Vulnerabilities > CVE-2008-3076 - OS Command Injection vulnerability in VIM 7.2A.10

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
vim
CWE-78
critical
nessus
exploit available

Summary

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.

Vulnerable Configurations

Part Description Count
Application
Vim
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
  • Command Delimiters
    An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or a blacklist input validation, as opposed to whitelist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or blacklist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
  • Exploiting Multiple Input Interpretation Layers
    An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
  • Argument Injection
    An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.
  • OS Command Injection
    In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.

Exploit-Db

descriptionNetrw 125 Vim Script Multiple Command Execution Vulnerabilities. CVE-2008-3076. Remote exploit for linux platform
idEDB-ID:32012
last seen2016-02-03
modified2008-07-07
published2008-07-07
reporterJan Minar
sourcehttps://www.exploit-db.com/download/32012/
titleNetrw 125 Vim Script Multiple Command Execution Vulnerabilities

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20081125_VIM_ON_SL3_X.NASL
    descriptionSeveral input sanitization flaws were found in Vim
    last seen2020-06-01
    modified2020-06-02
    plugin id60500
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60500
    titleScientific Linux Security Update : vim on SL3.x, SL4.x, SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60500);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:18");
    
      script_cve_id("CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-3432", "CVE-2008-4101");
    
      script_name(english:"Scientific Linux Security Update : vim on SL3.x, SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several input sanitization flaws were found in Vim's keyword and tag
    handling. If Vim looked up a document's maliciously crafted tag or
    keyword, it was possible to execute arbitrary code as the user running
    Vim. (CVE-2008-4101)
    
    SL3 and SL4 Only: A heap-based overflow flaw was discovered in Vim's
    expansion of file name patterns with shell wildcards. An attacker
    could create a specially crafted file or directory name that, when
    opened by Vim, caused the application to crash or, possibly, execute
    arbitrary code. (CVE-2008-3432)
    
    SL5 Only: Multiple security flaws were found in netrw.vim, the Vim
    plug-in providing file reading and writing over the network. If a user
    opened a specially crafted file or directory with the netrw plug-in,
    it could result in arbitrary code execution as the user running Vim.
    (CVE-2008-3076)
    
    SL5 Only: A security flaw was found in zip.vim, the Vim plug-in that
    handles ZIP archive browsing. If a user opened a ZIP archive using the
    zip.vim plug-in, it could result in arbitrary code execution as the
    user running Vim. (CVE-2008-3075)
    
    SL5 Only: A security flaw was found in tar.vim, the Vim plug-in which
    handles TAR archive browsing. If a user opened a TAR archive using the
    tar.vim plug-in, it could result in arbitrary code execution as the
    user runnin Vim. (CVE-2008-3074)
    
    Several input sanitization flaws were found in various Vim system
    functions. If a user opened a specially crafted file, it was possible
    to execute arbitrary code as the user running Vim. (CVE-2008-2712)
    
    Ulf Härnhammar, of Secunia Research, discovered a format string
    flaw in Vim's help tag processor. If a user was tricked into executing
    the 'helptags' command on malicious data, arbitrary code could be
    executed with the permissions of the user running Vim. (CVE-2007-2953)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0811&L=scientific-linux-errata&T=0&P=1936
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7ee91c3b"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 78, 94, 119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL3", reference:"vim-X11-6.3.046-0.30E.11")) flag++;
    if (rpm_check(release:"SL3", reference:"vim-common-6.3.046-0.30E.11")) flag++;
    if (rpm_check(release:"SL3", reference:"vim-enhanced-6.3.046-0.30E.11")) flag++;
    if (rpm_check(release:"SL3", reference:"vim-minimal-6.3.046-0.30E.11")) flag++;
    
    if (rpm_check(release:"SL4", reference:"vim-X11-6.3.046-1.el4_7.5z")) flag++;
    if (rpm_check(release:"SL4", reference:"vim-common-6.3.046-1.el4_7.5z")) flag++;
    if (rpm_check(release:"SL4", reference:"vim-enhanced-6.3.046-1.el4_7.5z")) flag++;
    if (rpm_check(release:"SL4", reference:"vim-minimal-6.3.046-1.el4_7.5z")) flag++;
    
