dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Caldera Security Update: vim - embedded modline exploits

Apr 13, 2001, 12:30 (0 Talkback[s])
Date:         Wed, 11 Apr 2001 13:33:28 -0600
From: Caldera Support Information <sup-info@OPUS.CALDERASYSTEMS.COM>
Subject:      Security Update: vim - embedded modline exploits CSSA-2001-014.0

Caldera Systems, Inc. Security Advisory

Subject:                vim - embedded modline exploits
Advisory number:        CSSA-2001-014.0
Issue date:             2001 April, 11

Cross reference:


  1. Problem Description

There exists a possibility for an attacker to embed special modelines into a text file which when opened with vim could compromise the account of the user.

Also editing files in world writeable directories like /tmp could lead to a local attacker gaining access to the editing users account due to possible symlink attacks on editor backup and swap files.

2. Vulnerable Versions

System Package


   OpenLinux 2.3                All packages previous to
                                vim-5.7-12

   OpenLinux eServer 2.3.1      All packages previous to
   and OpenLinux eBuilder       vim-5.7-12

   OpenLinux eDesktop 2.4       All packages previous to
                                vim-5.7-12

3. Solution

Workaround

none

The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

4.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

4.2 Verification

       6f57e2a30063af5973c98734bd56099e  RPMS/vim-5.7-12.i386.rpm
       e53bbd8b9cd8020015d08edcbe8c872a  RPMS/vim-X11-5.7-12.i386.rpm
       1914bb9b40d72a0bfdd1997890b7c05a  RPMS/vim-help-5.7-12.i386.rpm
       9edf7f1fc3f60ac1b4102083b6f6c2a2  SRPMS/vim-5.7-12.src.rpm

4.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fhv vim-*.i386.rpm

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

5.2 Verification

       c3f3502b0347c9e823daa1108ec832f3  RPMS/vim-5.7-12.i386.rpm
       2efd3e378dc7fe0a2d0095cc2e14cb9e  RPMS/vim-X11-5.7-12.i386.rpm
       e318e2517708a060130bacd3477cf424  RPMS/vim-help-5.7-12.i386.rpm
       9edf7f1fc3f60ac1b4102083b6f6c2a2  SRPMS/vim-5.7-12.src.rpm

5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh vim-*i386.rpm

6. OpenLinux eDesktop 2.4

6.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

6.2 Verification

       74813272a373c5f28d2a29380e173e40  RPMS/vim-5.7-12.i386.rpm
       26b8f47c0786c7c6b6fd95bab5499689  RPMS/vim-X11-5.7-12.i386.rpm
       eb52a3275bb642eccb36b443c8fb82c2  RPMS/vim-help-5.7-12.i386.rpm
       9edf7f1fc3f60ac1b4102083b6f6c2a2  SRPMS/vim-5.7-12.src.rpm

6.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh vim-*i386.rpm

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix closes Caldera's internal Problem Reports 9682, 9609.

8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux.

9. Acknowledgements:

Caldera International wishes to thank the VIM team for being very responsive and providing a timely fix to the problem.