Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 21 Nov 2017 16:11:46 +0100
From: Matthias Weckbecker <matthias@...kbecker.name>
To: oss-security@...ts.openwall.com
Subject: Re: Fw: Security risk of vim swap files

Hi,

On Tue, Oct 31, 2017 at 01:23:52PM +0100, Hanno Boeck wrote:
> I just sent this to the vim dev list, but I guess it's interesting for
> oss-security, too.
> [...]
> 
> I wanted to point out an issue here with vim swap files that make them
> a security problem.

this is not limited to swap files.

> 
> On web servers this can be a severe security risk. One can e.g. scan
> for web hosts that have swap files of PHP configuration files and thus
> expose settings like database passwords. (e.g. wget
> http://example.com/.wp-config.php.swp )
>
> In a scan of the alexa top 1 million I found ~750 instances of such
> files. I tried to inform affected people as best as I could. I also
> discovered such scans in my own web server logs, so I assume black hats
> are already aware of this and it's actively exploitet.
>

One might want to consider adding e.g. .un~ files to the scanning too.
Unless 'undodir' is configured in ~/.vimrc, those files end up in the
same directory if 'undofile' is set.

Matthias

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