Gentoo: 200302-14 Urgent: Gnome Terminal Command Execution Issue
gentoo
January 22, 2003
Opening a specially crafted text file with vim can execute arbitrary shell commands and pass parameters to them.
Summary
- - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-13 - - -------------------------------------------------------------------- DATE : 2003-01-22 11:48 UTC
- - --------------------------------------------------------------------
- From advisory:
"Opening a specially crafted text file with vim can execute arbitrary shell commands and pass parameters to them."
Read the full advisory at /vim1.html
SOLUTION
It is recommended that all Gentoo Linux users who are running affected versions of app-editors/{vim,vim-core,gvim} upgrade as follows:
emerge sync
If you are running app-editos/vim-core upgrade to vim-core-6.1-r4 :
emerge -u vim-core
If you are running app-editos/vim upgrade to vim-6.1-r19 :
emerge -u vim
If you are running app-editos/gvim upgrade to gvim-6.1-r6 :
emerge -u gvim
emerge clean
...Read the Full Advisory
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : vim vim-core gvim
SUMMARY : arbitrary code execution
EXPLOIT : remote
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!