Date: Thu, 11 Sep 2008 16:56:36 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: coley@...re.org Cc: oss-security@...ts.openwall.com, Jan Minář <rdancer@...ncer.org>, Tomas Hoger <thoger@...hat.com>, Karsten Hopp <karsten@...hat.com> Subject: [oss-list] CVE request (vim) Hello Steve, found relatively old issue in Vim, which was not covered by the CVE-2008-2712 patch. Could you please assign a new CVE id for it: Report: http://www.rdancer.org/vulnerablevim-K.html  Proposed patch: http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2 Other references: https://bugzilla.redhat.com/show_bug.cgi?id=461927 Affected versions: Successfully reproduced on vim-6.0-7.15 through vim-7.1.291-1. Proof of concept: See part "4. EXPLOIT" from  report. The xclock part is easily reproducible. Impact: Arbitrary code execution. Thank you in advance Kind regards Jan iankko Lieskovsky RH Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.