Date: Tuesday, April 10th, 2001 15.23 MEST
Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1
Vulnerability Type: local privilege escalation
Severity (1-10): 5
SuSE default package: yes
Other affected systems: all system using vim/gvim
Content of this advisory:
1) security vulnerability resolved: vim/gvim
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
problem description, brief discussion, solution, upgrade information
The text editor vim, Vi IMproved, was found vulnerable to two security bugs. 1.) a tmp race condition 2.) vim commands in regular files will be executed if the status line of vim is enabled in vimrc. Both vulnerabilities could be used to gain unauthorized access to more privileges.
Download the update package from locations desribed below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command
`rpm --checksig --nogpg file.rpm', independently from the md5 signatures below.
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
We are in the process of preparing update packages for the man package which has been found vulnerable to a commandline format string bug. The man command is installed suid man on SuSE systems. When exploited, the bug can be used to install a different man binary to introduce a trojan into the system. As an interim workaround, we recommend to `chmod -s /usr/bin/man´ and ignore the warnings and errors when viewing manpages.
A bufferoverflow in sudo was discovered and fixed RPMs will be available as soon as possible. A exploit was not made public until now.
NEdit a GUI-style text editor needs an update due to a tmp race condition. The source code is currently being reviewed and new RPMs will be available within the next days.
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may subscribe:
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory.