CVE-2008-3294

Public Date:
2008-07-17
CWE:
CWE-377
Bugzilla:
456647: CVE-2008-3294 vim: insecure temporary file usage in configure script

The MITRE CVE dictionary describes this issue as:

src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.

Find out more about CVE-2008-3294 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue can only be exploited during the package build and it does not affect users of pre-built packages distributed with Red Hat Enterprise Linux. Therefore, we do not plan to backport a fix for this issue to already released version of Red Hat Enterprise Linux 2.1, 3, 4, and 5.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.