• info
• discussion
• exploit
• solution
• references

VIM ModeLines Arbitrary Command Execution Vulnerability

Solution:
Gentoo Linux has released an advisory. Users who have installed app-editos/vim-core, app-editos/vim, or app-editos/gvim are advised to upgrade their systems by issuing the following commands:

emerge sync
emerge -u vim-core
emerge -u vim
emerge -u gvim
emerge clean

Mandrake has released an advisory (MDKSA-2003:012) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Sun Microsystems has made fixes available for this issue.

Conectiva has released advisory CLA-2004:812 with fixes to address this issue.

SCO OpenLinux has released advisory CSSA-2004-015.0 and fixes dealing with this issue.

The following fixes are available:


Sun Cobalt RaQ XTR

• Sun RaQXTR-All-Security-1.0.1-16358.pkg
  http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-16358.pkg

Sun Cobalt RaQ 4

• Sun RaQ4-All-Security-2.0.1-16358.pkg
  http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0. 1-16358.pkg

VIM Development Group VIM 5.7

• RedHat vim-common-6.1-18.6x.3.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/vim-common-6.1-18.6x.3.i386.rp m


• RedHat vim-common-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/vim-common-6.1-18.7x.2.i386.rp m


• RedHat vim-enhanced-6.1-18.6x.3.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/vim-enhanced-6.1-18.6x.3.i386. rpm


• RedHat vim-enhanced-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/vim-enhanced-6.1-18.7x.2.i386. rpm


• RedHat vim-minimal-6.1-18.6x.3.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/vim-minimal-6.1-18.6x.3.i386.r pm


• RedHat vim-minimal-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/vim-minimal-6.1-18.7x.2.i386.r pm


• RedHat vim-X11-6.1-18.6x.3.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/vim-X11-6.1-18.6x.3.i386.rpm


• RedHat vim-X11-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/vim-X11-6.1-18.7x.2.i386.rpm

VIM Development Group VIM 6.0

• Conectiva vim-common-6.1-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/vim-common-6.1-1U80_1cl.i38 6.rpm


• Conectiva vim-enhanced-6.1-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/vim-enhanced-6.1-1U80_1cl.i 386.rpm


• Conectiva vim-help-6.1-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/vim-help-6.1-1U80_1cl.i386. rpm


• Conectiva vim-minimal-6.1-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/vim-minimal-6.1-1U80_1cl.i3 86.rpm


• Conectiva vim-syntax-6.1-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/vim-syntax-6.1-1U80_1cl.i38 6.rpm


• Conectiva vim-X11-6.1-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/vim-X11-6.1-1U80_1cl.i386.r pm


• RedHat vim-common-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/vim-common-6.1-18.7x.2.i386.rp m


• RedHat vim-common-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/vim-common-6.1-18.7x.2.i386.rp m


• RedHat vim-common-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/vim-common-6.1-18.7x.2.i386.rp m


• RedHat vim-common-6.1-18.7x.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/vim-common-6.1-18.7x.2.ia64.rp m


• RedHat vim-enhanced-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/vim-enhanced-6.1-18.7x.2.i386. rpm


• RedHat vim-enhanced-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/vim-enhanced-6.1-18.7x.2.i386. rpm


• RedHat vim-enhanced-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/vim-enhanced-6.1-18.7x.2.i386. rpm


• RedHat vim-enhanced-6.1-18.7x.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/vim-enhanced-6.1-18.7x.2.ia64. rpm


• RedHat vim-minimal-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/vim-minimal-6.1-18.7x.2.i386.r pm


• RedHat vim-minimal-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/vim-minimal-6.1-18.7x.2.i386.r pm


• RedHat vim-minimal-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/vim-minimal-6.1-18.7x.2.i386.r pm


• RedHat vim-minimal-6.1-18.7x.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/vim-minimal-6.1-18.7x.2.ia64.r pm


• RedHat vim-X11-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/vim-X11-6.1-18.7x.2.i386.rpm


• RedHat vim-X11-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/vim-X11-6.1-18.7x.2.i386.rpm


• RedHat vim-X11-6.1-18.7x.2.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/vim-X11-6.1-18.7x.2.i386.rpm


• RedHat vim-X11-6.1-18.7x.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/vim-X11-6.1-18.7x.2.ia64.rpm

