DSA-4467-1 vim -- vimID: oval:org.secpod.oval:def:603947 | Date: (C)2019-06-19 (M)2023-12-20 |
Class: PATCH | Family: unix |
User Arminius discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi . The Common vulnerabilities and exposures project identifies the following problem: Editors typically provide a way to embed editor configuration commands which are executed once a file is opened, while harmful commands are filtered by a sandbox mechanism. It was discovered that the source command was not filtered, allowing shell command execution with a carefully crafted file opened in Vim.