6.8 - MDKSA-2007:168

Executive Summary

Summary
Title	Updated vim packages fix vulnerability

Informations
Name	MDKSA-2007:168	First vendor Publication	2007-08-21
Vendor	Mandriva	Last vendor Modification	2007-08-21
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A format string vulnerability in the helptags support in vim allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file.

Updated packages have been patched to prevent this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDKSA-2007:168

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11549

Oval ID:	oval:org.mitre.oval:def:11549
Title:	Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
Description:	Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-2953	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section vim-minimal is earlier than 1:6.3.046-0.30E.11 AND vim-enhanced is earlier than 1:6.3.046-0.30E.11 AND vim is earlier than 1:6.3.046-0.30E.11 AND vim-X11 is earlier than 1:6.3.046-0.30E.11 AND vim-common is earlier than 1:6.3.046-0.30E.11 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section vim-minimal is earlier than 1:6.3.046-1.el4_7.5z AND vim-enhanced is earlier than 1:6.3.046-1.el4_7.5z AND vim is earlier than 1:6.3.046-1.el4_7.5z AND vim-X11 is earlier than 1:6.3.046-1.el4_7.5z AND vim-common is earlier than 1:6.3.046-1.el4_7.5z OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section vim-minimal is earlier than 2:7.0.109-4.el5_2.4z AND vim-enhanced is earlier than 2:7.0.109-4.el5_2.4z AND vim is earlier than 2:7.0.109-4.el5_2.4z AND vim-X11 is earlier than 2:7.0.109-4.el5_2.4z AND vim-common is earlier than 2:7.0.109-4.el5_2.4z

Definition Id: oval:org.mitre.oval:def:17506

Oval ID:	oval:org.mitre.oval:def:17506
Title:	USN-505-1 -- vim vulnerability
Description:	Ulf Harnhammar discovered that vim does not properly sanitise the "helptags_one()" function when running the "helptags" command.
Family:	unix	Class:	patch
Reference(s):	USN-505-1 CVE-2007-2953	Version:	5
Platform(s):	Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04	Product(s):	vim
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND vim DPKG is earlier than 1:6.4-006+2ubuntu6.1 AND Release section Ubuntu 6.10 is installed AND vim DPKG is earlier than 1:7.0-035+1ubuntu5.2 AND Release section Ubuntu 7.04 is installed AND vim DPKG is earlier than 1:7.0-164+1ubuntu7.2

Definition Id: oval:org.mitre.oval:def:17989

Oval ID:	oval:org.mitre.oval:def:17989
Title:	DSA-1364-1 vim
Description:	Several vulnerabilities have been discovered in the vim editor.
Family:	unix	Class:	patch
Reference(s):	DSA-1364-1 CVE-2007-2438 CVE-2007-2953	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	vim
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND vim DPKG is earlier than 1:7.0-122+1etch3

Definition Id: oval:org.mitre.oval:def:20483

Oval ID:	oval:org.mitre.oval:def:20483
Title:	DSA-1364-2 vim - several vulnerabilities
Description:	Several vulnerabilities have been discovered in the vim editor.
Family:	unix	Class:	patch
Reference(s):	DSA-1364-2 CVE-2007-2438 CVE-2007-2953	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	vim
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND vim DPKG is earlier than 1:7.0-122+1etch3

