CVE-2017-1000382LOW
Description
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.
References
http://security.cucumberlinux.com/security/details.php?id=120
Details
Source: MITRE
Published: 2017-10-31
Updated: 2017-11-27
Type: CWE-200
Risk Information
CVSS v2.0
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
CVSS v3.0
Base Score: 5.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:* versions up to 8.0.1187 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 121973 | Photon OS 2.0: Vim PHSA-2018-2.0-0076 | Nessus | PhotonOS Local Security Checks | low |
| 121867 | Photon OS 1.0: Vim PHSA-2018-1.0-0167 | Nessus | PhotonOS Local Security Checks | high |
| 111960 | Photon OS 2.0: Blktrace / Systemd / Vim PHSA-2018-2.0-0076 (deprecated) | Nessus | PhotonOS Local Security Checks | medium |
| 111946 | Photon OS 1.0: Blktrace / Libmspack / Ntp / Openjdk / Perl / Systemd / Vim PHSA-2018-1.0-0167 (deprecated) | Nessus | PhotonOS Local Security Checks | high |