USN-154-1: vim vulnerability
Posted on: 07/26/2005 11:19 AM

A vim security update has been released for Ubuntu Linux

==========================================================
Ubuntu Security Notice USN-154-1 July 26, 2005
vim vulnerability
http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

kvim
kvim-perl
kvim-python
kvim-tcl
vim
vim-gnome
vim-gtk
vim-lesstif
vim-perl
vim-python
vim-tcl

The problem can be corrected by upgrading the affected package to version 1:6.3-025+1ubuntu2.3 (for Ubuntu 4.10), or 1:6.3-046+1ubuntu7.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Georgi Guninski discovered that it was possible to construct Vim modelines that execute arbitrary shell commands by wrapping them in glob() or expand() function calls. If an attacker tricked an user to open a file with a specially crafted modeline, he could exploit this to execute arbitrary commands with the user's privileges.


Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3.diff.gz
Size/MD5: 425402 46df91478804bd8012a9668c586cbcb9
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3.dsc
Size/MD5: 1122 a704610235ce19ca0543972f3bf3d7b0
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3.orig.tar.gz
Size/MD5: 5624622 de1c964ceedbc13538da87d2d73fd117

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.3-025+1ubuntu2.3_all.deb
Size/MD5: 3421110 e3b442a4a638156fbc42cfc12a5af52d
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_6.3-025+1ubuntu2.3_all.deb
Size/MD5: 1646908 0f4b3523857e3c6fa89d0ca1637114c9

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.3_amd64.deb
Size/MD5: 2586 e8509546623b703acdb8638f9f26c3e5
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.3_amd64.deb
Size/MD5: 805746 016a733b0545c73a3a78f28d2680f935
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.3_amd64.deb
Size/MD5: 802474 8bb3bb58053c7c2170ec3a1dd587e505
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.3_amd64.deb
Size/MD5: 784112 8c8566c6beb776582eec475a68826823
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.3_amd64.deb
Size/MD5: 809150 3e660c1659fb8b5ceef3b63fdec54efb
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.3_amd64.deb
Size/MD5: 802482 95b7643d58d92f1b75470829ebf15637
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.3_amd64.deb
Size/MD5: 801214 4f00d2f0f446f2ffa1a6d5bb88b79126
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3_amd64.deb
Size/MD5: 765242 92db4aa0afedf6560e6d814106fc39bd

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.3_i386.deb
Size/MD5: 2582 569dff747e323ffbecc51dfc46231eae
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.3_i386.deb
Size/MD5: 702714 b6ccf017bc4ede502cc3f7de2633d8d8
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.3_i386.deb
Size/MD5: 700032 9192290f1ee400f32792c018fc400794
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.3_i386.deb
Size/MD5: 682460 28ee7bfe4bb7f5db3fc62a913b789e2b
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.3_i386.deb
Size/MD5: 707766 c803b8d61f37c1c11b9a6604d6dd7cb3
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.3_i386.deb
Size/MD5: 700046 44a50e1630e7fc2f3324c5e9e17967d8
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.3_i386.deb
Size/MD5: 699644 0fc4d26312a3efe74c68c179617acaeb
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3_i386.deb
Size/MD5: 680364 6522a45f622db9606a49f2e279aedd85

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.3_powerpc.deb
Size/MD5: 2586 51bb0268530d68f4d6accd8ac91c6034
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.3_powerpc.deb
Size/MD5: 788070 be7fd4db97ecae833b657212b9fc1192
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.3_powerpc.deb
Size/MD5: 785426 b49f7f79b503b4eb88958a660e2be6de
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.3_powerpc.deb
Size/MD5: 769950 b711cc88b16ad3a1667e875aeb405a1d
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.3_powerpc.deb
Size/MD5: 792554 92782eccb7325d9392b7cae97b8701a7
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.3_powerpc.deb
Size/MD5: 785436 5ffa9b0c49799fa084b0739ea1166a44
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.3_powerpc.deb
Size/MD5: 784680 6a5668dac91865f401fca0500c880696
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.3_powerpc.deb
Size/MD5: 754792 c9883d66dca90ccdae1502f949001021

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1.diff.gz
Size/MD5: 450699 eeae6f784198638fe22e0fb9b4059526
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1.dsc
Size/MD5: 1158 e299658c7896e93efc973d7734285c45
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3.orig.tar.gz
Size/MD5: 5624622 de1c964ceedbc13538da87d2d73fd117

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.3-046+1ubuntu7.1_all.deb
Size/MD5: 3422002 cfc4e75008273ad7fecef65edb01b68b
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_6.3-046+1ubuntu7.1_all.deb
Size/MD5: 1599848 5c1bc833e4476508a2e8883720406b7f

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-perl_6.3-046+1ubuntu7.1_amd64.deb
Size/MD5: 929292 67231fe6f041e650a7a16818035232ad
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-python_6.3-046+1ubuntu7.1_amd64.deb
Size/MD5: 922458 4acb994818d57741bedeafaa59162f20
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-tcl_6.3-046+1ubuntu7.1_amd64.deb
Size/MD5: 880502 a78fe2f10d94c2b6b60f356ff4c901d5
http://security.ubuntu.com/ubuntu/pool/main/v/vim/kvim_6.3-046+1ubuntu7.1_amd64.deb
Size/MD5: 922556 24391c4a94fdb951e9e461cdfee9fc87
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-046+1ubuntu7.1_amd64.deb
Size/MD5: 805754 2972c0afcd3bfacd02e86bc9ff317bde
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-046+1ubuntu7.1_amd64.deb
Size/MD5: 803084 014e6c6bcb0a6a0abbe09de6f8ba5505
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-046+1ubuntu7.1_amd64.deb
Size/MD5: 783614 69ca26b900196fc09fdadc8dfdd90632
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-046+1ubuntu7.1_amd64.deb
Size/MD5: 809558 f6c371ca6625e3ce1bf2e8d8469810da
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-046+1ubuntu7.1_amd64.deb
Size/MD5: 803100 85df978e39de3674eb18d37aa3e4611f
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-046+1ubuntu7.1_amd64.deb
Size/MD5: 763210 a26548a49bb3d56eb4998a7c8f9a9f52
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1_amd64.deb
Size/MD5: 768434 2586fb240bb4d64b26639ee4b7cbb902

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-perl_6.3-046+1ubuntu7.1_i386.deb
Size/MD5: 830852 17c7d608b5bd48562518a55752d83981
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-python_6.3-046+1ubuntu7.1_i386.deb
Size/MD5: 824368 75cf8bc7d3c14b75f4eb4f6e96eed13c
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-tcl_6.3-046+1ubuntu7.1_i386.deb
Size/MD5: 781820 7472daf1c24079b55bafd09c71ee6021
http://security.ubuntu.com/ubuntu/pool/main/v/vim/kvim_6.3-046+1ubuntu7.1_i386.deb
Size/MD5: 824478 7339ff8e39518ba52f96a2eb3a59a943
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-046+1ubuntu7.1_i386.deb
Size/MD5: 701422 e09e1d3ec4b3cc62db58235ac3f3d3ac
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-046+1ubuntu7.1_i386.deb
Size/MD5: 699414 443baeff48ccaea338d36cd1a2fc886c
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-046+1ubuntu7.1_i386.deb
Size/MD5: 681288 99075faa2aaa28e9b3ed5ba054fd9e77
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-046+1ubuntu7.1_i386.deb
Size/MD5: 706964 557b4e74547160070dc7d52e8ba01d35
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-046+1ubuntu7.1_i386.deb
Size/MD5: 699422 078226d68630da3730cfceff27420f38
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-046+1ubuntu7.1_i386.deb
Size/MD5: 660104 ab1bd893eb7eb1d027da38112af1a196
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1_i386.deb
Size/MD5: 688162 b040b9a0527aee33789113186ac7a84f

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-perl_6.3-046+1ubuntu7.1_powerpc.deb
Size/MD5: 914962 f1e687aa0600d392f3b2eb1b1da676d1
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-python_6.3-046+1ubuntu7.1_powerpc.deb
Size/MD5: 907440 64b803346a6a52315e3eaba6b5c123bd
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim-tcl_6.3-046+1ubuntu7.1_powerpc.deb
Size/MD5: 864418 b1ce07cbfe3e161523f148a0dc612b9f
http://security.ubuntu.com/ubuntu/pool/main/v/vim/kvim_6.3-046+1ubuntu7.1_powerpc.deb
Size/MD5: 907536 0a7cbc632a48118980ce2c0c03723315
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-046+1ubuntu7.1_powerpc.deb
Size/MD5: 788114 d78cd2bdd4addd55780f7765734b6a01
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-046+1ubuntu7.1_powerpc.deb
Size/MD5: 786034 221063d416add0709f6bb6ccbc160246
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-046+1ubuntu7.1_powerpc.deb
Size/MD5: 769730 1944e9137f227f487c64486b48ff8412
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-046+1ubuntu7.1_powerpc.deb
Size/MD5: 793164 33b54d6a7f45122eeec12c300adbd836
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-046+1ubuntu7.1_powerpc.deb
Size/MD5: 786050 57d16f0c8b161927bbca8febeb05be36
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-046+1ubuntu7.1_powerpc.deb
Size/MD5: 745090 f9288ea7b5c161c42b2d8f73600b9a5b
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-046+1ubuntu7.1_powerpc.deb
Size/MD5: 757766 fdf7d4727c036b69c3100203df9ba8a7

---