src/configure.in in Vim 5.0 up to and including 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vim vim 6.3 |
||
vim vim 6.2 |
||
vim vim 5.4 |
||
vim vim 5.3 |
||
vim vim 5.8 |
||
vim vim 5.7 |
||
vim vim 5.0 |
||
vim vim 7.1 |
||
vim vim 7.0 |
||
vim vim 6.4 |
||
vim vim 5.6 |
||
vim vim 5.5 |
||
vim vim 6.1 |
||
vim vim 6.0 |
||
vim vim 5.2 |
||
vim vim 5.1 |