-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: vim - embedded modline exploits Advisory number: CSSA-2001-014.0 Issue date: 2001 April, 11 Cross reference: ______________________________________________________________________________ 1. Problem Description There exists a possibility for an attacker to embed special modelines into a text file which when opened with vim could compromise the account of the user. Also editing files in world writeable directories like /tmp could lead to a local attacker gaining access to the editing users account due to possible symlink attacks on editor backup and swap files. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 All packages previous to vim-5.7-12 OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder vim-5.7-12 OpenLinux eDesktop 2.4 All packages previous to vim-5.7-12 3. Solution Workaround none The proper solution is to upgrade to the latest packages. 4. OpenLinux 2.3 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS 4.2 Verification 6f57e2a30063af5973c98734bd56099e RPMS/vim-5.7-12.i386.rpm e53bbd8b9cd8020015d08edcbe8c872a RPMS/vim-X11-5.7-12.i386.rpm 1914bb9b40d72a0bfdd1997890b7c05a RPMS/vim-help-5.7-12.i386.rpm 9edf7f1fc3f60ac1b4102083b6f6c2a2 SRPMS/vim-5.7-12.src.rpm 4.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv vim-*.i386.rpm 5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification c3f3502b0347c9e823daa1108ec832f3 RPMS/vim-5.7-12.i386.rpm 2efd3e378dc7fe0a2d0095cc2e14cb9e RPMS/vim-X11-5.7-12.i386.rpm e318e2517708a060130bacd3477cf424 RPMS/vim-help-5.7-12.i386.rpm 9edf7f1fc3f60ac1b4102083b6f6c2a2 SRPMS/vim-5.7-12.src.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh vim-*i386.rpm 6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification 74813272a373c5f28d2a29380e173e40 RPMS/vim-5.7-12.i386.rpm 26b8f47c0786c7c6b6fd95bab5499689 RPMS/vim-X11-5.7-12.i386.rpm eb52a3275bb642eccb36b443c8fb82c2 RPMS/vim-help-5.7-12.i386.rpm 9edf7f1fc3f60ac1b4102083b6f6c2a2 SRPMS/vim-5.7-12.src.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh vim-*i386.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix closes Caldera's internal Problem Reports 9682, 9609. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. 9. Acknowledgements: Caldera International wishes to thank the VIM team for being very responsive and providing a timely fix to the problem. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE61C4Z18sy83A/qfwRAomDAJ93pA+pKEesgGbls+0tTQ43XpfXwwCfV3kl tDH63+CmEdhYmcGeinsQqbg= =N5xH -----END PGP SIGNATURE-----