The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of vim: three vulnerabilities of modelines

Synthesis of the vulnerability 

By creating a malicious file, an attacker can execute commands on computer of victims reading it.
Impacted software: Debian, Fedora, Mandriva Linux, openSUSE, RHEL, Unix (platform) ~ not comprehensive.
Severity of this computer vulnerability: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 02/05/2007.
Références of this announce: BID-23725, CERTA-2002-AVI-162, CERTA-2007-AVI-225, CVE-2007-2438, CVE-2007-2653-ERROR, DSA-1364-1, FEDORA-2007-492, MDKSA-2007:101, RHSA-2007:0346-01, SUSE-SR:2007:012, VIGILANCE-VUL-6778.

Description of the vulnerability 

The vim program is a text mode editor compatible with vi.

Each file can contain "modeline" lines to indicate a specific configuration to vim. For example, to change width of tabulations:
  /* vim: set ts=4: */
  # vim: set ts=4:

However, an attacker can create a file with a modeline executing malicious actions:
 - The feedkeys() function can execute a shell command. [severity:2/4]
 - The writefile() function creates or alters a file. [severity:2/4]
 - The system() function creates or alters a file. [severity:2/4]

These vulnerabilities therefore permit a remote attacker to execute commands or to create files with rights of victims opening a malicious file with vim.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness bulletin impacts software or systems such as Debian, Fedora, Mandriva Linux, openSUSE, RHEL, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer threat announce is medium.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 3 vulnerabilities.

An attacker with a expert ability can exploit this threat announce.

Solutions for this threat 

Vim: version 7.1.
Version 7.1 is corrected:
  http://www.vim.org/download.php
  http://www.vim.org/mirrors.php
  ftp://ftp.vim.org/pub/vim/

vim: workaround for modelines.
It is recommended to deactivate modelines in "/etc/vim/vimrc" or "~/.vimrc":
  set nomodeline

Debian: new vim packages.
New packages are available:
Debian GNU/Linux 3.1 alias sarge
    http://security.debian.org/pool/updates/main/v/vim/vim*_6.3-071+1sarge2_*.deb
Debian GNU/Linux 4.0 alias etch
    http://security.debian.org/pool/updates/main/v/vim/vim*_7.0-122+1etch3_*.deb

Fedora Core 6: new vim packages.
New packages are available:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
ee8f8842dbf32465e0c88826fc61c2fa592987f9 SRPMS/vim-7.0.235-1.fc6.src.rpm
ee8f8842dbf32465e0c88826fc61c2fa592987f9 noarch/vim-7.0.235-1.fc6.src.rpm
844c7446d9830cc7dcff17df894663806b03e8c2 ppc/vim-enhanced-7.0.235-1.fc6.ppc.rpm
11a0b358ba63eb79800ad2070721edfdcd840423 ppc/vim-X11-7.0.235-1.fc6.ppc.rpm
4a221fa84540f2e62e186343462b69e608fd1f35 ppc/vim-common-7.0.235-1.fc6.ppc.rpm
274b5bbaa99f646e81bb59ff15c985f3f40c79e1 ppc/vim-minimal-7.0.235-1.fc6.ppc.rpm
3d6b144ed7a827aab34d04098b5da13a75161a8a ppc/debug/vim-debuginfo-7.0.235-1.fc6.ppc.rpm
1e7dea697bccc50200b1acc73a8dcee7a807ced1 x86_64/debug/vim-debuginfo-7.0.235-1.fc6.x86_64.rpm
8067840792fffbeb2540b5ae26c63117faff31cb x86_64/vim-minimal-7.0.235-1.fc6.x86_64.rpm
ad364dc860caf70aa930eccba61e691ff186e8ed x86_64/vim-enhanced-7.0.235-1.fc6.x86_64.rpm
ff0e6fa4ce37439b3b20f6de53ade3199ece3f05 x86_64/vim-common-7.0.235-1.fc6.x86_64.rpm
014fe19cdf7cc2fda384e0132801945bc0ef7e2d x86_64/vim-X11-7.0.235-1.fc6.x86_64.rpm
e267c82124c78dad73b2b68d336300249a36084d i386/vim-minimal-7.0.235-1.fc6.i386.rpm
64cec05bfa9dcc0f3ce1f31e7cb997207f6a35be i386/vim-common-7.0.235-1.fc6.i386.rpm
ea9b3e07b6c8c907bb0a488f54f8329001468065 i386/vim-enhanced-7.0.235-1.fc6.i386.rpm
d9b2d1c644a4280197f93d3d430d6eb0b6552156 i386/vim-X11-7.0.235-1.fc6.i386.rpm
51c29643ffd7c1fd24b3425e14edc35f9b46a178 i386/debug/vim-debuginfo-7.0.235-1.fc6.i386.rpm

