CVE-2017-17087

Updated: 2023-11-04 20:20:29.562997

Description:

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x LOW 2.1
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS vim 7.4.629 5.5 MEDIUM Ignored 2021-11-16 05:59:06
CloudLinux 6 ELS vim 7.4.629 5.5 MEDIUM Ignored 2021-11-16 05:59:06
Oracle Linux 6 ELS vim 7.4.629 5.5 MEDIUM Ignored 2021-11-16 05:59:06
Ubuntu 16.04 ELS vim 7.4.1689-3 5.5 MEDIUM Not Vulnerable 2021-11-20 07:55:04