This has been assigned CVE-2017-17087 >> 2. Vim .swp file group (Doesn't have a CVE ID) >> >> This vulnerability was discovered by me. When Vim creates a .swp file, >> the .swp file is created with the owner and group set to the editor and >> editor's primary group respectively. The .swp file is the set to the >> same permissions as the original file (i.e. chmod 640). This creates a >> security vulnerability when the editor's primary group is not the same >> as the original file's group. >> >> For example, say the root user's primary group is "users", which every >> user is a member of. If root goes to edit /etc/shadow, the >> /etc/.shadow.swp file is created with permissions 640 and user:group set >> to root:users. The original /etc/shadow file had user:group set to >> root:shadow though; this now exposes the /etc/shadow file (which mind >> you contains hashes of every user's password) to every user on the system. >> >> Originally, I thought this was an extension of CVE-2017-1000382 so I >> didn't bother trying to get a CVE ID for it; however, upon looking at it >> for a second time, it seems that this is indeed a different >> vulnerability. It is possible to patch this vulnerability without >> patching CVE-2017-1000382. >
-- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
