Executive Summary

Informations
NameCVE-2008-3075First vendor Publication2009-02-21
VendorCveLast vendor Modification2010-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3075

CWE : Common Weakness Enumeration

idName
CWE-94Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10246
 
Oval ID: oval:org.mitre.oval:def:10246
Title: The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
Description: The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3075
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application6
Application11

OpenVAS Exploits

DateDescription
2009-04-09Name : Mandriva Update for vim MDVSA-2008:236 (vim)
File : nvt/gb_mandriva_MDVSA_2008_236.nasl
2009-04-09Name : Mandriva Update for vim MDVSA-2008:236-1 (vim)
File : nvt/gb_mandriva_MDVSA_2008_236_1.nasl
2009-03-31Name : SuSE Security Summary SUSE-SR:2009:007
File : nvt/suse_sr_2009_007.nasl
2009-03-07Name : Debian Security Advisory DSA 1733-1 (vim)
File : nvt/deb_1733_1.nasl
2009-03-06Name : RedHat Update for vim RHSA-2008:0580-01
File : nvt/gb_RHSA-2008_0580-01_vim.nasl
2008-12-02Name : Vim Shell Command Injection Vulnerability (Linux)
File : nvt/secpod_vim_shell_cmd_injection_vuln_lin_900412.nasl
2008-12-02Name : Vim Shell Command Injection Vulnerability (Win)
File : nvt/secpod_vim_shell_cmd_injection_vuln_win_900411.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
52162Vim ZIP Plugin (zipPlugin.vim) shellescape Function Filename Handling Arbitra...

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0580.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081125_vim_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0580.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_1_gvim-090225.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_gvim-090225.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-236.nasl - Type : ACT_GATHER_INFO
2009-03-13Name : The remote openSUSE host is missing a security update.
File : suse_gvim-6023.nasl - Type : ACT_GATHER_INFO
2009-03-04Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1733.nasl - Type : ACT_GATHER_INFO
2008-11-25Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0580.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/32463
BUGTRAQhttp://marc.info/?l=bugtraq&m=121494431426308&w=2
CONFIRMhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324
https://bugzilla.redhat.com/show_bug.cgi?id=467432
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:236
MISChttp://www.rdancer.org/vulnerablevim.html
MLISThttp://www.openwall.com/lists/oss-security/2008/07/07/1
http://www.openwall.com/lists/oss-security/2008/07/07/4
http://www.openwall.com/lists/oss-security/2008/07/08/12
http://www.openwall.com/lists/oss-security/2008/07/10/7
http://www.openwall.com/lists/oss-security/2008/07/13/1
http://www.openwall.com/lists/oss-security/2008/07/15/4
http://www.openwall.com/lists/oss-security/2008/08/01/1
http://www.openwall.com/lists/oss-security/2008/10/15/1
http://www.openwall.com/lists/oss-security/2008/10/20/2
REDHAThttp://www.redhat.com/support/errata/RHSA-2008-0580.html
SECUNIAhttp://secunia.com/advisories/34418
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:45:37
  • Multiple Updates
2013-05-11 00:20:58
  • Multiple Updates