[USN-154-1] vim vulnerability

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 07/26/05

  • Next message: nick: "Re: ClamAV Multiple Rem0te Buffer Overflows"
    Date: Tue, 26 Jul 2005 15:42:54 +0200
    To: ubuntu-security-announce@lists.ubuntu.com
    
    
    

    ===========================================================
    Ubuntu Security Notice USN-154-1 July 26, 2005
    vim vulnerability
    http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 4.10 (Warty Warthog)
    Ubuntu 5.04 (Hoary Hedgehog)

    The following packages are affected:

    kvim
    kvim-perl
    kvim-python
    kvim-tcl
    vim
    vim-gnome
    vim-gtk
    vim-lesstif
    vim-perl
    vim-python
    vim-tcl

    The problem can be corrected by upgrading the affected package to
    version 1:6.3-025+1ubuntu2.3 (for Ubuntu 4.10), or
    1:6.3-046+1ubuntu7.1 (for Ubuntu 5.04). In general, a standard system
    upgrade is sufficient to effect the necessary changes.

    Details follow:

    Georgi Guninski discovered that it was possible to construct Vim
    modelines that execute arbitrary shell commands by wrapping them in
    glob() or expand() function calls. If an attacker tricked an user to
    open a file with a specially crafted modeline, he could exploit this
    to execute arbitrary commands with the user's privileges.

    Updated packages for Ubuntu 4.10 (Warty Warthog):

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3.diff.gz
          Size/MD5: 425402 46df91478804bd8012a9668c586cbcb9
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3.dsc
          Size/MD5: 1122 a704610235ce19ca0543972f3bf3d7b0
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3.orig.tar.gz
          Size/MD5: 5624622 de1c964ceedbc13538da87d2d73fd117

      Architecture independent packages:

        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.3-025+1ubuntu2.3_all.deb
          Size/MD5: 3421110 e3b442a4a638156fbc42cfc12a5af52d
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_6.3-025+1ubuntu2.3_all.deb
          Size/MD5: 1646908 0f4b3523857e3c6fa89d0ca1637114c9

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.3_amd64.deb
          Size/MD5: 2586 e8509546623b703acdb8638f9f26c3e5
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.3_amd64.deb
          Size/MD5: 805746 016a733b0545c73a3a78f28d2680f935
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.3_amd64.deb
          Size/MD5: 802474 8bb3bb58053c7c2170ec3a1dd587e505
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.3_amd64.deb
          Size/MD5: 784112 8c8566c6beb776582eec475a68826823
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.3_amd64.deb
          Size/MD5: 809150 3e660c1659fb8b5ceef3b63fdec54efb
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.3_amd64.deb
          Size/MD5: 802482 95b7643d58d92f1b75470829ebf15637
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.3_amd64.deb
          Size/MD5: 801214 4f00d2f0f446f2ffa1a6d5bb88b79126
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3_amd64.deb
          Size/MD5: 765242 92db4aa0afedf6560e6d814106fc39bd

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.3_i386.deb
          Size/MD5: 2582 569dff747e323ffbecc51dfc46231eae
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.3_i386.deb
          Size/MD5: 702714 b6ccf017bc4ede502cc3f7de2633d8d8
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.3_i386.deb
          Size/MD5: 700032 9192290f1ee400f32792c018fc400794
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.3_i386.deb
          Size/MD5: 682460 28ee7bfe4bb7f5db3fc62a913b789e2b
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.3_i386.deb
          Size/MD5: 707766 c803b8d61f37c1c11b9a6604d6dd7cb3
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.3_i386.deb
          Size/MD5: 700046 44a50e1630e7fc2f3324c5e9e17967d8
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.3_i386.deb
          Size/MD5: 699644 0fc4d26312a3efe74c68c179617acaeb
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3_i386.deb
          Size/MD5: 680364 6522a45f622db9606a49f2e279aedd85

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.3_powerpc.deb
          Size/MD5: 2586 51bb0268530d68f4d6accd8ac91c6034
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.3_powerpc.deb
          Size/MD5: 788070 be7fd4db97ecae833b657212b9fc1192
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.3_powerpc.deb
          Size/MD5: 785426 b49f7f79b503b4eb88958a660e2be6de
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.3_powerpc.deb
          Size/MD5: 769950 b711cc88b16ad3a1667e875aeb405a1d
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.3_powerpc.deb
          Size/MD5: 792554 92782eccb7325d9392b7cae97b8701a7
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.3_powerpc.deb
          Size/MD5: 785436 5ffa9b0c49799fa084b0739ea1166a44
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.3_powerpc.deb
          Size/MD5: 784680 6a5668dac91865f401fca0500c880696
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3_powerpc.deb
          Size/MD5: 754792 c9883d66dca90ccdae1502f949001021

    Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1.diff.gz
          Size/MD5: 450699 eeae6f784198638fe22e0fb9b4059526
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1.dsc
          Size/MD5: 1158 e299658c7896e93efc973d7734285c45
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3.orig.tar.gz
          Size/MD5: 5624622 de1c964ceedbc13538da87d2d73fd117

      Architecture independent packages:

