[<prev] [next>] [<thread-prev] [month] [year] [list]
Date: Sat, 21 Feb 2009 17:18:33 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security <oss-security@...ts.openwall.com>
cc: coley <coley@...re.org>,
Jan MinĂ¡Å. <rdancer@...ncer.org>
Subject: Re: CVE request (vim)
On Mon, 20 Oct 2008, Jan Lieskovsky wrote:
> CVE-NONE-YET Vim netrw.vim plugin issues (netrw.v4, netrw.v5) (4)
> Affects: Vim 7.0, Vim 7.1
> Reference: http://www.rdancer.org/vulnerablevim-netrw.html (part 3 the 'D' command)
> http://www.rdancer.org/vulnerablevim-netrw.v2.html (part 3 the 'D' command)
> http://www.rdancer.org/vulnerablevim-netrw.v5.html
Use CVE-2008-6235, see below.
> CVE-NONE-YET Vim netrw.vim plugin issue (FTP user credentials disclosure) (5)
> Affects: Vim 7.1, Vim 7.2
> References: http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
Assigned CVE-2008-4677 previously.
With the exception of the "mx" question raised in a separate email, I
don't think there are any outstanding issues. I hope :-/
- Steve
======================================================
Name: CVE-2008-4677
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4677
Reference: MLIST:[oss-security] 20081006 CVE request - (vim : netrw plugin - ftp user credentials disclosure)
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/06/4
Reference: MLIST:[oss-security] 20081016 CVE request - Vim netrw.plugin
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/16/2
Reference: MLIST:[oss-security] 20081020 CVE request (vim)
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/20/2
Reference: MLIST:[vim_dev] 20080817 Re: Anyone fixing SA31464?
Reference: URL:http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6
Reference: MISC:http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=461750
Reference: SECUNIA:31464
Reference: URL:http://secunia.com/advisories/31464
autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions
before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores
credentials for an FTP session, and sends those credentials when
attempting to establish subsequent FTP sessions to servers on
different hosts, which allows remote FTP servers to obtain sensitive
information in opportunistic circumstances by logging usernames and
passwords. NOTE: the upstream vendor disputes a vector involving
different ports on the same host, stating "I'm assuming that they're
using the same id and password on that unchanged hostname,
deliberately."
======================================================
Name: CVE-2008-6235
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6235
Reference: MLIST:[oss-security] 20081016 CVE request - Vim netrw.plugin
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/16/2
Reference: MLIST:[oss-security] 20081020 CVE request (vim)
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/20/2
Reference: MISC:http://www.rdancer.org/vulnerablevim-netrw.html
Reference: MISC:http://www.rdancer.org/vulnerablevim-netrw.v2.html
Reference: MISC:http://www.rdancer.org/vulnerablevim-netrw.v5.html
The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted
attackers to execute arbitrary commands via shell metacharacters in a
filename used by the (1) "D" (delete) command or (2) b:netrw_curdir
variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux