Description
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.
References (7)
Core 7
Core References
Issue Tracking, Mailing List, Third Party Advisory x_refsource_misc
https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ
Mailing List x_refsource_misc
http://openwall.com/lists/oss-security/2017/11/27/2
Issue Tracking, Third Party Advisory x_refsource_misc
http://security.cucumberlinux.com/security/details.php?id=166
Patch, Third Party Advisory x_refsource_misc
https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4582-1/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html
Scores
CVSS v3
5.5
EPSS
0.0016
EPSS Percentile
36.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-668
Status
published
Products (5)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
debian/debian_linux
8.0
debian/debian_linux
9.0
vim/vim
< 8.0.1263
Published
Dec 01, 2017
Tracked Since
Feb 18, 2026