漏洞类别:Amazon Linux
漏洞等级: 
漏洞信息
A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. (modelines are disabled by default for root, and enabled by default for other users.)
漏洞危害
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
解决方案
Please refer to Amazon advisory ALAS-2016-779 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
ALAS-2016-779: Amazon Linux (vim (8.0.0134-1.43.amzn1) on i686)
ALAS-2016-779: Amazon Linux (vim (8.0.0134-1.43.amzn1) on x86_64)
ALAS-2016-779: Amazon Linux (vim (8.0.0134-1.43.amzn1) on src)
0day
文章评论