CVE-2008-3294
EUVD-2008-328224.07.2008, 18:41
src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| vim | vim | 5.0 |
| vim | vim | 5.1 |
| vim | vim | 5.2 |
| vim | vim | 5.3 |
| vim | vim | 5.4 |
| vim | vim | 5.5 |
| vim | vim | 5.6 |
| vim | vim | 5.7 |
| vim | vim | 5.8 |
| vim | vim | 6.0 |
| vim | vim | 6.1 |
| vim | vim | 6.2 |
| vim | vim | 6.3 |
| vim | vim | 6.4 |
| vim | vim | 7.0 |
| vim | vim | 7.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References