Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080721154438.47a3514b@redhat.com>
Date: Mon, 21 Jul 2008 15:44:38 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Cc: rdancer@...ncer.org, "Jonathan Smith" <smithj@...ethemallocs.com>,
        coley@...us.mitre.org, "Bram Moolenaar" <Bram@...lenaar.net>,
        "Charles E
 Campbell, Jr" <drchip@...pbellfamily.biz>
Subject: Re: Re: More arbitrary code executions in Netrw
 version 125, Vim 7.2a.10

On Mon, 21 Jul 2008 12:57:48 +0100 "Jan Minář" <rdancer@...ncer.org>
wrote:

> Version 109 is probably too old.  There has been a lot of
> functionality added since, and I presume a lot of refactoring done
> too.  According to the [0]Netrw version history, marking files (used
> by netrw.v2 & netrw.v3) was introduced in version 111.

Agree.  netrw 109 bundled with vim 7.1 does not implement mz and mc
commands, so is not affected by .v2 and .v3.  This was already
mentioned in this thread.

> On the other hand, these vulnerabilities should not depend on the Vim
> version; the TIOCSTI method used in netrw.v4 ``test'' target may not
> be very portable outside Un*x though.

But 109 (and older) is affected by D command / .v4 issue, just the test
case does not work with 109 out of the box.  Test assumes that the
cursor in on the line right above the one showing crafted file name,
but that does not seem to be correct assumption for 109 (netrw version
differences or locale changes, I haven't really investigated).  See
suggestion in my other reply.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.