[VIM] vim editor duplicates / clarifications
Steven M. Christey
coley at mitre.org
Thu Aug 23 18:52:08 UTC 2007
After some extensive discussion on vendor-sec with final consultation
with the original developer, it's been determined that 3 distinct
reports are only for 2 unique issues (CVE-wise, anyway).
In short, the vague announcement of Vim 7.1 that referred to "a
security issue" (assigned CVE-2007-2653, aka "OMG VIM VULN" in a
Jericho post to this list in May) turned out to be the official
announcement of the fix for the feedkeys()/modelines issue
During the email cexhanges, the developer confirmed that the format
string issue (CVE-2007-2953) is addressed by Patch 7.1.039 and
confirmed that this only has "user-assisted" attack scenarios.
We're keeping CVE-2007-2438 and rejecting CVE-2007-2653 due to active
usage of CVE-2007-2438.
Reference: MLIST:[vim-dev] 20070426 feedkeys() allowed in sandbox
Reference: MLIST:[vim-dev] 20070428 Re: feedkeys() allowed in sandbox
Reference: MLIST:[vimannounce] 20070512 Stable Vim version 7.1 has been released
Reference: BUGTRAQ:20070430 FLEA-2007-0014-1: vim
Reference: VIM:20070513 OMG VIM VULN
The sandbox for vim allows dangerous functions such as (1) writefile,
(2) feedkeys, and (3) system, which might allow user-assisted
attackers to execute shell commands and write files via modelines.
ACKNOWLEDGEMENT: In a news item announcing VIM 7.1 on 20070512: "Vim
7.1 ... [2007-05-12] ... a few crashing bugs and a security issue were
fixed. For the details see the announcement. Or jump directly to the
download page. (Bram Moolenaar)." Later feedback from the upstream
developer (and vendor-sec) proved that this vague announcement was
related to this particular issue.
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2438. Reason:
This candidate is a duplicate of CVE-2007-2438. Notes: All CVE users
should reference CVE-2007-2438 instead of this candidate. All
references and descriptions in this candidate have been removed to
prevent accidental usage.
Acknowledged: yes changelog
Reference: BUGTRAQ:20070730 FLEA-2007-0036-1 vim vim-minimal gvim
Format string vulnerability in the helptags_one function in
src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows
user-assisted remote attackers to execute arbitrary code via format
string specifiers in a help-tags tag in a help file, related to the
ACKNOWLEDGEMENT: Patch 7.1.039 states: "A tag in a help file that
starts with 'help-tags' and contains a percent sign may make Vim
More information about the VIM