Published: 31/10/2017 Updated: 27/11/2017

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vim vim

It was found that vim applies the opened file read permissions to the swap file, overriding the process' umask An attacker might search for vim swap files that were not deleted properly, in order to retrieve sensible data ...

VIM ignores umask when creating a swap file ("[ORIGINAL_FILENAME]swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary An attacker might search for vim swap files in order to retrieve security sensible data ...

CWE-200 http://www.openwall.com/lists/oss-security/2017/10/31/1 http://security.cucumberlinux.com/security/details.php?id=120 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-1000382

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-1000382

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect