Bug 65025 (CVE-2005-0069)

Summary: VUL-0: CVE-2005-0069: vim: insecure temp file handling
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Mads Martin Joergensen <mmj>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: patch-request, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2005-0069: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: vendor-sec discussion
vim.diff

Description Thomas Biege 2005-01-20 20:23:13 UTC 
Hi mmj, 
and we got another issue. Now it's insecure creation/usage of temp. files. 
 
http://secunia.com/advisories/13841/ 
 
CAN-2005-0069 
 
I'll append the full discussion and patch ASAP.
Comment 1 Thomas Biege 2005-01-20 20:23:13 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Biege 2005-01-20 20:57:27 UTC 
Created attachment 27784 [details]
vendor-sec discussion
Comment 3 Thomas Biege 2005-01-20 20:57:41 UTC 
Created attachment 27785 [details]
vim.diff
Comment 4 Mads Martin Joergensen 2005-01-21 03:00:11 UTC 
Am I right in assuming that since these tools are the nature they are
we just want a fix for STABLE, and don't want to go through full security
update?
Comment 5 Mads Martin Joergensen 2005-01-21 03:14:13 UTC 
Fixed, reopen if you want a full blown advisory.
Comment 6 Thomas Biege 2005-01-21 17:34:17 UTC 
it's ok. thx.
Comment 7 Thomas Biege 2009-10-13 20:59:14 UTC 
CVE-2005-0069: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)