[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] SCOSA-2006.13 OpenServer 6.0.0 : Vim ModeLines Further Variant Arbitrary Command Execution Vulnerability
- To: security-announce@xxxxxxxxxxxx
- Subject: [Full-disclosure] SCOSA-2006.13 OpenServer 6.0.0 : Vim ModeLines Further Variant Arbitrary Command Execution Vulnerability
- From: SCO Security Advisories <security@xxxxxxx>
- Date: Thu, 16 Mar 2006 12:56:32 -0800
--
Dr. Ronald Joe Record
Chief Security Officer
SCO
rr@xxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenServer 6.0.0 : Vim ModeLines Further Variant
Arbitrary Command Execution Vulnerability
Advisory number: SCOSA-2006.13
Issue date: 2006 March 16
Cross reference: fz533037
CVE-2005-2368
______________________________________________________________________________
1. Problem Description
Vim is susceptible to an arbitrary command execution
vulnerability with ModeLines. This issue is due to insufficient
sanitization of user-supplied input.
By modifying a text file to include ModeLines containing the
'glob()', or 'expand()' functions with shell metacharacters,
attackers may cause arbitrary commands to be executed.
This vulnerability allows an attacker to execute arbitrary
commands with the privileges of the vim user. This gives
an attacker the ability to gain remote access to computers
running the vulnerable software.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-2368 to
this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 6.0.0 vim package
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 6.0.0
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso
4.2 Verification
MD5 (osr600mp2.iso) = 7e560dcde374eb60df2b4a599ac20d8a
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
See the SCO OpenServer Release 6.0.0 Maintenance Pack 2 Release
and Installation Notes:
ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.html
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2368
http://www.securityfocus.com/bid/14374
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz533037.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
7. Acknowledgments
Discovery of this issue is credited to Georgi Guninski.
http://www.guninski.com/
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)
iD8DBQFEGbnoaqoBO7ipriERAs1SAJ9Xqgfah0YmwSGNsOF8noRa9DOIRACfWU4d
mu7UzRh6yVSqBY1qDXfge9Y=
=jHsA
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/