QwikSec

Security Database

CVE

CWE

Training

CVE-2017-17087

Published: Dec 1, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ

x_refsource_MISC

http://openwall.com/lists/oss-security/2017/11/27/2

x_refsource_MISC

http://security.cucumberlinux.com/security/details.php?id=166

x_refsource_MISC

https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8

x_refsource_MISC

[debian-lts-announce] 20190803 [SECURITY] [DLA 1871-1] vim security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

[debian-lts-announce] 20220110 [SECURITY] [DLA 2876-1] vim security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.