CVE-2016-1248
Published: 23 November 2016
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
From the Ubuntu Security Team
Florian Larysch discovered that the Vim text editor did not properly validate values for the 'filetype', 'syntax', and 'keymap' options. An attacker could trick a user into opening a file with specially crafted modelines and possibly execute arbitrary code with the user's privileges.
Priority
Status
Package | Release | Status |
---|---|---|
neovim Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Released
(0.1.6-4)
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Not vulnerable
(0.1.6-5)
|
|
Patches: upstream: https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040 |
||
vim Launchpad, Ubuntu, Debian |
precise |
Released
(2:7.3.429-2ubuntu2.2)
|
trusty |
Released
(2:7.4.052-1ubuntu3.1)
|
|
upstream |
Released
(2:8.0.0095-1)
|
|
xenial |
Released
(2:7.4.1689-3ubuntu1.2)
|
|
yakkety |
Released
(2:7.4.1829-1ubuntu2.1)
|
|
zesty |
Not vulnerable
(2:8.0.0095-1ubuntu2)
|
|
Patches: upstream: https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
- http://openwall.com/lists/oss-security/2016/11/22/20
- https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog
- https://github.com/vim/vim/releases/tag/v8.0.0056
- https://lists.debian.org/debian-lts-announce/2016/11/msg00025.html
- https://lists.debian.org/debian-security-announce/2016/msg00305.html
- https://ubuntu.com/security/notices/USN-3139-1
- https://www.cve.org/CVERecord?id=CVE-2016-1248
- NVD
- Launchpad
- Debian