Mandriva: new vim packages.
New packages are available:
 
 Mandriva Linux 2007.0:
 193c5e6f9c4b7fbd883e756fd68e9d9c 2007.0/i586/vim-X11-7.0-16.1mdv2007.0.i586.rpm
 22c359a9bb903b4971c26ef8d820dd8b 2007.0/i586/vim-common-7.0-16.1mdv2007.0.i586.rpm
 78b297d07af026ba2ca661af576753dd 2007.0/i586/vim-enhanced-7.0-16.1mdv2007.0.i586.rpm
 a308c0c95a8feeb08db2e3cd4655360c 2007.0/i586/vim-minimal-7.0-16.1mdv2007.0.i586.rpm
 f18e2a622218e087cdd0a91d9ae0d53e 2007.0/SRPMS/vim-7.0-16.1mdv2007.0.src.rpm
 Mandriva Linux 2007.0/X86_64:
 f059a28a227db17faffd2f363b42117a 2007.0/x86_64/vim-X11-7.0-16.1mdv2007.0.x86_64.rpm
 64d32a388460072e1508be8c945d8409 2007.0/x86_64/vim-common-7.0-16.1mdv2007.0.x86_64.rpm
 aa8ce225cc3811dcb76047b65e3dd1c4 2007.0/x86_64/vim-enhanced-7.0-16.1mdv2007.0.x86_64.rpm
 dedd42ccd0b0a1934991d911eab9cb0a 2007.0/x86_64/vim-minimal-7.0-16.1mdv2007.0.x86_64.rpm
 f18e2a622218e087cdd0a91d9ae0d53e 2007.0/SRPMS/vim-7.0-16.1mdv2007.0.src.rpm
 Mandriva Linux 2007.1:
 ee17731cce031b58b290cf9a61c982c0 2007.1/i586/vim-X11-7.0-16.1mdv2007.1.i586.rpm
 c3d2fd233ac1984af174fdad6c2b4be2 2007.1/i586/vim-common-7.0-16.1mdv2007.1.i586.rpm
 5bf3f905abee7a585d5b11fb2c98b2e8 2007.1/i586/vim-enhanced-7.0-16.1mdv2007.1.i586.rpm
 5138b4b2c511f7608f9db5503f14c6d1 2007.1/i586/vim-minimal-7.0-16.1mdv2007.1.i586.rpm
 0f068f60ab76873471ebe0992ccc5ccd 2007.1/SRPMS/vim-7.0-16.1mdv2007.1.src.rpm
 Mandriva Linux 2007.1/X86_64:
 890a4acc16d4b59e59b721f65686b4ef 2007.1/x86_64/vim-X11-7.0-16.1mdv2007.1.x86_64.rpm
 e6498971d58c5fc3fbe6aac03f0ae0fe 2007.1/x86_64/vim-common-7.0-16.1mdv2007.1.x86_64.rpm
 0b4f61e8c8848a10d67a822b04bea7bd 2007.1/x86_64/vim-enhanced-7.0-16.1mdv2007.1.x86_64.rpm
 0776ae51087370ec5ebce9c0996ed5e8 2007.1/x86_64/vim-minimal-7.0-16.1mdv2007.1.x86_64.rpm
 0f068f60ab76873471ebe0992ccc5ccd 2007.1/SRPMS/vim-7.0-16.1mdv2007.1.src.rpm

RHEL 5: new vim packages.
New packages are available:
Red Hat Enterprise Linux : vim-7.0.109-3.el5.3

SUSE: new net-snmp, vim, kdebase3, mod_perl packages.
New packages are available via YaST and FTP.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a network vulnerability alert. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.