PT-2017-10956 · Vim+2 · Vim+2

Hanno Böck

Published

2017-10-31

Updated

2024-06-15

CVE-2017-1000382

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions VIM version 8.0.1187

Description The issue concerns the creation of swap files by VIM, where the umask is ignored. This results in swap files, such as "[ORIGINAL FILENAME].swp", being potentially world-readable or accessible in unintended ways by other users.

Recommendations For version 8.0.1187, consider setting appropriate permissions on the directory where swap files are created to restrict access, until a fix is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2018-1878

CVE-2017-1000382

ECHO-AEF3-A0E0-F4DC

OPENSUSE-SU-2024:11497-1

Affected Products

Alt Linux

Debian

Vim

PT-2017-10956 · Vim+2 · Vim+2

CVE-2017-1000382

Weakness Enumeration

Related Identifiers

Affected Products

References · 32