[3.4] vim: Lack of validation of values for few options results in code exection (CVE-2016-1248)
A vulnerability was found in Vim which would allow arbitrary shell
commands to be run if a user opened a file with a malicious modeline.
This is due to lack of validation of values for a few options. Those
options’ values are then used in Vim’s scripts to build
a command string that’s evaluated by :execute, which is what allows the
shell commands to be run.
Fixed In Version:
vim 8.0.0056
Reference:
http://seclists.org/oss-sec/2016/q4/506
Patch:
https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
(from redmine: issue id 6501, created on 2016-11-25, closed on 2016-12-21)
- Relations:
- parent #6500 (closed)
- Changesets:
- Revision a6f79363 on 2016-12-20T11:29:50Z:
main/vim: security fix (CVE-2016-1248). Fixes #6501
(cherry picked from commit 39df8950b2072203f0c6afec938c35be8d28be51)