[VIM] Lutelwall vendor ack/fix
Steven M. Christey
coley at linus.mitre.org
Fri Jun 10 14:23:18 EDT 2005
On Fri, 10 Jun 2005, security curmudgeon wrote:
> Changes: Insecure temp file creation during update was fixed. Passive FTP
> connections were corrected.
As strong as the evidence is here - time of release relative to initial
disclosure, type of vuln fixed - I've learned that sometimes the vendor is
STILL fixing some other issue.
I tried to get version 0.97 to compare with 0.98, but it's no longer
available.
However, comparing the current "lutelwall" script with the copy shown in
the original Full-DIsclosure post, the author changed the code from this:
echo -n " Changes since previous version:"
echo `wget -C off -O $tmp-newfeat -q -t 1 -T 3 -w 3
http://firewall.lutel.pl/FEATURES-${new_ver}`
cat $tmp-newfeat
to this:
echo -n " Changes since previous version:"
rm -rf $tmp-newfeat
if [ ! -e $tmp-newfeat ]; then
echo `wget -C off -O $tmp-newfeat -q -t 1 -T 3 -w 3
http://firewall.lutel.pl/FEATURES-${new_ver}`
cat $tmp-newfeat
Well, at least the exploit window is much narrower now...
- Steve
More information about the VIM
mailing list