[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10
From:       "=?UTF-8?Q?Jan_Min=C3=A1=C5=99?=" <rdancer () rdancer ! org>
Date:       2008-07-21 14:05:28
Message-ID: 6edf76c20807210705n52240a6fy56f847341c5c5683 () mail ! gmail ! com
[Download RAW message or body]

On Mon, Jul 21, 2008 at 2:44 PM, Tomas Hoger <thoger@redhat.com> wrote:
> On Mon, 21 Jul 2008 12:57:48 +0100 "Jan Minář" <rdancer@rdancer.org>
> wrote:
>
>> Version 109 is probably too old.  There has been a lot of
>> functionality added since, and I presume a lot of refactoring done
>> too.  According to the [0]Netrw version history, marking files (used
>> by netrw.v2 & netrw.v3) was introduced in version 111.
>
> Agree.  netrw 109 bundled with vim 7.1 does not implement mz and mc
> commands, so is not affected by .v2 and .v3.  This was already
> mentioned in this thread.
>
>> On the other hand, these vulnerabilities should not depend on the Vim
>> version; the TIOCSTI method used in netrw.v4 ``test'' target may not
>> be very portable outside Un*x though.
>
> But 109 (and older) is affected by D command / .v4 issue, just the test
> case does not work with 109 out of the box.  Test assumes that the
> cursor in on the line right above the one showing crafted file name,
> but that does not seem to be correct assumption for 109 (netrw version
> differences or locale changes, I haven't really investigated).  See
> suggestion in my other reply.

I have updated the test suite, it tests v110 correctly as VULNERABLE now:

http://www.rdancer.org/vulnerablevim-latest.tar.bz2

Thanks.

Jan.

[prev in list] [next in list] [prev in thread] [next in thread]