[VIM] CVE-2007-3375 is dupe CVE-2004-0234

Mark J Cox mjc at redhat.com
Thu Aug 23 21:54:50 UTC 2007


Mailed this to Steven, but he suggested sharing for public reference:

I was looking last month at CVE-2007-3375 describing an issue in lhaca. 
The web page describing the flaw had code disassembly which looked 
familiar to to the code in header.c as distributed in older Red Hat lha 
packages.  Some more investigation showed that this was in fact the issue 
from 2004: http://marc.info/?l=bugtraq&m=108422737918885&w=2 CVE-2004-0234

So LHACA appeared to be vulnerable to CVE-2004-0234 due to it being a 
shared codebase.

Thanks, Mark
--
Mark J Cox / Red Hat Security Response Team


More information about the VIM mailing list