Advisories

Mandriva Advisories

Package name	vim
Date	February 3rd, 2003
Advisory ID	MDKSA-2003:012
Affected versions	7.2, 8.0, 8.1, 8.2, 9.0, MNF8.2
Synopsis	Updated vim packages fix arbitrary command execution vulnerability

Problem Description

A vulnerability was discovered in vim by Georgi Guninski that allows
arbitrary command execution using the libcall feature found in modelines.
A patch to fix this problem was introduced in vim 6.1 patchlevel 265.
This patch has been applied to the provided update packages.

Updated Packages

Mandrakelinux 7.2

 e62b907dd9bc290db9a5d5900feac367  7.2/RPMS/vim-X11-6.1-34.2mdk.i586.rpm
0b12782f73387ff9093e8ce185e97e82  7.2/RPMS/vim-common-6.1-34.2mdk.i586.rpm
f7561a4602c9acfd1b37076770fe7c46  7.2/RPMS/vim-enhanced-6.1-34.2mdk.i586.rpm
09f80b47a4212450a45fa1043d349c33  7.2/RPMS/vim-minimal-6.1-34.2mdk.i586.rpm
d0800362fc610cbb87beb9f3d9d1acf7  7.2/SRPMS/vim-6.1-34.2mdk.src.rpm

Mandrakelinux 8.0

 4d9f0bfee91838d6c53a9f309610ffad  8.0/RPMS/vim-X11-6.1-34.1mdk.i586.rpm
a210af2a18f4ba042376c922e6a536fc  8.0/RPMS/vim-common-6.1-34.1mdk.i586.rpm
a31f7d72537c6c3b62df50503641a2c3  8.0/RPMS/vim-enhanced-6.1-34.1mdk.i586.rpm
47270a4e22cbfe26f17c956543579af3  8.0/RPMS/vim-minimal-6.1-34.1mdk.i586.rpm
6b905a4b36354e315449ce7da6ce7622  8.0/SRPMS/vim-6.1-34.1mdk.src.rpm

Mandrakelinux 8.0/PPC

 ebeca31f7c4b907fd5fda1689c2384e8  ppc/8.0/RPMS/vim-X11-6.1-34.1mdk.ppc.rpm
34834a9c4e4c172f2c1499b7767ee103  ppc/8.0/RPMS/vim-common-6.1-34.1mdk.ppc.rpm
afe96fb6447a6ef42360a35c2a383de9  ppc/8.0/RPMS/vim-enhanced-6.1-34.1mdk.ppc.rpm
2b8fc174cdaf6563951405cce723531c  ppc/8.0/RPMS/vim-minimal-6.1-34.1mdk.ppc.rpm
6b905a4b36354e315449ce7da6ce7622  ppc/8.0/SRPMS/vim-6.1-34.1mdk.src.rpm

Mandrakelinux 8.1

 d42a33d13880ce5c1dd9c285691f41fa  8.1/RPMS/vim-X11-6.1-34.1mdk.i586.rpm
4ed951a7f9b053a7a9d24e7ea1be67c9  8.1/RPMS/vim-common-6.1-34.1mdk.i586.rpm
61a0f648cdc42753672d2702b226e5e0  8.1/RPMS/vim-enhanced-6.1-34.1mdk.i586.rpm
4d36b92829b9258d0591fcc8e7401f10  8.1/RPMS/vim-minimal-6.1-34.1mdk.i586.rpm
6b905a4b36354e315449ce7da6ce7622  8.1/SRPMS/vim-6.1-34.1mdk.src.rpm

Mandrakelinux 8.1/IA64

 4159e1bcf5f22cd150610e3f5d88a0d0  ia64/8.1/RPMS/vim-X11-6.1-34.1mdk.ia64.rpm
ed436066882de3fdce84851706a3ea65  ia64/8.1/RPMS/vim-common-6.1-34.1mdk.ia64.rpm
1d2c6e773b971c7fce8fe264f2493b3b  ia64/8.1/RPMS/vim-enhanced-6.1-34.1mdk.ia64.rpm
9c099217dba8ebffee5f7fe626db9026  ia64/8.1/RPMS/vim-minimal-6.1-34.1mdk.ia64.rpm
6b905a4b36354e315449ce7da6ce7622  ia64/8.1/SRPMS/vim-6.1-34.1mdk.src.rpm

Mandrakelinux 8.2

 a6d2071eb37105aec6242c1ceeca979b  8.2/RPMS/vim-X11-6.1-34.1mdk.i586.rpm
a111ab20a77dcb625c20d1874b0ce91d  8.2/RPMS/vim-common-6.1-34.1mdk.i586.rpm
77c31c1ebc1eb41c6f9f3b78c9f00b34  8.2/RPMS/vim-enhanced-6.1-34.1mdk.i586.rpm
61ca6d154283f12fbf2eb417103c03e7  8.2/RPMS/vim-minimal-6.1-34.1mdk.i586.rpm
6b905a4b36354e315449ce7da6ce7622  8.2/SRPMS/vim-6.1-34.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 993235cea1a3535697cd8a47d8064766  ppc/8.2/RPMS/vim-X11-6.1-34.3mdk.ppc.rpm
ff1ddc1f0df266eece315314ea3e1b0b  ppc/8.2/RPMS/vim-common-6.1-34.3mdk.ppc.rpm
3d71a31270ac817c84cb9db1df4ba53d  ppc/8.2/RPMS/vim-enhanced-6.1-34.3mdk.ppc.rpm
278380bf389d2c0a58771a61f82251ea  ppc/8.2/RPMS/vim-minimal-6.1-34.3mdk.ppc.rpm
eab938b78ab2aa578979c86e44aaf4a9  ppc/8.2/SRPMS/vim-6.1-34.3mdk.src.rpm

Mandrakelinux 9.0

 5e7eac6c390caf51751b7dea6ba6a1a5  9.0/RPMS/vim-X11-6.1-34.1mdk.i586.rpm
1526a529ac06942ff5b34935d71d48e9  9.0/RPMS/vim-common-6.1-34.1mdk.i586.rpm
bf9fda1e219dad2497efe0b8d42ef263  9.0/RPMS/vim-enhanced-6.1-34.1mdk.i586.rpm
fbb42d4346a7dbbda450896c46b30e2b  9.0/RPMS/vim-minimal-6.1-34.1mdk.i586.rpm
6b905a4b36354e315449ce7da6ce7622  9.0/SRPMS/vim-6.1-34.1mdk.src.rpm

Multi Network Firewall 8.2

 a111ab20a77dcb625c20d1874b0ce91d  mnf8.2/RPMS/vim-common-6.1-34.1mdk.i586.rpm
77c31c1ebc1eb41c6f9f3b78c9f00b34  mnf8.2/RPMS/vim-enhanced-6.1-34.1mdk.i586.rpm
61ca6d154283f12fbf2eb417103c03e7  mnf8.2/RPMS/vim-minimal-6.1-34.1mdk.i586.rpm
6b905a4b36354e315449ce7da6ce7622  mnf8.2/SRPMS/vim-6.1-34.1mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1377
http://www.guninski.com/vim1.html

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer