Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 21 Nov 2017 16:11:46 +0100
From: Matthias Weckbecker <matthias@...kbecker.name>
To: oss-security@...ts.openwall.com
Subject: Re: Fw: Security risk of vim swap files

Hi,

On Tue, Oct 31, 2017 at 01:23:52PM +0100, Hanno Boeck wrote:
> I just sent this to the vim dev list, but I guess it's interesting for
> oss-security, too.
> [...]
> 
> I wanted to point out an issue here with vim swap files that make them
> a security problem.

this is not limited to swap files.

> 
> On web servers this can be a severe security risk. One can e.g. scan
> for web hosts that have swap files of PHP configuration files and thus
> expose settings like database passwords. (e.g. wget
> http://example.com/.wp-config.php.swp )
>
> In a scan of the alexa top 1 million I found ~750 instances of such
> files. I tried to inform affected people as best as I could. I also
> discovered such scans in my own web server logs, so I assume black hats
> are already aware of this and it's actively exploitet.
>

One might want to consider adding e.g. .un~ files to the scanning too.
Unless 'undodir' is configured in ~/.vimrc, those files end up in the
same directory if 'undofile' is set.

Matthias

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.