Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63500
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1733-1 (vim)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to vim
announced via advisory DSA 1733-1.

Several vulnerabilities have been found in vim, an enhanced vi editor.
The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2008-2712

Jan Minar discovered that vim did not properly sanitise inputs
before invoking the execute or system functions inside vim
scripts. This could lead to the execution of arbitrary code.

CVE-2008-3074

Jan Minar discovered that the tar plugin of vim did not properly
sanitise the filenames in the tar archive or the name of the
archive file itself, making it prone to arbitrary code execution.

CVE-2008-3075

Jan Minar discovered that the zip plugin of vim did not properly
sanitise the filenames in the zip archive or the name of the
archive file itself, making it prone to arbitrary code execution.

CVE-2008-3076

Jan Minar discovered that the netrw plugin of vim did not properly
sanitise the filenames or directory names it is given. This could
lead to the execution of arbitrary code.

CVE-2008-4101

Ben Schmidt discovered that vim did not properly escape characters
when performing keyword or tag lookups. This could lead to the
execution of arbitrary code.


For the stable distribution (lenny), these problems have been fixed in
version 1:7.1.314-3+lenny1, which was already included in the lenny
release.

For the oldstable distribution (etch), these problems have been fixed in
version 1:7.0-122+1etch4.

For the testing distribution (squeeze), these problems have been fixed
in version 1:7.1.314-3+lenny1.

For the unstable distribution (sid), these problems have been fixed in
version 2:7.2.010-1.


Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201733-1

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-2712
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 29715
http://www.securityfocus.com/bid/29715
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
Bugtraq: 20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search)
http://www.securityfocus.com/archive/1/493352/100/0/threaded
Bugtraq: 20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search)
http://www.securityfocus.com/archive/1/493353/100/0/threaded
http://marc.info/?l=bugtraq&m=121494431426308&w=2
Bugtraq: 20080811 rPSA-2008-0247-1 gvim vim vim-minimal (Google Search)
http://www.securityfocus.com/archive/1/495319/100/0/threaded
Bugtraq: 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim (Google Search)
http://www.securityfocus.com/archive/1/502322/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
http://www.rdancer.org/vulnerablevim.html
http://www.openwall.com/lists/oss-security/2008/06/16/2
http://www.openwall.com/lists/oss-security/2008/10/15/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238
http://www.redhat.com/support/errata/RHSA-2008-0580.html
http://www.redhat.com/support/errata/RHSA-2008-0617.html
http://www.redhat.com/support/errata/RHSA-2008-0618.html
http://www.securitytracker.com/id?1020293
http://secunia.com/advisories/30731
http://secunia.com/advisories/32222
http://secunia.com/advisories/32858
http://secunia.com/advisories/32864
http://secunia.com/advisories/33410
http://secunia.com/advisories/34418
http://securityreason.com/securityalert/3951
SuSE Security Announcement: SUSE-SR:2009:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://www.ubuntu.com/usn/USN-712-1
http://www.vupen.com/english/advisories/2008/1851/references
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/0033
http://www.vupen.com/english/advisories/2009/0904
XForce ISS Database: vim-scripts-command-execution(43083)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43083
Common Vulnerability Exposure (CVE) ID: CVE-2008-3074
BugTraq ID: 32462
http://www.securityfocus.com/bid/32462
http://www.rdancer.org/vulnerablevim-shellescape.html
http://www.openwall.com/lists/oss-security/2008/07/07/1
http://www.openwall.com/lists/oss-security/2008/07/07/4
http://www.openwall.com/lists/oss-security/2008/07/08/12
http://www.openwall.com/lists/oss-security/2008/07/10/7
http://www.openwall.com/lists/oss-security/2008/07/13/1
http://www.openwall.com/lists/oss-security/2008/07/15/4
http://www.openwall.com/lists/oss-security/2008/08/01/1
http://www.openwall.com/lists/oss-security/2008/10/20/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754
Common Vulnerability Exposure (CVE) ID: CVE-2008-3075
BugTraq ID: 32463
http://www.securityfocus.com/bid/32463
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246
Common Vulnerability Exposure (CVE) ID: CVE-2008-3076
BugTraq ID: 30115
http://www.securityfocus.com/bid/30115
http://www.rdancer.org/vulnerablevim-netrw.html
http://www.rdancer.org/vulnerablevim-netrw.v2.html
http://marc.info/?l=oss-security&m=122416184431388&w=2
XForce ISS Database: netrw-multiple-code-execution(43624)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43624
Common Vulnerability Exposure (CVE) ID: CVE-2008-4104
http://marc.info/?l=oss-security&m=122118210029084&w=2
http://marc.info/?l=oss-security&m=122115344915232&w=2
http://marc.info/?l=oss-security&m=122152798516853&w=2
http://securityreason.com/securityalert/4275
XForce ISS Database: joomla-url-phishing(45071)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45071
Common Vulnerability Exposure (CVE) ID: CVE-2008-4101
BugTraq ID: 30795
http://www.securityfocus.com/bid/30795
Bugtraq: 20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g] (Google Search)
http://www.securityfocus.com/archive/1/495662
Bugtraq: 20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g] (Google Search)
http://www.securityfocus.com/archive/1/495703
http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
http://www.rdancer.org/vulnerablevim-K.html
http://www.openwall.com/lists/oss-security/2008/09/11/4
http://www.openwall.com/lists/oss-security/2008/09/11/3
http://www.openwall.com/lists/oss-security/2008/09/16/5
http://www.openwall.com/lists/oss-security/2008/09/16/6
http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812
http://secunia.com/advisories/31592
XForce ISS Database: vim-normal-command-execution(44626)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.