Jan Minar wrote:
> It seems to me that the zip.vim arbitrary code execution vulnerability > has not been fixed yet, despite of Bram writing in > <[EMAIL PROTECTED]> that it had been: > > Bram: The problem in the zip plugin has already been fixed, but the file > Bram: wasn't distributed yet. It's now on > Bram: ftp://ftp.vim.org/pub/vim/runtime/autoload/zip.vim > > That doesn't seem to be the case, though -- zip.vim v19, which is what > is available at the above URL, is still vulnerable: > > Running the current version of Vim: > > $ vim --version | head -n2 > VIM - Vi IMproved 7.2a BETA (2008 Jun 24, compiled Jul 12 2008 21:33:44) > Included patches: 1-19 > > The abovementioned URL has zip.vim v19, 2008-06-29: > > $ wget -o/dev/null -O- > ftp://ftp.vim.org/pub/vim/runtime/autoload/zip.vim| sed -n '1p;3,4p' > " zip.vim: Handles browsing zipfiles > " Date: Jun 29, 2008 > " Version: 19 > > Which is the version that is on the disk here: > > $ touch foo > $ zip foo.zip foo > adding: foo (stored 0%) > $ ex foo.zip +':echo g:loaded_zip' +:q > v19 > > And the latest score on the test suite (now with version information; > http://www.rdancer.org/vulnerablevim.2008-07-13.tar.bz2): > $ make test > [...] > ------------------------------------------- > -------- Test results below --------------- > ------------------------------------------- > Vim version 7.2a, included patches: 1-19 > filetype.vim > strong : EXPLOIT FAILED > weak : EXPLOIT FAILED > tarplugin : EXPLOIT FAILED > tarplugin.updated: VULNERABLE > zipplugin : VULNERABLE (zip.vim version: v19) > xpm.vim > xpm : EXPLOIT FAILED > xpm2 : EXPLOIT FAILED > remote : EXPLOIT FAILED > gzip_vim : EXPLOIT FAILED > netrw : EXPLOIT FAILED > netrw.v2 : VULNERABLE > netrw.v3 : VULNERABLE > netrw.v4 : VULNERABLE Since Charles is probably not able to respond, I had a look myself. There are indeed a few more commands where escaping is not done properly. I'll fix those. Hopefully I don't break anything. I hope to finish Vim 7.2b later today, the fixes will be included in there. The new netrw plugin is also included, these should fix the other problems you reported. Please check Vim 7.2b when it's out. -- Your fault: core dumped /// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ download, build and distribute -- http://www.A-A-P.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
