respectively.

===============================================
SuSE's security contact is <security@suse.com>.
===============================================

______________________________________________________________________________

The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBOtMMyXey5gA9JdPZAQFnUwgAmiUtFvm1KydQIAQZKbQfSDdCL+gcpdJs
5NLVWTNGGL/pxP7y1l+7/kg107TrO7QKzfzfm/tKODu7m4jAvao8QMEnXP3GIzK5
jPSK7sckztfIsp7Rgom/yjgEZk2UrKbZadr5ASnen/QGuppsUL7qL8QvcCie2Ypv
NYAIC44gdJBrZRC7joNAtOLoSOfNIR6Hj3wkbmKpWVKANCZPnLwLpXn/4rd9Xorz
S0FKR+FzsigN7zHkeIzeqezYBTsBfBSsRomHpkiiPsGFKBYDDc6nWsPTLlOWinww
Pj5VrcQ2sqZKW5RF4ET+w3v2GjGKRP/vcQMbP9qrIy8VNl9/MztskA==
=C7Jm
-----END PGP SIGNATURE-----

Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas@suse.de Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47


--
To unsubscribe, e-mail: suse-security-announce-unsubscribe@suse.com
For additional commands, e-mail: suse-security-announce-help@suse.com

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close