Date: Thu, 11 Sep 2008 16:56:36 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: coley@...re.org Cc: oss-security@...ts.openwall.com, Jan Minář <rdancer@...ncer.org>, Tomas Hoger <thoger@...hat.com>, Karsten Hopp <karsten@...hat.com> Subject: [oss-list] CVE request (vim) Hello Steve, found relatively old issue in Vim, which was not covered by the CVE-2008-2712 patch. Could you please assign a new CVE id for it: Report: http://www.rdancer.org/vulnerablevim-K.html  Proposed patch: http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2 Other references: https://bugzilla.redhat.com/show_bug.cgi?id=461927 Affected versions: Successfully reproduced on vim-6.0-7.15 through vim-7.1.291-1. Proof of concept: See part "4. EXPLOIT" from  report. The xclock part is easily reproducible. Impact: Arbitrary code execution. Thank you in advance Kind regards Jan iankko Lieskovsky RH Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