Published: 13/01/2005 Updated: 11/10/2017

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vim development group vim 6.3.011
vim development group vim 6.3.025
vim development group vim 6.3.030
vim development group vim 6.3.044

Javier Fern�ndez-Sanguino Pe�a noticed that the auxillary scripts “tcltags” and “vimspellsh” created temporary files in an insecure manner This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the script (either by calling it directly or by execution through vim) ...

Synopsis vim security update Type/Severity Security Advisory: Low Topic Updated vim packages that fix security vulnerabilities are now availablefor Red Hat Enterprise Linux 4This update has been rated as having low security impact by the Red HatSecurity Response Team Description VIM (Vi I ...

Synopsis vim security update Type/Severity Security Advisory: Low Topic Updated vim packages that fix a security vulnerability are now availableThis update has been rated as having low security impact by the Red HatSecurity Response Team Description VIM (Vi IMproved) is an updated and imp ...

NVD-CWE-Other https://bugzilla.fedora.us/show_bug.cgi?id=2343 http://www.redhat.com/support/errata/RHSA-2005-036.html http://www.redhat.com/support/errata/RHSA-2005-122.html http://secunia.com/advisories/13841/http://securitytracker.com/id?1012938 http://marc.info/?l=bugtraq&m=110608387001863&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18870 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9402 https://usn.ubuntu.com/61-1/https://nvd.nist.gov

CVE-2005-0069

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect