2.1
CVSSv2

CVE-2017-1000382

Published: 31/10/2017 Updated: 27/11/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.

Affected Products

Vendor Product Versions
VimVim8.0.1187

Vendor Advisories

It was found that vim applies the opened file read permissions to the swap file, overriding the process' umask An attacker might search for vim swap files that were not deleted properly, in order to retrieve sensible data ...
VIM ignores umask when creating a swap file ("[ORIGINAL_FILENAME]swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary An attacker might search for vim swap files in order to retrieve security sensible data ...
Oracle Solaris Third Party Bulletin - July 2018 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical P ...