CVE-2017-17087 Information

Description

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor’s primary group (which may be different from the group ownership of the original file) which allows local users to obtain sensitive information by leveraging an applicable group membership as demonstrated by /etc/shadow owned by root:shadow mode 0640 but /etc/.shadow.swp owned by root:users mode 0640 a different vulnerability than CVE-2017-1000382.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://openwall.com/lists/oss-security/2017/11/27/2 http://security.cucumberlinux.com/security/details.php?id=166 https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8 https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html https://usn.ubuntu.com/4582-1/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5