[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list]
Date: Sun, 13 Jul 2008 01:35:42 +0100
From: "Jan MinĂ¡Å." <rdancer@...ncer.org>
To: "Tomas Hoger" <thoger@...hat.com>
Cc: oss-security@...ts.openwall.com,
"Jonathan Smith" <smithj@...ethemallocs.com>, coley@...us.mitre.org,
"Bram Moolenaar" <Bram@...lenaar.net>,
"Charles E Campbell, Jr" <drchip@...pbellfamily.biz>
Subject: Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10
Hi!
Thanks for CCing me. Thomas's observations are right.
On Thu, Jul 10, 2008 at 5:55 PM, Tomas Hoger <thoger@...hat.com> wrote:
> obvious to me why zip and tar tests are included in the test suite.
> Maybe just to point out that those issues are still unfixed.
Indeed, I included all that had not been fixed in the test suite.
> Moreover, if you diff zipplugin directories in vulnerablevim.tar.bz2
> and vulnerablevim-netrw.tar.bz2, you will see this test did not change
> at all between the two test suites. So CVE-2008-3075 should already
> be covered by previous CVE-2008-2712.
The zip exploit is the same. It still has not been fixed as of Vim
7.2a.19/zip.vim v19.
> tarplugin test was updated since the first test suite to use different
> payload. I'm not really sure if it is the same issue or not, but the
> new exploit is blocked by the previously proposed Jan's patch. So it
> may be the same issue as described in the first advisory. Btw,
There are two attack vectors, both fixed in the original patch of
mine. I only updated the tarplugin exploit to use the other vector.
> CVE-2008-2712 description does not mention tar.vim issue. It is
> described in 3.4.2.3, but its test does not seem to be run when doing
> make test for the top-most Makefile in the first test suite.
That's correct, I omitted the test from the top-most Makefile by mistake.
Hope that helps.
Jan.
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