Published: 31 October 2017

VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.



CVSS 3 base score: 5.5


Package Release Status
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Ignored
(upstream disputes CVE)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(upstream disputes CVE)
Ubuntu 14.04 ESM (Trusty Tahr) Ignored
(upstream disputes CVE)


I could reproduce following openwall steps
after apply the patch community put available
and repeat the steps in openwall I still got
the same bug behaviour so not sure if patch fix it waiting any comment from community
I could confirm with upstream the patch debian put available from upstream doesn't fix the issue
Ignoring this CVE. Bram Moolenar (vim's BDFL) had this to say:
1) The permissions are the same as the original file, and that is exactly how it should be.
2) This is working as intended, Vim does not use umask this way.  Umask is only used by
simple commands such as cp, not by long running processes that deal with many files.
Problem is with the user expectations.