Jan Minář

Name of the Vulnerable Software and Affected Versions: Vim versions 5.0 through 7.1 Description: The issue arises in the `src/configure.in` file of Vim when it is used for a build with Python support. It does not ensure that the `Makefile-conf` temporary file has the intended ownership and permissions. This allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by `configure`. Recommendations: For Vim versions 5.0 through 7.1, ensure the `Makefile-conf` temporary file has the correct ownership and permissions during the build process to prevent unauthorized modifications. As a temporary workaround, consider restricting access to the `configure` process and the directory where `Makefile-conf` is created to minimize the risk of exploitation.