[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10
From: "=?UTF-8?Q?Jan_Min=C3=A1=C5=99?=" <rdancer () rdancer ! org>
Date: 2008-07-21 14:05:28
Message-ID: 6edf76c20807210705n52240a6fy56f847341c5c5683 () mail ! gmail ! com
[Download RAW message or body]
On Mon, Jul 21, 2008 at 2:44 PM, Tomas Hoger <thoger@redhat.com> wrote:
> On Mon, 21 Jul 2008 12:57:48 +0100 "Jan Minář" <rdancer@rdancer.org>
> wrote:
>
>> Version 109 is probably too old. There has been a lot of
>> functionality added since, and I presume a lot of refactoring done
>> too. According to the [0]Netrw version history, marking files (used
>> by netrw.v2 & netrw.v3) was introduced in version 111.
>
> Agree. netrw 109 bundled with vim 7.1 does not implement mz and mc
> commands, so is not affected by .v2 and .v3. This was already
> mentioned in this thread.
>
>> On the other hand, these vulnerabilities should not depend on the Vim
>> version; the TIOCSTI method used in netrw.v4 ``test'' target may not
>> be very portable outside Un*x though.
>
> But 109 (and older) is affected by D command / .v4 issue, just the test
> case does not work with 109 out of the box. Test assumes that the
> cursor in on the line right above the one showing crafted file name,
> but that does not seem to be correct assumption for 109 (netrw version
> differences or locale changes, I haven't really investigated). See
> suggestion in my other reply.
I have updated the test suite, it tests v110 correctly as VULNERABLE now:
http://www.rdancer.org/vulnerablevim-latest.tar.bz2
Thanks.
Jan.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic