CVE-2017-17087 -- vimID: oval:org.secpod.oval:def:2000323 | Date: (C)2019-06-02 (M)2024-02-19 |
Class: VULNERABILITY | Family: unix |
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor"s primary group , which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.
Platform: |
Debian 8.x |
Debian 9.x |