CVE-2017-17087 -- vimID: oval:org.secpod.oval:def:1900870 | Date: (C)2019-06-18 (M)2024-02-19 |
Class: VULNERABILITY | Family: unix |
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor"s primary group , which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.
Platform: |
Ubuntu 16.04 |
Ubuntu 14.04 |