        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.3-046+1ubuntu7.1_all.deb
          Size/MD5: 3422002 cfc4e75008273ad7fecef65edb01b68b
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_6.3-046+1ubuntu7.1_all.deb
          Size/MD5: 1599848 5c1bc833e4476508a2e8883720406b7f

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-perl_6.3-046+1ubuntu7.1_amd64.deb
          Size/MD5: 929292 67231fe6f041e650a7a16818035232ad
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-python_6.3-046+1ubuntu7.1_amd64.deb
          Size/MD5: 922458 4acb994818d57741bedeafaa59162f20
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-tcl_6.3-046+1ubuntu7.1_amd64.deb
          Size/MD5: 880502 a78fe2f10d94c2b6b60f356ff4c901d5
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/kvim_6.3-046+1ubuntu7.1_amd64.deb
          Size/MD5: 922556 24391c4a94fdb951e9e461cdfee9fc87
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-046+1ubuntu7.1_amd64.deb
          Size/MD5: 805754 2972c0afcd3bfacd02e86bc9ff317bde
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-046+1ubuntu7.1_amd64.deb
          Size/MD5: 803084 014e6c6bcb0a6a0abbe09de6f8ba5505
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-046+1ubuntu7.1_amd64.deb
          Size/MD5: 783614 69ca26b900196fc09fdadc8dfdd90632
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-046+1ubuntu7.1_amd64.deb
          Size/MD5: 809558 f6c371ca6625e3ce1bf2e8d8469810da
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-046+1ubuntu7.1_amd64.deb
          Size/MD5: 803100 85df978e39de3674eb18d37aa3e4611f
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-046+1ubuntu7.1_amd64.deb
          Size/MD5: 763210 a26548a49bb3d56eb4998a7c8f9a9f52
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1_amd64.deb
          Size/MD5: 768434 2586fb240bb4d64b26639ee4b7cbb902

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-perl_6.3-046+1ubuntu7.1_i386.deb
          Size/MD5: 830852 17c7d608b5bd48562518a55752d83981
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-python_6.3-046+1ubuntu7.1_i386.deb
          Size/MD5: 824368 75cf8bc7d3c14b75f4eb4f6e96eed13c
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-tcl_6.3-046+1ubuntu7.1_i386.deb
          Size/MD5: 781820 7472daf1c24079b55bafd09c71ee6021
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/kvim_6.3-046+1ubuntu7.1_i386.deb
          Size/MD5: 824478 7339ff8e39518ba52f96a2eb3a59a943
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-046+1ubuntu7.1_i386.deb
          Size/MD5: 701422 e09e1d3ec4b3cc62db58235ac3f3d3ac
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-046+1ubuntu7.1_i386.deb
          Size/MD5: 699414 443baeff48ccaea338d36cd1a2fc886c
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-046+1ubuntu7.1_i386.deb
          Size/MD5: 681288 99075faa2aaa28e9b3ed5ba054fd9e77
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-046+1ubuntu7.1_i386.deb
          Size/MD5: 706964 557b4e74547160070dc7d52e8ba01d35
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-046+1ubuntu7.1_i386.deb
          Size/MD5: 699422 078226d68630da3730cfceff27420f38
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-046+1ubuntu7.1_i386.deb
          Size/MD5: 660104 ab1bd893eb7eb1d027da38112af1a196
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1_i386.deb
          Size/MD5: 688162 b040b9a0527aee33789113186ac7a84f

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-perl_6.3-046+1ubuntu7.1_powerpc.deb
          Size/MD5: 914962 f1e687aa0600d392f3b2eb1b1da676d1
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-python_6.3-046+1ubuntu7.1_powerpc.deb
          Size/MD5: 907440 64b803346a6a52315e3eaba6b5c123bd
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-tcl_6.3-046+1ubuntu7.1_powerpc.deb
          Size/MD5: 864418 b1ce07cbfe3e161523f148a0dc612b9f
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/kvim_6.3-046+1ubuntu7.1_powerpc.deb
          Size/MD5: 907536 0a7cbc632a48118980ce2c0c03723315
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-046+1ubuntu7.1_powerpc.deb
          Size/MD5: 788114 d78cd2bdd4addd55780f7765734b6a01
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-046+1ubuntu7.1_powerpc.deb
          Size/MD5: 786034 221063d416add0709f6bb6ccbc160246
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-046+1ubuntu7.1_powerpc.deb
          Size/MD5: 769730 1944e9137f227f487c64486b48ff8412
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-046+1ubuntu7.1_powerpc.deb
          Size/MD5: 793164 33b54d6a7f45122eeec12c300adbd836
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-046+1ubuntu7.1_powerpc.deb
          Size/MD5: 786050 57d16f0c8b161927bbca8febeb05be36
        http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-046+1ubuntu7.1_powerpc.deb
          Size/MD5: 745090 f9288ea7b5c161c42b2d8f73600b9a5b
        http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1_powerpc.deb
          Size/MD5: 757766 fdf7d4727c036b69c3100203df9ba8a7

    
    



  • Next message: nick: "Re: ClamAV Multiple Rem0te Buffer Overflows"

    Relevant Pages