Rapid7 Vulnerability & Exploit Database

CESA-2005:122: vim security update

Back to Search

CESA-2005:122: vim security update

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
01/13/2005
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

Updated vim packages that fix a security vulnerability are now available. This update has been rated as having low security impact by the CentOS Security Response Team.

VIM (Vi IMproved) is an updated and improved version of the vi screen-based editor. The Debian Security Audit Project discovered an insecure temporary file usage in VIM. A local user could overwrite or create files as a different user who happens to run one of the the vulnerable utilities. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0069 to this issue. All users of VIM are advised to upgrade to these erratum packages, which contain a backported patche for this issue.

Solution(s)

  • centos-upgrade-vim-common
  • centos-upgrade-vim-enhanced
  • centos-upgrade-vim-minimal
  • centos-upgrade-vim-x11

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;