|
Message-ID: <20080721154438.47a3514b@redhat.com> Date: Mon, 21 Jul 2008 15:44:38 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: rdancer@...ncer.org, "Jonathan Smith" <smithj@...ethemallocs.com>, coley@...us.mitre.org, "Bram Moolenaar" <Bram@...lenaar.net>, "Charles E Campbell, Jr" <drchip@...pbellfamily.biz> Subject: Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 On Mon, 21 Jul 2008 12:57:48 +0100 "Jan Minář" <rdancer@...ncer.org> wrote: > Version 109 is probably too old. There has been a lot of > functionality added since, and I presume a lot of refactoring done > too. According to the [0]Netrw version history, marking files (used > by netrw.v2 & netrw.v3) was introduced in version 111. Agree. netrw 109 bundled with vim 7.1 does not implement mz and mc commands, so is not affected by .v2 and .v3. This was already mentioned in this thread. > On the other hand, these vulnerabilities should not depend on the Vim > version; the TIOCSTI method used in netrw.v4 ``test'' target may not > be very portable outside Un*x though. But 109 (and older) is affected by D command / .v4 issue, just the test case does not work with 109 out of the box. Test assumes that the cursor in on the line right above the one showing crafted file name, but that does not seem to be correct assumption for 109 (netrw version differences or locale changes, I haven't really investigated). See suggestion in my other reply. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.