Your submission was sent successfully! Close

You have successfully unsubscribed! Close


Published: 31 October 2017

VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.


I could reproduce following openwall steps
after apply the patch community put available
and repeat the steps in openwall I still got
the same bug behaviour so not sure if patch fix it waiting any comment from community
I could confirm with upstream the patch debian put available from upstream doesn't fix the issue
Ignoring this CVE. Bram Moolenar (vim's BDFL) had this to say:
1) The permissions are the same as the original file, and that is exactly how it should be.
2) This is working as intended, Vim does not use umask this way.  Umask is only used by
simple commands such as cp, not by long running processes that deal with many files.
Problem is with the user expectations.



Cvss 3 Severity Score


Score breakdown


Package Release Status
Launchpad, Ubuntu, Debian
upstream Needs triage

trusty Ignored
(upstream disputes CVE)
xenial Ignored
(upstream disputes CVE)
zesty Ignored
(end of life)
artful Ignored
(end of life)
bionic Ignored
(upstream disputes CVE)
cosmic Ignored
(end of life)

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N