Hi. It seems to me that the zip.vim arbitrary code execution vulnerability has not been fixed yet, despite of Bram writing in <[EMAIL PROTECTED]> that it had been:
Bram: The problem in the zip plugin has already been fixed, but the file Bram: wasn't distributed yet. It's now on Bram: ftp://ftp.vim.org/pub/vim/runtime/autoload/zip.vim That doesn't seem to be the case, though -- zip.vim v19, which is what is available at the above URL, is still vulnerable: Running the current version of Vim: $ vim --version | head -n2 VIM - Vi IMproved 7.2a BETA (2008 Jun 24, compiled Jul 12 2008 21:33:44) Included patches: 1-19 The abovementioned URL has zip.vim v19, 2008-06-29: $ wget -o/dev/null -O- ftp://ftp.vim.org/pub/vim/runtime/autoload/zip.vim| sed -n '1p;3,4p' " zip.vim: Handles browsing zipfiles " Date: Jun 29, 2008 " Version: 19 Which is the version that is on the disk here: $ touch foo $ zip foo.zip foo adding: foo (stored 0%) $ ex foo.zip +':echo g:loaded_zip' +:q v19 And the latest score on the test suite (now with version information; http://www.rdancer.org/vulnerablevim.2008-07-13.tar.bz2): $ make test [...] ------------------------------------------- -------- Test results below --------------- ------------------------------------------- Vim version 7.2a, included patches: 1-19 filetype.vim strong : EXPLOIT FAILED weak : EXPLOIT FAILED tarplugin : EXPLOIT FAILED tarplugin.updated: VULNERABLE zipplugin : VULNERABLE (zip.vim version: v19) xpm.vim xpm : EXPLOIT FAILED xpm2 : EXPLOIT FAILED remote : EXPLOIT FAILED gzip_vim : EXPLOIT FAILED netrw : EXPLOIT FAILED netrw.v2 : VULNERABLE netrw.v3 : VULNERABLE netrw.v4 : VULNERABLE Cheers, Jan. --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
