CVE-2017-17087 : fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be di

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.

Published 2017-12-01 08:29:01

Updated 2022-02-20 05:58:56

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2017-17087

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-17087

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2017-17087

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-17087

https://usn.ubuntu.com/4582-1/

USN-4582-1: Vim vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
http://security.cucumberlinux.com/security/details.php?id=166

CLD-166 Details
Issue Tracking;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html

[SECURITY] [DLA 2876-1] vim security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8

patch 8.0.1263: others can read the swap file if a user is careless · vim/vim@5a73e0c · GitHub
Patch;Third Party Advisory
https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ

Security risk of vim swap files - Google Groepen
Issue Tracking;Mailing List;Third Party Advisory
http://openwall.com/lists/oss-security/2017/11/27/2

oss-security - Re: Re: Security risk of server side text editing ...
Mailing List
https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html

[SECURITY] [DLA 1871-1] vim security update
Mailing List;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2017-17087

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
VIM » VIM
Versions before (<) 8.0.1263
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-17087

Exploit prediction scoring system (EPSS) score for CVE-2017-17087

CVSS scores for CVE-2017-17087

CWE ids for CVE-2017-17087

References for CVE-2017-17087

Products affected by CVE-2017-17087