|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA11248] OpenLinux update for vim
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Mar 31 2004 - 02:24:57 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
OpenLinux update for vim
SECUNIA ADVISORY ID:
SA11248
VERIFY ADVISORY:
http://secunia.com/advisories/11248/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From remote
OPERATING SYSTEM:
OpenLinux Server 3.x
OpenLinux Workstation 3.x
DESCRIPTION:
SCO has issued updated packages for vim. These fix an older
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
It is possible to create malicious text files that can execute
arbitrary commands when loaded into vim. The problem is that vim
parses the text file and looks for comments, which can be exploited
to call external commands.
SOLUTION:
Updated packages:
OpenLinux 3.1.1 Server
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-015.0/RPMS
2eaf8ff7d07ae09123dff2c16e68df5f vim-6.2-1.i386.rpm
b9872220a38cad8103089dfe600a188d vim-X11-6.2-1.i386.rpm
ec819c86427a02d6c8971ca6567efedd vim-help-6.2-1.i386.rpm
7ff1f641f70fc8fb216e2d683b814400 vim-i18n-6.2-1.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-015.0/SRPMS
236756ca0c61400c475c8d84622ade61 vim-6.2-1.src.rpm
OpenLinux 3.1.1 Workstation
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-015.0/RPMS
2ebcc5f8e7b0d893b058fc241c7844b5 vim-6.2-1.i386.rpm
a75f8d7349cfa8e1cb6ba23a0267a7e1 vim-X11-6.2-1.i386.rpm
f618eaf8d81f2a8ac85ad9c517c28ae5 vim-help-6.2-1.i386.rpm
cc12e062b2f69bbf2a6c861e0da0749b vim-i18n-6.2-1.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-015.0/SRPMS
85709bfff745aeda4f4aa090cee834e7 vim-6.2-1.src.rpm
ORIGINAL ADVISORY:
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-015.0.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]