CVE-2001-0409

vim - Unauthenticated Arbitrary File Modification via Symlink Attack on Backup and Swap Files

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0409. PoCs published by zen-parse.

AI-analyzed exploit summary This exploit targets a race condition in Vim's swap file mechanism (CVE-2001-0409) by creating symbolic links to non-existent files, potentially allowing a local user to create files with elevated permissions. The code specifically exploits crontab's temporary file handling on Redhat 7.0.

Description

vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.

Exploits (1)

exploitdb WORKING POC VERIFIED
by zen-parse · clocallinux
https://www.exploit-db.com/exploits/20967

This exploit targets a race condition in Vim's swap file mechanism (CVE-2001-0409) by creating symbolic links to non-existent files, potentially allowing a local user to create files with elevated permissions. The code specifically exploits crontab's temporary file handling on Redhat 7.0.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: Vim (and crontab on Redhat 7.0)
No auth needed
Prerequisites: Local access to the target system · Root user must execute crontab -e during the exploit execution
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_caldera
http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6628
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2001_012_vim.html

Scores

EPSS 0.0063
EPSS Percentile 45.4%

Details

Status published
Products (1)
vim_development_group/vim 5.7
Published Jun 18, 2001
Tracked Since Feb 18, 2026