CVE-2008-3294

Name of the Vulnerable Software and Affected Versions: Vim versions 5.0 through 7.1

Description: The issue arises in the src/configure.in file of Vim when it is used for a build with Python support. It does not ensure that the Makefile-conf temporary file has the intended ownership and permissions. This allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.

Recommendations: For Vim versions 5.0 through 7.1, ensure the Makefile-conf temporary file has the correct ownership and permissions during the build process to prevent unauthorized modifications. As a temporary workaround, consider restricting access to the configure process and the directory where Makefile-conf is created to minimize the risk of exploitation.