NA

CVE-2008-3294

Published: 24/07/2008 Updated: 11/10/2018
CVSS v2 Base Score: 3.7 | Impact Score: 6.4 | Exploitability Score: 1.9
VMScore: 329
Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Summary

src/configure.in in Vim 5.0 up to and including 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.

Affected Products

Vendor Product Versions
VimVim5.0, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 6.0, 6.1, 6.2, 6.3, 6.4, 7.0, 7.1