Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 21 Feb 2009 17:18:33 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security <oss-security@...ts.openwall.com>
cc: coley <coley@...re.org>,
        Jan Minář <rdancer@...ncer.org>
Subject: Re: CVE request (vim)


On Mon, 20 Oct 2008, Jan Lieskovsky wrote:

> CVE-NONE-YET Vim netrw.vim plugin issues (netrw.v4, netrw.v5)              (4)
> Affects: Vim 7.0, Vim 7.1
> Reference: http://www.rdancer.org/vulnerablevim-netrw.html     (part 3 the 'D' command)
>            http://www.rdancer.org/vulnerablevim-netrw.v2.html  (part 3 the 'D' command)
>            http://www.rdancer.org/vulnerablevim-netrw.v5.html


Use CVE-2008-6235, see below.

> CVE-NONE-YET Vim netrw.vim plugin issue (FTP user credentials disclosure)   (5)
> Affects: Vim 7.1, Vim 7.2
> References: http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html

Assigned CVE-2008-4677 previously.

With the exception of the "mx" question raised in a separate email, I
don't think there are any outstanding issues.  I hope :-/

- Steve


======================================================
Name: CVE-2008-4677
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4677
Reference: MLIST:[oss-security] 20081006 CVE request - (vim : netrw plugin - ftp user credentials disclosure)
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/06/4
Reference: MLIST:[oss-security] 20081016 CVE request - Vim netrw.plugin
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/16/2
Reference: MLIST:[oss-security] 20081020 CVE request (vim)
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/20/2
Reference: MLIST:[vim_dev] 20080817 Re: Anyone fixing SA31464?
Reference: URL:http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6
Reference: MISC:http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=461750
Reference: SECUNIA:31464
Reference: URL:http://secunia.com/advisories/31464

autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions
before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores
credentials for an FTP session, and sends those credentials when
attempting to establish subsequent FTP sessions to servers on
different hosts, which allows remote FTP servers to obtain sensitive
information in opportunistic circumstances by logging usernames and
passwords.  NOTE: the upstream vendor disputes a vector involving
different ports on the same host, stating "I'm assuming that they're
using the same id and password on that unchanged hostname,
deliberately."


======================================================
Name: CVE-2008-6235
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6235
Reference: MLIST:[oss-security] 20081016 CVE request - Vim netrw.plugin
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/16/2
Reference: MLIST:[oss-security] 20081020 CVE request (vim)
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/20/2
Reference: MISC:http://www.rdancer.org/vulnerablevim-netrw.html
Reference: MISC:http://www.rdancer.org/vulnerablevim-netrw.v2.html
Reference: MISC:http://www.rdancer.org/vulnerablevim-netrw.v5.html

The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted
attackers to execute arbitrary commands via shell metacharacters in a
filename used by the (1) "D" (delete) command or (2) b:netrw_curdir
variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.