Executive Summary
| Summary | |
|---|---|
| Title | vim vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-61-1 | First vendor Publication | 2005-01-18 |
| Vendor | Ubuntu | Last vendor Modification | 2005-01-18 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.6 | Attack Range | Local |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: kvim vim vim-gnome vim-gtk vim-lesstif vim-perl vim-python vim-tcl The problem can be corrected by upgrading the affected package to version 1:6.3-025+1ubuntu2.2. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Javier Fernández-Sanguino Peña noticed that the auxillary scripts "tcltags" and "vimspell.sh" created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the script (either by calling it directly or by execution through vim). |
Original Source
| Url : http://www.ubuntu.com/usn/USN-61-1 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:9402 | |||
| Oval ID: | oval:org.mitre.oval:def:9402 | ||
| Title: | The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files. | ||
| Description: | The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-0069 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 4 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 12883 | Vim vimspell.sh Script Symlink Arbitrary File Overwrite Vim contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to the tclflags and vimspell.sh scripts creating temporary files insecurely allowing an attacker to create symlinks and overwrite arbitrary files. This flaw may lead to a loss of Integrity and/or Availability. |
| 12882 | Vim tcltags Script Symlink Arbitrary File Overwrite The tcltags script distributed with vim uses an insecure method to create temporary files. This could allow an attacker to read or possibly change files without appropriate permissions, resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-61-1.nasl - Type : ACT_GATHER_INFO |
| 2005-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-036.nasl - Type : ACT_GATHER_INFO |
| 2005-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-122.nasl - Type : ACT_GATHER_INFO |
| 2005-02-03 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-029.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:05:05 |
|
| 2013-05-11 12:26:13 |
|
