From owner-freebsd-security@FreeBSD.ORG Mon Nov 24 15:59:30 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9A5F91065675; Mon, 24 Nov 2008 15:59:30 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 549008FC14; Mon, 24 Nov 2008 15:59:30 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:To:Subject:From:Reply-To:Cc:X-send-pr-version:X-GNATS-Notify:Message-Id:Date; b=kY3eZY9U2pUlTYJhwMcx2vhCQJCurRbDdswdYeA5pPEqZGcqaOmqvpKwMJ6eNbjHF/7w1LFfs2Q4DRz4D7NLKw3Mre2BfLQlJ1Zw5WQ7QQPybkMv2n8PFDlFpfQbh63SmGCOjb8wTtvdq4umARnF8zg9vAFVlp1sZiuBAcFMjO8=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256) id 1L4dqT-000OZX-7p; Mon, 24 Nov 2008 18:59:29 +0300 To: FreeBSD-gnats-submit@freebsd.org From: Eygene Ryabinkin X-send-pr-version: 3.113 X-GNATS-Notify: obrien@FreeBSD.org Message-Id: <20081124155929.073851AF41F@void.codelabs.ru> Date: Mon, 24 Nov 2008 18:59:28 +0300 (MSK) Cc: freebsd-security@freebsd.org Subject: [vuxml] editors/vim: document netrw issues X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eygene Ryabinkin List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Nov 2008 15:59:30 -0000 >Submitter-Id: current-users >Originator: Eygene Ryabinkin >Organization: Code Labs >Confidential: no >Synopsis: [vuxml] editors/vim: document netrw issues >Severity: serious >Priority: medium >Category: ports >Class: sw-bug >Release: FreeBSD 7.1-PRERELEASE i386 >Environment: System: FreeBSD 7.1-PRERELEASE i386 >Description: A bunch of vulnerabilities were discovered in Vim: http://www.rdancer.org/vulnerablevim-netrw.html http://www.rdancer.org/vulnerablevim-netrw.v2.html http://www.rdancer.org/vulnerablevim-netrw.v5.html http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html Some of them affect Vim >=7.0 and < 7.2. >How-To-Repeat: Look at the above URLs and read Jan Lieskovsky summary: http://www.openwall.com/lists/oss-security/2008/10/16/2 >Fix: The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- vim -- multiple vulnerabilities in the netrw module vim vim-lite vim-gtk2 vim-gnome 7.07.2

Jan Minar reports:

Applying the ``D'' to a file with a crafted file name, or inside a directory with a crafted directory name, can lead to arbitrary code execution.

Lack of sanitization throughout Netrw can lead to arbitrary code execution upon opening a directory with a crafted name.

The Vim Netrw Plugin shares the FTP user name and password across all FTP sessions. Every time Vim makes a new FTP connection, it sends the user name and password of the previous FTP session to the FTP server.

 http://www.rdancer.org/vulnerablevim-netrw.html http://www.rdancer.org/vulnerablevim-netrw.v2.html http://www.rdancer.org/vulnerablevim-netrw.v5.html http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html http://www.openwall.com/lists/oss-security/2008/10/16/2 CVE-2008-3076 2008-10-16 today --- vuln.xml ends here ---