Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6edf76c20807210705n52240a6fy56f847341c5c5683@mail.gmail.com>
Date: Mon, 21 Jul 2008 15:05:28 +0100
From: "Jan Minář" <rdancer@...ncer.org>
To: "Tomas Hoger" <thoger@...hat.com>
Cc: oss-security@...ts.openwall.com, 
	"Jonathan Smith" <smithj@...ethemallocs.com>, coley@...us.mitre.org, 
	"Bram Moolenaar" <Bram@...lenaar.net>, 
	"Charles E Campbell, Jr" <drchip@...pbellfamily.biz>
Subject: Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10

On Mon, Jul 21, 2008 at 2:44 PM, Tomas Hoger <thoger@...hat.com> wrote:
> On Mon, 21 Jul 2008 12:57:48 +0100 "Jan Minář" <rdancer@...ncer.org>
> wrote:
>
>> Version 109 is probably too old.  There has been a lot of
>> functionality added since, and I presume a lot of refactoring done
>> too.  According to the [0]Netrw version history, marking files (used
>> by netrw.v2 & netrw.v3) was introduced in version 111.
>
> Agree.  netrw 109 bundled with vim 7.1 does not implement mz and mc
> commands, so is not affected by .v2 and .v3.  This was already
> mentioned in this thread.
>
>> On the other hand, these vulnerabilities should not depend on the Vim
>> version; the TIOCSTI method used in netrw.v4 ``test'' target may not
>> be very portable outside Un*x though.
>
> But 109 (and older) is affected by D command / .v4 issue, just the test
> case does not work with 109 out of the box.  Test assumes that the
> cursor in on the line right above the one showing crafted file name,
> but that does not seem to be correct assumption for 109 (netrw version
> differences or locale changes, I haven't really investigated).  See
> suggestion in my other reply.

I have updated the test suite, it tests v110 correctly as VULNERABLE now:

http://www.rdancer.org/vulnerablevim-latest.tar.bz2

Thanks.

Jan.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.