CVE-2005-0069
published 2005-01-13CVE-2005-0069: The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.
PriorityP413medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.36%
27.8th percentile
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vim | < vim 1:6.3-058+1 (bookworm) | vim 1:6.3-058+1 (bookworm) |
| vim | vim | >= 0 < 1:6.3-058+1 | 1:6.3-058+1 |
| vim | vim | >= 0 < 1:6.3-058+1 | 1:6.3-058+1 |
| vim | vim | >= 0 < 1:6.3-058+1 | 1:6.3-058+1 |
| vim | vim | >= 0 < 1:6.3-058+1 | 1:6.3-058+1 |
| vim_development_group | vim | — | — |
| vim_development_group | vim | — | — |
| vim_development_group | vim | — | — |
| vim_development_group | vim | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
vim vulnerabilities
vendor_ubuntu·2005-01-19
CVE-2005-0069 vim vulnerabilities
Title: vim vulnerabilities
Summary: vim vulnerabilities
Javier Fernández-Sanguino Peña noticed that the auxillary scripts
"tcltags" and "vimspell.sh" created temporary files in an insecure
manner. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the script
(either by calling it directly or by execution through vim).
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-01-09·CVSS 4.6
CVE-2005-0069 [MEDIUM] security flaw
security flaw
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.
Debian
CVE-2005-0069: vim - The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overw...
vendor_debian·2005·CVSS 4.6
CVE-2005-0069 [MEDIUM] CVE-2005-0069: vim - The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overw...
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.
Scope: local
bookworm: resolved (fixed in 1:6.3-058+1)
bullseye: resolved (fixed in 1:6.3-058+1)
forky: resolved (fixed in 1:6.3-058+1)
sid: resolved (fixed in 1:6.3-058+1)
trixie: resolved (fixed in 1:6.3-058+1)
GHSA
GHSA-8p47-83g5-grhh: The (1) tcltags or (2) vimspell
ghsa_unreviewed·2022-05-01
CVE-2005-0069 [MEDIUM] GHSA-8p47-83g5-grhh: The (1) tcltags or (2) vimspell
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.
OSV
CVE-2005-0069: The (1) tcltags or (2) vimspell
osv·2005-01-13·CVSS 4.6
CVE-2005-0069 [MEDIUM] CVE-2005-0069: The (1) tcltags or (2) vimspell
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.
No detection rules found.
No public exploits indexed.
http://marc.info/?l=bugtraq&m=110608387001863&w=2http://secunia.com/advisories/13841/http://securitytracker.com/id?1012938http://www.redhat.com/support/errata/RHSA-2005-036.htmlhttp://www.redhat.com/support/errata/RHSA-2005-122.htmlhttps://bugzilla.fedora.us/show_bug.cgi?id=2343https://exchange.xforce.ibmcloud.com/vulnerabilities/18870https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9402http://marc.info/?l=bugtraq&m=110608387001863&w=2http://secunia.com/advisories/13841/http://securitytracker.com/id?1012938http://www.redhat.com/support/errata/RHSA-2005-036.htmlhttp://www.redhat.com/support/errata/RHSA-2005-122.htmlhttps://bugzilla.fedora.us/show_bug.cgi?id=2343https://exchange.xforce.ibmcloud.com/vulnerabilities/18870https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9402
2005-01-13
Published