Executive Summary
Summary | |
---|---|
Title | vim vulnerability |
Informations | |||
---|---|---|---|
Name | USN-463-1 | First vendor Publication | 2007-05-22 |
Vendor | Ubuntu | Last vendor Modification | 2007-05-22 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.6 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.10: Ubuntu 7.04: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines. By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges. |
Original Source
Url : http://www.ubuntu.com/usn/USN-463-1 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22067 | |||
Oval ID: | oval:org.mitre.oval:def:22067 | ||
Title: | ELSA-2007:0346: vim security update (Moderate) | ||
Description: | The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0346-01 CVE-2007-2438 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | vim |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9876 | |||
Oval ID: | oval:org.mitre.oval:def:9876 | ||
Title: | The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. | ||
Description: | The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2438 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for vim MDKSA-2007:101 (vim) File : nvt/gb_mandriva_MDKSA_2007_101.nasl |
2009-03-23 | Name : Ubuntu Update for vim vulnerability USN-463-1 File : nvt/gb_ubuntu_USN_463_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1364-1 (vim) File : nvt/deb_1364_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1364-2 (vim) File : nvt/deb_1364_2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
35488 | Vim Multiple Function modelines Sandbox Restriction Bypass |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0346.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-463-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_vim-3410.nasl - Type : ACT_GATHER_INFO |
2007-09-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1364.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0346.nasl - Type : ACT_GATHER_INFO |
2007-05-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0346.nasl - Type : ACT_GATHER_INFO |
2007-05-10 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-101.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:22 |
|