VIM ModeLines Arbitrary Command Execution Vulnerability

Gentoo Linux has released an advisory. Users who have installed app-editos/vim-core, app-editos/vim, or app-editos/gvim are advised to upgrade their systems by issuing the following commands:

emerge sync
emerge -u vim-core
emerge -u vim
emerge -u gvim
emerge clean

Mandrake has released an advisory (MDKSA-2003:012) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Sun Microsystems has made fixes available for this issue.

Conectiva has released advisory CLA-2004:812 with fixes to address this issue.

SCO OpenLinux has released advisory CSSA-2004-015.0 and fixes dealing with this issue.

The following fixes are available:

Sun Cobalt RaQ XTR

Sun Cobalt RaQ 4

VIM Development Group VIM 5.7

VIM Development Group VIM 6.0

VIM Development Group VIM 6.1

VIM Development Group VIM 6.2


Privacy Statement
Copyright 2010, SecurityFocus