VYPR
Unrated severityNVD Advisory· Published Jul 24, 2008· Updated Jun 16, 2026

CVE-2008-3294

CVE-2008-3294

Description

src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17
  • Vim/Vim17 versions
    cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*
    • (no CPE)range: 5.0 - 7.1

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.