Vim Insecure Temporary File Creation Vulnerability

BID:30279

Info

Vim Insecure Temporary File Creation Vulnerability

Bugtraq ID: 30279
Class: Design Error
CVE: CVE-2008-3294
Remote: No
Local: Yes
Published: Jul 17 2008 12:00AM
Updated: Oct 10 2008 04:47PM
Credit: Jan Minár
Vulnerable: VIM Development Group VIM 6.3
+ Mandriva Linux Mandrake 10.1 x86_64
 + Mandriva Linux Mandrake 10.1
VIM Development Group VIM 6.2
+ MandrakeSoft Corporate Server 3.0 x86_64
 + MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
 + Mandriva Linux Mandrake 10.0
+ Redhat Fedora Core1
 + SCO OpenLinux Server 3.1.1
+ SCO OpenLinux Workstation 3.1.1
VIM Development Group VIM 6.1
+ MandrakeSoft Corporate Server 2.1 x86_64
 + MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
 + Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
 + Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
 + Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Redhat Linux 9.0 i386
 + Redhat Linux 8.0
+ Redhat Linux for iSeries 7.1
+ Redhat Linux for pSeries 7.1
+ Sun Cobalt Qube 3
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ 550
+ Sun Cobalt RaQ XTR
+ Sun Linux 5.0.6
VIM Development Group VIM 6.0
+ Redhat Linux 7.3 i386
 + Redhat Linux 7.2 ia64
 + Redhat Linux 7.2 i386
 + Redhat Linux 7.1 ia64
 + Redhat Linux 7.1 i386
 VIM Development Group VIM 5.8
VIM Development Group VIM 5.7
+ Caldera OpenLinux 2.3
+ Redhat Linux 7.0 sparc
 + Redhat Linux 7.0 i386
 + Redhat Linux 7.0 alpha
 + Redhat Linux 7.0
+ Redhat Linux 6.2 sparc
 + Redhat Linux 6.2 i386
 + Redhat Linux 6.2 alpha
 + Redhat Linux 5.2 sparc
 + Redhat Linux 5.2 i386
 + Redhat Linux 5.2 alpha
 + Redhat Linux 5.2
+ Redhat Linux 6.2
 + SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ SuSE Linux 7.1
+ SuSE Linux 7.0
+ SuSE Linux 6.4
+ SuSE Linux 6.3
+ SuSE Linux 6.2
+ SuSE Linux 6.1
VIM Development Group VIM 5.6
VIM Development Group VIM 5.5
VIM Development Group VIM 5.4
VIM Development Group VIM 5.3
VIM Development Group VIM 5.2
VIM Development Group VIM 5.1
VIM Development Group VIM 5.0
VIM Development Group VIM 7.1
VIM Development Group VIM 7.1
VIM Development Group VIM 7.0
+ Mandriva Linux Mandrake 2007.1 x86_64
 + Mandriva Linux Mandrake 2007.1
 + Mandriva Linux Mandrake 2007.1
 + Mandriva Linux Mandrake 2007.0 x86_64
 + Mandriva Linux Mandrake 2007.0 x86_64
 + Mandriva Linux Mandrake 2007.0
 + Mandriva Linux Mandrake 2007.0
 + Ubuntu Ubuntu Linux 7.04 sparc
 + Ubuntu Ubuntu Linux 7.04 powerpc
 + Ubuntu Ubuntu Linux 7.04 i386
 + Ubuntu Ubuntu Linux 7.04 amd64
 + Ubuntu Ubuntu Linux 6.10 sparc
 + Ubuntu Ubuntu Linux 6.10 powerpc
 + Ubuntu Ubuntu Linux 6.10 i386
 + Ubuntu Ubuntu Linux 6.10 amd64
 VIM Development Group VIM 6.4
Not Vulnerable:

Discussion

Vim Insecure Temporary File Creation Vulnerability

Vim creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks to overwrite arbitrary files in the context of the affected application. Or, the attacker may add arbitrary shell commands to the temporary file to be executed in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files and execute arbitrary commands in the context of the user building Vim.

This issue affects all versions from Vim 5.0 to 7.1 (the current version); Vim 4.6 and 3.0 are not vulnerable.

Exploit / POC

Vim Insecure Temporary File Creation Vulnerability

An attacker uses readily available commands to exploit this issue.

Solution / Fix

Vim Insecure Temporary File Creation Vulnerability

Solution:
Apple has released updates and an advisory. Please see the references for more information.

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report