Home

CVE-2017-17087

Description

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editors primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.161

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-17087 are affected in Vim 8.0.1262Windows
Vi IMproved - enhanced vi editor (USN-4582-1) vim_7.4.1689-3ubuntu1.5_i386.debLinux
Vi IMproved - enhanced vi editor (USN-4582-1) vim_7.4.1689-3ubuntu1.5_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-4582-1) vim_8.0.1453-1ubuntu1.4_i386.debLinux
Vi IMproved - enhanced vi editor (USN-4582-1) vim_8.0.1453-1ubuntu1.4_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.0.1453-1ubuntu1.7_i386.debLinux
Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.0.1453-1ubuntu1.7_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.1.2269-1ubuntu5.4_i386.debLinux
Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.1.2269-1ubuntu5.4_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.2.2434-1ubuntu1.3_i386.debLinux
Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.2.2434-1ubuntu1.3_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.2.2434-3ubuntu3.1_i386.debLinux
Vi IMproved - enhanced vi editor (USN-5147-1) vim_8.2.2434-3ubuntu3.1_amd64.debLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) gvim-9.0.0814-17.9.1.x86_64.rpmLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) gvim-debuginfo-9.0.0814-17.9.1.x86_64.rpmLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) vim-data-9.0.0814-17.9.1.noarch.rpmLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) vim-data-common-9.0.0814-17.9.1.noarch.rpmLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) vim-debugsource-9.0.0814-17.9.1.x86_64.rpmLinux
SUSE-SU-2022:2102-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) vim-8.2.5038-150000.5.21.1.x86_64_15_SP3.rpmLinux
SUSE-SU-2022:2102-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) vim-small-8.2.5038-150000.5.21.1.x86_64_15_SP3.rpmLinux
SUSE-SU-2022:2102-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) vim-data-8.2.5038-150000.5.21.1.noarch_15_SP3.rpmLinux
SUSE-SU-2022:2102-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) vim-data-common-8.2.5038-150000.5.21.1.noarch_15_SP3.rpmLinux
Vi IMproved - enhanced vi editor (USN-4582-1) vim-common_8.0.1453-1ubuntu1.4_all.debLinux
Vi IMproved - enhanced vi editor (USN-4582-1) vim-runtime_8.0.1453-1ubuntu1.4_all.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234