Executive Summary

Informations
NameCVE-2009-0316First vendor Publication2009-01-28
VendorCveLast vendor Modification2010-04-01

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score6.9Attack RangeLocal
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0316

CPE : Common Platform Enumeration

TypeDescriptionCount
Application21

OpenVAS Exploits

DateDescription
2010-05-12Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2009-06-05Name : Ubuntu USN-723-1 (git-core)
File : nvt/ubuntu_723_1.nasl
2009-03-02Name : Mandrake Security Advisory MDVSA-2009:047-1 (vim)
File : nvt/mdksa_2009_047_1.nasl
2009-02-23Name : Mandrake Security Advisory MDVSA-2009:047 (vim)
File : nvt/mdksa_2009_047.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
53373Python PySys_SetArgv API Function Search Path Subversion Local Privilege Esca...

Nessus® Vulnerability Scanner

DateDescription
2011-01-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0027.nasl - Type : ACT_GATHER_INFO
2010-03-29Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_1_gvim-090225.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_gvim-090225.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-047.nasl - Type : ACT_GATHER_INFO
2009-03-13Name : The remote openSUSE host is missing a security update.
File : suse_gvim-6023.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BIDhttp://www.securityfocus.com/bid/33447
CONFIRMhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937
http://support.apple.com/kb/HT4077
https://bugzilla.redhat.com/show_bug.cgi?id=481565
https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official...
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:047
MISChttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305
MLISThttp://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrust...
http://www.openwall.com/lists/oss-security/2009/01/26/2
XFhttp://xforce.iss.net/xforce/xfdb/48275

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:48:35
  • Multiple Updates
2013-05-10 23:43:06
  • Multiple Updates