VIM Development Group VIM 6.1

• Mandrake vim-common-6.1-34.1mdk.i586.rpm
  Mandrake Linux 8.0.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-common-6.1-34.1mdk.i586.rpm
  Mandrake Linux 8.1.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-common-6.1-34.1mdk.i586.rpm
  Mandrake Linux 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-common-6.1-34.1mdk.i586.rpm
  Mandrake Linux 9.0.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-common-6.1-34.1mdk.i586.rpm
  Mandrake Multi Network Firewall 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-common-6.1-34.1mdk.ia64.rpm
  Mandrake Linux 8.1/IA64.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-common-6.1-34.1mdk.ppc.rpm
  Mandrake Linux 8.0/PPC.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-common-6.1-34.2mdk.i586.rpm
  Linux-Mandrake 7.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-common-6.1-34.2mdk.i586.rpm
  Mandrake Single Network Firewall 7.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-common-6.1-34.3mdk.ppc.rpm
  Mandrake Linux 8.2/PPC.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-enhanced-6.1-34.1mdk.i586.rpm
  Mandrake Linux 8.0.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-enhanced-6.1-34.1mdk.i586.rpm
  Mandrake Linux 8.1.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-enhanced-6.1-34.1mdk.i586.rpm
  Mandrake Linux 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-enhanced-6.1-34.1mdk.i586.rpm
  Mandrake Linux 9.0.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-enhanced-6.1-34.1mdk.i586.rpm
  Mandrake Multi Network Firewall 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-enhanced-6.1-34.1mdk.ia64.rpm
  Mandrake Linux 8.1/IA64.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-enhanced-6.1-34.1mdk.ppc.rpm
  Mandrake Linux 8.0/PPC.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-enhanced-6.1-34.2mdk.i586.rpm
  Linux-Mandrake 7.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-enhanced-6.1-34.2mdk.i586.rpm
  Mandrake Single Network Firewall 7.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-enhanced-6.1-34.3mdk.ppc.rpm
  Mandrake Linux 8.2/PPC.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-minimal-6.1-34.1mdk.i586.rpm
  Mandrake Linux 8.0.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-minimal-6.1-34.1mdk.i586.rpm
  Mandrake Linux 8.1.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-minimal-6.1-34.1mdk.i586.rpm
  Mandrake Linux 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-minimal-6.1-34.1mdk.i586.rpm
  Mandrake Linux 9.0.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-minimal-6.1-34.1mdk.i586.rpm
  Mandrake Multi Network Firewall 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-minimal-6.1-34.1mdk.ia64.rpm
  Mandrake Linux 8.1/IA64.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-minimal-6.1-34.1mdk.ppc.rpm
  Mandrake Linux 8.0/PPC.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-minimal-6.1-34.2mdk.i586.rpm
  Linux-Mandrake 7.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-minimal-6.1-34.3mdk.ppc.rpm
  Mandrake Linux 8.2/PPC.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-X11-6.1-34.1mdk.i586.rpm
  Mandrake Linux 8.0.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-X11-6.1-34.1mdk.i586.rpm
  Mandrake Linux 8.1.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-X11-6.1-34.1mdk.i586.rpm
  Mandrake Linux 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-X11-6.1-34.1mdk.i586.rpm
  Mandrake Linux 9.0.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-X11-6.1-34.1mdk.ia64.rpm
  Mandrake Linux 8.1/IA64.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-X11-6.1-34.1mdk.ppc.rpm
  Mandrake Linux 8.0/PPC.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-X11-6.1-34.2mdk.i586.rpm
  Linux-Mandrake 7.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake vim-X11-6.1-34.3mdk.ppc.rpm
  Mandrake Linux 8.2/PPC.
  http://www.mandrakesecure.net/en/ftp.php


• Red Hat vim-common-6.1-18.7x.2.ppc.rpm
  ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/vim-common-6.1-18.7x.2. ppc.rpm


• Red Hat vim-common-6.1-18.7x.2.ppc.rpm
  ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/vim-common-6.1-18.7x.2. ppc.rpm


• Red Hat vim-enhanced-6.1-18.7x.2.ppc.rpm
  ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/vim-enhanced-6.1-18.7x. 2.ppc.rpm


• Red Hat vim-enhanced-6.1-18.7x.2.ppc.rpm
  ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/vim-enhanced-6.1-18.7x. 2.ppc.rpm


• Red Hat vim-minimal-6.1-18.7x.2.ppc.rpm
  ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/vim-minimal-6.1-18.7x.2 .ppc.rpm


• Red Hat vim-minimal-6.1-18.7x.2.ppc.rpm
  ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/vim-minimal-6.1-18.7x.2 .ppc.rpm


• Red Hat vim-X11-6.1-18.7x.2.ppc.rpm
  ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/vim-X11-6.1-18.7x.2.ppc .rpm


• Red Hat vim-X11-6.1-18.7x.2.ppc.rpm
  ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/vim-X11-6.1-18.7x.2.ppc .rpm


• RedHat vim-common-6.1-18.8x.1.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/vim-common-6.1-18.8x.1.i386.rp m


• RedHat vim-enhanced-6.1-18.8x.1.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/vim-enhanced-6.1-18.8x.1.i386. rpm


• RedHat vim-minimal-6.1-18.8x.1.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/vim-minimal-6.1-18.8x.1.i386.r pm


• RedHat vim-X11-6.1-18.8x.1.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/vim-X11-6.1-18.8x.1.i386.rpm


• Sun RaQ4-All-Security-2.0.1-16358.pkg
  http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0. 1-16358.pkg


• Sun RaQXTR-All-Security-1.0.1-16358.pkg
  http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-16358.pkg


• Sun Qube3-All-Security-4.0.1-16358.pkg
  http://ftp.cobalt.sun.com/pub/packages/qube3/ml


• Sun RaQ550-All-Security-0.0.1-16358.pkg
  http://ftp.cobalt.sun.com/pub/packages/raq550/all


• Sun vim-common-6.1-18.7x.2.i386.rpm
  ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S


• Sun vim-enhanced-6.1-18.7x.2.i386.rpm
  ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S


• Sun vim-minimal-6.1-18.7x.2.i386.rpm
  ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S


• Sun vim-X11-6.1-18.7x.2.i386.rpm
  ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S

VIM Development Group VIM 6.2

• SCO vim-6.2-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-015.0/R PMS/vim-6.2-1.i386.rpm


• SCO vim-6.2-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-01 5.0/RPMS/vim-6.2-1.i386.rpm


• SCO vim-help-6.2-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-015.0/R PMS/vim-help-6.2-1.i386.rpm


• SCO vim-help-6.2-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-01 5.0/RPMS/vim-help-6.2-1.i386.rpm


• SCO vim-i18n-6.2-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-015.0/R PMS/vim-i18n-6.2-1.i386.rpm


• SCO vim-i18n-6.2-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-01 5.0/RPMS/vim-i18n-6.2-1.i386.rpm


• SCO vim-X11-6.2-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-015.0/R PMS/vim-X11-6.2-1.i386.rpm


• SCO vim-X11-6.2-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-01 5.0/RPMS/vim-X11-6.2-1.i386.rpm