Executive Summary
Summary | |
---|---|
Title | New vim packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1364 | First vendor Publication | 2007-09-01 |
Vendor | Debian | Last vendor Modification | 2007-09-19 |
Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.6 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in the vim editor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2953 Ulf Harnhammar discovered that a format string flaw in helptags_one() from src/ex_cmds.c (triggered through the "helptags" command) can lead to the execution of arbitrary code. CVE-2007-2438 Editors often provide a way to embed editor configuration commands (aka modelines) which are executed once a file is opened. Harmful commands are filtered by a sandbox mechanism. It was discovered that function calls to writefile(), feedkeys() and system() were not filtered, allowing shell command execution with a carefully crafted file opened in vim. This updated advisory repairs issues with missing files in the packages for the oldstable distribution (sarge) for the alpha, mips, and mipsel architectures. For the oldstable distribution (sarge) these problems have been fixed in version 6.3-071+1sarge2. Sarge is not affected by CVE-2007-2438. For the stable distribution (etch) these problems have been fixed in version 7.0-122+1etch3. For the unstable distribution (sid) these problems have been fixed in version 7.1-056+1. We recommend that you upgrade your vim packages. - |
Original Source
Url : http://www.debian.org/security/2007/dsa-1364 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11549 | |||
Oval ID: | oval:org.mitre.oval:def:11549 | ||
Title: | Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. | ||
Description: | Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2953 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17506 | |||
Oval ID: | oval:org.mitre.oval:def:17506 | ||
Title: | USN-505-1 -- vim vulnerability | ||
Description: | Ulf Harnhammar discovered that vim does not properly sanitise the "helptags_one()" function when running the "helptags" command. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-505-1 CVE-2007-2953 | Version: | 5 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 | Product(s): | vim |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17989 | |||
Oval ID: | oval:org.mitre.oval:def:17989 | ||
Title: | DSA-1364-1 vim | ||
Description: | Several vulnerabilities have been discovered in the vim editor. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1364-1 CVE-2007-2438 CVE-2007-2953 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | vim |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20483 | |||
Oval ID: | oval:org.mitre.oval:def:20483 | ||
Title: | DSA-1364-2 vim - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the vim editor. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1364-2 CVE-2007-2438 CVE-2007-2953 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | vim |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22067 | |||
Oval ID: | oval:org.mitre.oval:def:22067 | ||
Title: | ELSA-2007:0346: vim security update (Moderate) | ||
Description: | The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0346-01 CVE-2007-2438 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | vim |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6463 | |||
Oval ID: | oval:org.mitre.oval:def:6463 | ||
Title: | Vim HelpTags Command Remote Format String Vulnerability | ||
Description: | Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2953 | Version: | 1 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9876 | |||
Oval ID: | oval:org.mitre.oval:def:9876 | ||
Title: | The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. | ||
Description: | The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2438 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for vim and gvim File : nvt/sles9p5017978.nasl |
2009-04-09 | Name : Mandriva Update for vim MDKSA-2007:101 (vim) File : nvt/gb_mandriva_MDKSA_2007_101.nasl |
2009-04-09 | Name : Mandriva Update for vim MDKSA-2007:168 (vim) File : nvt/gb_mandriva_MDKSA_2007_168.nasl |
2009-03-23 | Name : Ubuntu Update for vim vulnerability USN-463-1 File : nvt/gb_ubuntu_USN_463_1.nasl |
2009-03-23 | Name : Ubuntu Update for vim vulnerability USN-505-1 File : nvt/gb_ubuntu_USN_505_1.nasl |
2009-03-06 | Name : RedHat Update for vim RHSA-2008:0580-01 File : nvt/gb_RHSA-2008_0580-01_vim.nasl |
2009-03-06 | Name : RedHat Update for vim RHSA-2008:0617-01 File : nvt/gb_RHSA-2008_0617-01_vim.nasl |
2009-02-27 | Name : CentOS Update for vim-common CESA-2008:0617 centos3 i386 File : nvt/gb_CESA-2008_0617_vim-common_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for vim-common CESA-2008:0617 centos3 x86_64 File : nvt/gb_CESA-2008_0617_vim-common_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for vim-common CESA-2008:0617 centos4 i386 File : nvt/gb_CESA-2008_0617_vim-common_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for vim-common CESA-2008:0617 centos4 x86_64 File : nvt/gb_CESA-2008_0617_vim-common_centos4_x86_64.nasl |
2008-09-04 | Name : FreeBSD Ports: vim, vim-lite, vim-ruby, vim6, vim6-ruby File : nvt/freebsd_vim1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1364-1 (vim) File : nvt/deb_1364_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1364-2 (vim) File : nvt/deb_1364_2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
51434 | Vim src/ex_cmds.c helptags_one Function helptags Format String |
38674 | Vim src/ex_cmds.c helptags_one Function help-tags Command Format String |
35488 | Vim Multiple Function modelines Sandbox Restriction Bypass |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0004_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0617.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0580.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0346.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081125_vim_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0580.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11722.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2009-0004.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-236.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0617.nasl - Type : ACT_GATHER_INFO |
2008-11-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0580.nasl - Type : ACT_GATHER_INFO |
2008-11-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0617.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gvim-4095.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-463-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-505-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_gvim-4092.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_vim-3410.nasl - Type : ACT_GATHER_INFO |
2007-09-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1364.nasl - Type : ACT_GATHER_INFO |
2007-08-28 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-168.nasl - Type : ACT_GATHER_INFO |
2007-07-30 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1ed032223c6511dcb3d30016179b2dd5.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0346.nasl - Type : ACT_GATHER_INFO |
2007-05-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0346.nasl - Type : ACT_GATHER_INFO |
2007-05-10 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-101.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:51 |
|