[Full-disclosure] [PLSA 2008-30] Vim: Arbitrary code execution

[Pınar Yanardağ]

------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-30            security at pardus.org.tr
------------------------------------------------------------------------
       Date: 2008-08-25
   Severity: 3
       Type: Local
------------------------------------------------------------------------

Summary
=======

Insufficient sanitization can lead to Vim executing arbitrary  commands
when performing keyword or tag lookup.


Description
===========

(This vulnerability discovered by Ben Schmidt)


Affected packages:

   Pardus 2008:
     vim, all before 7.2.002-44-11


Resolution
==========

There are update(s) for vim. You can update them via Package Manager or
with a single command from console:

     pisi up vim

References
==========

   * http://www.rdancer.org/vulnerablevim-K.html
   * http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e

------------------------------------------------------------------------

-- 
Pınar Yanardağ
Pardus Security Team
http://security.pardus.org.tr