[VIM] new vuln trend?

Steven M. Christey coley at linus.mitre.org
Sun Aug 7 17:51:51 EDT 2005


Makes sense to me, alas.

Quite likely there are Unix equivalents, but I don't recall seeing any
reported vulns, so if there have been some in the past, they were probably
reported years ago.

Sounds like Cesar Cerrudo discussed shared sections during CanSecWest:

  http://blog.ncircle.com/archives/2005/05/cansec_west_sec_2.htm

To my evolving way of thinking, this is basically the use of a "new"
alternate channel for exploitation beyond regular old files, command line
arguments, CGI query strings, etc.  An alternate channel does not pose a
vulnerability in and of itself; but if it's trusted or improperly
validated, it becomes a new vector for an attacker, even when the
traditional channels are protected.  Buffer overflows, SQL injection, any
type of vuln you already have, is then potentially exploitable through the
alternate channel; but such vulnerabilities would likely be resultant from
the primary vulnerability, i.e. bad permissions or privileges.

- Steve


More information about the VIM mailing list