FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vim -- vulnerabilities in modeline handling

Affected packages
vim < 6.3.45
vim+ruby < 6.3.45
vim-lite < 6.3.45

Details

VuXML ID bd9fc2bf-5ffe-11d9-a11a-000a95bc6fae
Discovery 2004-12-09
Entry 2005-01-06
Modified 2005-01-13

Ciaran McCreesh discovered news ways in which a VIM modeline can be used to trojan a text file. The patch by Bram Moolenaar reads:

Problem: Unusual characters in an option value may cause unexpected behavior, especially for a modeline. (Ciaran McCreesh)

Solution: Don't allow setting termcap options or 'printdevice' or 'titleold' in a modeline. Don't list options for "termcap" and "all" in a modeline. Don't allow unusual characters in 'filetype', 'syntax', 'backupext', 'keymap', 'patchmode' and 'langmenu'.

Note: It is generally recommended that VIM users use set nomodeline in ~/.vimrc to avoid the possibility of trojaned text files.

References

CVE Name CVE-2004-1138
Message http://groups.yahoo.com/group/vimdev/message/38084
URL ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.045