[VIM] CVE-2007-3375 is dupe CVE-2004-0234
Mark J Cox
mjc at redhat.com
Thu Aug 23 21:54:50 UTC 2007
Mailed this to Steven, but he suggested sharing for public reference:
I was looking last month at CVE-2007-3375 describing an issue in lhaca.
The web page describing the flaw had code disassembly which looked
familiar to to the code in header.c as distributed in older Red Hat lha
packages. Some more investigation showed that this was in fact the issue
from 2004: http://marc.info/?l=bugtraq&m=108422737918885&w=2 CVE-2004-0234
So LHACA appeared to be vulnerable to CVE-2004-0234 due to it being a
shared codebase.
Thanks, Mark
--
Mark J Cox / Red Hat Security Response Team
More information about the VIM
mailing list