------------------------------------------------------------------------
BCSA 009
Badly Coded, Inc. Security Advisory                 September 18th, 2017
------------------------------------------------------------------------
BCSA-009: ":%!" filter command BCVI 1.0 allows local root execution

Affected versions: 1.0 and earlier
Fixed versions: 1.1 and later

BCVI contains an ex-mode command ":%!" which causes the contents of
the editor to be filtered through an external program. Because the
external program runs with the same privileges as the BCVI process,
this feature allowed a privilege-escalation vulnerability when
filtering was performed in "sudobcvi" mode: the filter program of the
user's choosing was executed with root privileges. To avoid this
problem, versions 1.1 and later of BCVI have limited the operation of
this feature in sudobcvi mode to a selected list of external programs
with limited functionality such as /usr/bin/expand. We would like to
acknowledge a number of students from the University of Minnesota's
Computer Science and Engineering 5271 course who reported this
vulnerability.

All BCVI users are recommended to upgrade at their earliest
convenience.