Definition Id: oval:org.mitre.oval:def:6463

Oval ID:	oval:org.mitre.oval:def:6463
Title:	Vim HelpTags Command Remote Format String Vulnerability
Description:	Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-2953	Version:	1
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
IF VMWare ESX Server 3.0.3 is installed AND All patches must be installed to not be vulnerable Patch ESX303-200903406-SG is not installed AND Patch ESX303-200903405-SG is not installed AND Patch ESX303-200903403-SG is not installed OR VMWare ESX Server 3.0.2 is installed AND All patches must be installed to not be vulnerable Patch ESX-1008409 is not installed AND Patch ESX-1008408 is not installed AND Patch ESX-1008406 is not installed OR VMware ESX Server 3.5.0 is installed AND All patches must be installed to not be vulnerable Patch ESX350-200904408-SG is not installed AND Patch ESX350-200904407-SG is not installed AND Patch ESX350-200904406-SG is not installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Vim Development Group Vim cpe:2.3:a:vim_development_group:vim:7.1.38:::::::* cpe:2.3:a:vim_development_group:vim:7.1:::::::* cpe:2.3:a:vim_development_group:vim:7.0:::::::* cpe:2.3:a:vim_development_group:vim:6.3.081:::::::* cpe:2.3:a:vim_development_group:vim:6.3.044:::::::* cpe:2.3:a:vim_development_group:vim:6.3.030:::::::* cpe:2.3:a:vim_development_group:vim:6.3.025:::::::* cpe:2.3:a:vim_development_group:vim:6.3.011:::::::* cpe:2.3:a:vim_development_group:vim:6.3:::::::* cpe:2.3:a:vim_development_group:vim:6.2:::::::* cpe:2.3:a:vim_development_group:vim:6.1:::::::* cpe:2.3:a:vim_development_group:vim:6.0:::::::* cpe:2.3:a:vim_development_group:vim:5.8:::::::* cpe:2.3:a:vim_development_group:vim:5.7:::::::* cpe:2.3:a:vim_development_group:vim:5.6:::::::* cpe:2.3:a:vim_development_group:vim:5.5:::::::* cpe:2.3:a:vim_development_group:vim:5.4:::::::* cpe:2.3:a:vim_development_group:vim:5.3:::::::* cpe:2.3:a:vim_development_group:vim:5.2:::::::* cpe:2.3:a:vim_development_group:vim:5.1:::::::* cpe:2.3:a:vim_development_group:vim:5.0:::::::*	21

OpenVAS Exploits

Date	Description
2009-10-10	Name : SLES9: Security update for vim and gvim File : nvt/sles9p5017978.nasl
2009-04-09	Name : Mandriva Update for vim MDKSA-2007:168 (vim) File : nvt/gb_mandriva_MDKSA_2007_168.nasl
2009-03-23	Name : Ubuntu Update for vim vulnerability USN-505-1 File : nvt/gb_ubuntu_USN_505_1.nasl
2009-03-06	Name : RedHat Update for vim RHSA-2008:0580-01 File : nvt/gb_RHSA-2008_0580-01_vim.nasl
2009-03-06	Name : RedHat Update for vim RHSA-2008:0617-01 File : nvt/gb_RHSA-2008_0617-01_vim.nasl
2009-02-27	Name : CentOS Update for vim-common CESA-2008:0617 centos3 i386 File : nvt/gb_CESA-2008_0617_vim-common_centos3_i386.nasl
2009-02-27	Name : CentOS Update for vim-common CESA-2008:0617 centos3 x86_64 File : nvt/gb_CESA-2008_0617_vim-common_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for vim-common CESA-2008:0617 centos4 i386 File : nvt/gb_CESA-2008_0617_vim-common_centos4_i386.nasl
2009-02-27	Name : CentOS Update for vim-common CESA-2008:0617 centos4 x86_64 File : nvt/gb_CESA-2008_0617_vim-common_centos4_x86_64.nasl
2008-09-04	Name : FreeBSD Ports: vim, vim-lite, vim-ruby, vim6, vim6-ruby File : nvt/freebsd_vim1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1364-1 (vim) File : nvt/deb_1364_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1364-2 (vim) File : nvt/deb_1364_2.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
51434	Vim src/ex_cmds.c helptags_one Function helptags Format String
38674	Vim src/ex_cmds.c helptags_one Function help-tags Command Format String

Nessus® Vulnerability Scanner

Date	Description
2016-03-03	Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0004_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0580.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0617.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081125_vim_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0580.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11722.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2009-0004.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0617.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-236.nasl - Type : ACT_GATHER_INFO
2008-11-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0580.nasl - Type : ACT_GATHER_INFO
2008-11-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0617.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gvim-4095.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-505-1.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_gvim-4092.nasl - Type : ACT_GATHER_INFO
2007-09-03	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1364.nasl - Type : ACT_GATHER_INFO
2007-08-28	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-168.nasl - Type : ACT_GATHER_INFO
2007-07-30	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1ed032223c6511dcb3d30016179b2dd5.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:38:50	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	5
CPE ID(s)	21
osvdb(s)	2
Openvas Exploit(s)	12
Nessus® Exploit(s)	17

	Related
6.8	CVE-2007-2953
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

6.8 - MDKSA-2007:168

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU