Vulnerabilities > CVE-2017-17087 - Exposure of Resource to Wrong Sphere vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1138.NASL description According to the version of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor last seen 2020-05-06 modified 2020-02-24 plugin id 133939 published 2020-02-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133939 title EulerOS 2.0 SP5 : vim (EulerOS-SA-2020-1138) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(133939); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2017-17087" ); script_name(english:"EulerOS 2.0 SP5 : vim (EulerOS-SA-2020-1138)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.(CVE-2017-17087) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1138 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9710da01"); script_set_attribute(attribute:"solution", value: "Update the affected vim package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-X11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-enhanced"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-filesystem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-minimal"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["vim-X11-7.4.160-4.h8.eulerosv2r7", "vim-common-7.4.160-4.h8.eulerosv2r7", "vim-enhanced-7.4.160-4.h8.eulerosv2r7", "vim-filesystem-7.4.160-4.h8.eulerosv2r7", "vim-minimal-7.4.160-4.h8.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim"); }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1871.NASL description Several minor issues have been fixed in vim, a highly configurable text editor. CVE-2017-11109 Vim allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. CVE-2017-17087 Vim sets the group ownership of a .swp file to the editor last seen 2020-06-01 modified 2020-06-02 plugin id 127480 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127480 title Debian DLA-1871-1 : vim security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1871-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(127480); script_version("1.2"); script_cvs_date("Date: 2019/09/24 11:01:32"); script_cve_id("CVE-2017-11109", "CVE-2017-17087", "CVE-2019-12735"); script_name(english:"Debian DLA-1871-1 : vim security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Several minor issues have been fixed in vim, a highly configurable text editor. CVE-2017-11109 Vim allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. CVE-2017-17087 Vim sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership. CVE-2019-12735 Vim did not restrict the `:source!` command when executed in a sandbox. For Debian 8 'Jessie', these problems have been fixed in version 2:7.4.488-7+deb8u4. We recommend that you upgrade your vim packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/vim" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vim"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vim-athena"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vim-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vim-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vim-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vim-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vim-gtk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vim-gui-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vim-lesstif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vim-nox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vim-runtime"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vim-tiny"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"vim", reference:"2:7.4.488-7+deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"vim-athena", reference:"2:7.4.488-7+deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"vim-common", reference:"2:7.4.488-7+deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"vim-dbg", reference:"2:7.4.488-7+deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"vim-doc", reference:"2:7.4.488-7+deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"vim-gnome", reference:"2:7.4.488-7+deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"vim-gtk", reference:"2:7.4.488-7+deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"vim-gui-common", reference:"2:7.4.488-7+deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"vim-lesstif", reference:"2:7.4.488-7+deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"vim-nox", reference:"2:7.4.488-7+deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"vim-runtime", reference:"2:7.4.488-7+deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"vim-tiny", reference:"2:7.4.488-7+deb8u4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0070_VIM.NASL description An update of the vim package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121965 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121965 title Photon OS 2.0: Vim PHSA-2018-2.0-0070 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-2.0-0070. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(121965); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id("CVE-2017-17087"); script_name(english:"Photon OS 2.0: Vim PHSA-2018-2.0-0070"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the vim package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-70.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-11219"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/11"); script_set_attribute(attribute:"patch_publication_date", value:"2018/07/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:vim"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"vim-8.0.0533-4.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"vim-extra-8.0.0533-4.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1546.NASL description According to the version of the vim packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was found that the swap file created by vim when opening a file was using the user last seen 2020-05-08 modified 2020-05-01 plugin id 136249 published 2020-05-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136249 title EulerOS Virtualization for ARM 64 3.0.2.0 : vim (EulerOS-SA-2020-1546) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(136249); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2017-17087" ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : vim (EulerOS-SA-2020-1546)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the vim packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was found that the swap file created by vim when opening a file was using the user's primary group instead of the file's group. An attacker belonging to the victim's primary group could use this flaw to read the vim swap file.(CVE-2017-17087) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1546 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d4883ecc"); script_set_attribute(attribute:"solution", value: "Update the affected vim package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-enhanced"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-filesystem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-minimal"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["vim-common-7.4.160-4.h8", "vim-enhanced-7.4.160-4.h8", "vim-filesystem-7.4.160-4.h8", "vim-minimal-7.4.160-4.h8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2462.NASL description According to the version of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor last seen 2020-05-08 modified 2019-12-10 plugin id 131914 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131914 title EulerOS 2.0 SP2 : vim (EulerOS-SA-2019-2462) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2679.NASL description According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor last seen 2020-05-08 modified 2019-12-18 plugin id 132214 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132214 title EulerOS 2.0 SP3 : vim (EulerOS-SA-2019-2679) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0070.NASL description An update of 'redis', 'vim' packages of Photon OS has been released. last seen 2019-02-08 modified 2019-02-07 plugin id 111955 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111955 title Photon OS 2.0: Redis / Vim PHSA-2018-2.0-0070 (deprecated)
References
- https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ
- https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8
- http://security.cucumberlinux.com/security/details.php?id=166
- http://openwall.com/lists/oss-security/2017/11/27/2
- https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html
- https://usn.ubuntu.com/4582-1/
- https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html