5.5

CVE-2017-17087

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VimVim Version < 8.0.1263
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.272
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2017/11/27/2
Mailing List
http://security.cucumberlinux.com/security/details.php?id=166
Third Party Advisory
Issue Tracking
https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8
Patch
Third Party Advisory
https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ
Third Party Advisory
Mailing List
Issue Tracking
https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4582-1/
Third Party Advisory