LWN.net: Security Update: vim - embedded modline exploits CSSA-2001-014.0

Date: Wed, 11 Apr 2001 13:33:28 -0600
From: Caldera Support Information <sup-info@opus.calderasystems.com>
To: announce@lists.caldera.com, bugtraq@securityfocus.com,
Subject: Security Update: vim - embedded modline exploits CSSA-2001-014.0


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		vim - embedded modline exploits
Advisory number: 	CSSA-2001-014.0
Issue date: 		2001 April, 11
Cross reference:
______________________________________________________________________________


1. Problem Description

   There exists a possibility for an attacker to embed special
   modelines into a text file which when opened with vim could
   compromise the account of the user.

   Also editing files in world writeable directories like /tmp
   could lead to a local attacker gaining access to the editing
   users account due to possible symlink attacks on editor backup
   and swap files.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3		All packages previous to
   				vim-5.7-12

   OpenLinux eServer 2.3.1      All packages previous to
   and OpenLinux eBuilder  	vim-5.7-12

   OpenLinux eDesktop 2.4       All packages previous to
   				vim-5.7-12

3. Solution

   Workaround

      none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

   4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

       6f57e2a30063af5973c98734bd56099e  RPMS/vim-5.7-12.i386.rpm
       e53bbd8b9cd8020015d08edcbe8c872a  RPMS/vim-X11-5.7-12.i386.rpm
       1914bb9b40d72a0bfdd1997890b7c05a  RPMS/vim-help-5.7-12.i386.rpm
       9edf7f1fc3f60ac1b4102083b6f6c2a2  SRPMS/vim-5.7-12.src.rpm

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -Fhv vim-*.i386.rpm

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       c3f3502b0347c9e823daa1108ec832f3  RPMS/vim-5.7-12.i386.rpm
       2efd3e378dc7fe0a2d0095cc2e14cb9e  RPMS/vim-X11-5.7-12.i386.rpm
       e318e2517708a060130bacd3477cf424  RPMS/vim-help-5.7-12.i386.rpm
       9edf7f1fc3f60ac1b4102083b6f6c2a2  SRPMS/vim-5.7-12.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -Fvh vim-*i386.rpm

6. OpenLinux eDesktop 2.4

   6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

       74813272a373c5f28d2a29380e173e40  RPMS/vim-5.7-12.i386.rpm
       26b8f47c0786c7c6b6fd95bab5499689  RPMS/vim-X11-5.7-12.i386.rpm
       eb52a3275bb642eccb36b443c8fb82c2  RPMS/vim-help-5.7-12.i386.rpm
       9edf7f1fc3f60ac1b4102083b6f6c2a2  SRPMS/vim-5.7-12.src.rpm

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

       rpm -Fvh vim-*i386.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Reports 9682, 9609.

8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

9. Acknowledgements:

   Caldera International wishes to thank the VIM team for being very
   responsive and providing a timely fix to the problem.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE61C4Z18sy83A/qfwRAomDAJ93pA+pKEesgGbls+0tTQ43XpfXwwCfV3kl
tDH63+CmEdhYmcGeinsQqbg=
=N5xH
-----END PGP SIGNATURE-----


---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@lists.caldera.com
For additional commands, e-mail: announce-help@lists.caldera.com