Bug 36882 - CVE-2019-12735: Modelines allow arbitrary code execution
Summary: CVE-2019-12735: Modelines allow arbitrary code execution
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: vim-common (show other bugs)
Version: unstable
Hardware: all Linux
: P3 critical
Assignee: Gleb F-Malinovskiy
QA Contact: qa-sisyphus
URL: https://cve.mitre.org/cgi-bin/cvename...
Keywords:
Depends on:
Blocks:
 
Reported: 2019-06-08 17:06 MSK by Sergey Vlasov
Modified: 2019-06-11 22:21 MSK (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sergey Vlasov 2019-06-08 17:06:40 MSK 
При включенной опции modeline возможно выполнение произвольного кода при открытии файла.

Пример:

:!uname -a||" vi:fen:fdm=expr:fde=assert_fails("source\!\ \%"):fdl=0:fdt="

См. также https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930020 (наложения только патча 8.1.1365 недостаточно).
Comment 1 Repository Robot 2019-06-11 22:21:30 MSK 
vim-4:8.1.1517-alt1 -> sisyphus:

Tue Jun 11 2019 Gleb F-Malinovskiy <glebfm@altlinux> 4:8.1.1517-alt1
- Updated to 8.1.1517 (fixes: CVE-2019-12735) (ALT#36882).