    if (rpm_check(release:"SL5", reference:"vim-X11-7.0.109-4.el5_2.4z")) flag++;
    if (rpm_check(release:"SL5", reference:"vim-common-7.0.109-4.el5_2.4z")) flag++;
    if (rpm_check(release:"SL5", reference:"vim-enhanced-7.0.109-4.el5_2.4z")) flag++;
    if (rpm_check(release:"SL5", reference:"vim-minimal-7.0.109-4.el5_2.4z")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-236.NASL
    descriptionSeveral vulnerabilities were found in the vim editor : A number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712). Ulf H&Atilde;&curren;rnhammar of Secunia Research found a format string flaw in vim
    last seen2020-06-01
    modified2020-06-02
    plugin id36821
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36821
    titleMandriva Linux Security Advisory : vim (MDVSA-2008:236-1)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2008:236. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(36821);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:50");
    
      script_cve_id("CVE-2007-2953", "CVE-2008-2712", "CVE-2008-2953", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4101", "CVE-2008-4677");
      script_bugtraq_id(25095);
      script_xref(name:"MDVSA", value:"2008:236-1");
    
      script_name(english:"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were found in the vim editor :
    
    A number of input sanitization flaws were found in various vim system
    functions. If a user were to open a specially crafted file, it would
    be possible to execute arbitrary code as the user running vim
    (CVE-2008-2712).
    
    Ulf H&Atilde;&curren;rnhammar of Secunia Research found a format
    string flaw in vim's help tags processor. If a user were tricked into
    executing the helptags command on malicious data, it could result in
    the execution of arbitrary code as the user running vim
    (CVE-2008-2953).
    
    A flaw was found in how tar.vim handled TAR archive browsing. If a
    user were to open a special TAR archive using the plugin, it could
    result in the execution of arbitrary code as the user running vim
    (CVE-2008-3074).
    
    A flaw was found in how zip.vim handled ZIP archive browsing. If a
    user were to open a special ZIP archive using the plugin, it could
    result in the execution of arbitrary code as the user running vim
    (CVE-2008-3075).
    
    A number of security flaws were found in netrw.vim, the vim plugin
    that provides the ability to read and write files over the network. If
    a user opened a specially crafted file or directory with the netrw
    plugin, it could result in the execution of arbitrary code as the user
    running vim (CVE-2008-3076).
    
    A number of input validation flaws were found in vim's keyword and tag
    handling. If vim looked up a document's maliciously crafted tag or
    keyword, it was possible to execute arbitary code as the user running
    vim (CVE-2008-4101).
    
    A vulnerability was found in certain versions of netrw.vim where it
    would send FTP credentials stored for an FTP session to subsequent FTP
    sessions to servers on different hosts, exposing FTP credentials to
    remote hosts (CVE-2008-4677).
    
    This update provides vim 7.2 (patchlevel 65) which corrects all of
    these issues and introduces a number of new features and bug fixes.
    
    Update :
    
    The previous vim update incorrectly introduced a requirement on
    libruby and also conflicted with a file from the git-core package (in
    contribs). These issues have been corrected with these updated
    packages."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 78, 94, 255);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vim-X11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vim-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vim-enhanced");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vim-minimal");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/12/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2008.0", reference:"vim-X11-7.2.065-9.3mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"vim-common-7.2.065-9.3mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"vim-enhanced-7.2.065-9.3mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"vim-minimal-7.2.065-9.3mdv2008.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2008.1", reference:"vim-X11-7.2.065-9.3mdv2008.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.1", reference:"vim-common-7.2.065-9.3mdv2008.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.1", reference:"vim-enhanced-7.2.065-9.3mdv2008.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.1", reference:"vim-minimal-7.2.065-9.3mdv2008.1", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2009.0", reference:"vim-X11-7.2.065-9.3mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"vim-common-7.2.065-9.3mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"vim-enhanced-7.2.065-9.3mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"vim-minimal-7.2.065-9.3mdv2009.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_GVIM-090225.NASL
    descriptionThe VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs. CVE-2008-4677: The netrw plugin sent credentials to all servers. CVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used. CVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed. CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677: credential disclosure by netrw plugin
    last seen2020-06-01
    modified2020-06-02
    plugin id39980
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39980
    titleopenSUSE Security Update : gvim (gvim-561)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update gvim-561.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39980);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:34");
    
      script_cve_id("CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4677", "CVE-2008-6235", "CVE-2009-0316");
    
      script_name(english:"openSUSE Security Update : gvim (gvim-561)");
      script_summary(english:"Check for the gvim-561 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The VI Improved editor (vim) was updated to version 7.2.108 to fix
    various security problems and other bugs.
    
    CVE-2008-4677: The netrw plugin sent credentials to all servers.
    CVE-2009-0316: The python support used a search path including the
    current directory, allowing code injection when python code was used.
    CVE-2008-2712: Arbitrary code execution in vim helper plugins
    filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.
    CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code
    injection CVE-2008-3076: several netrw bugs, code injection
    CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:
    credential disclosure by netrw plugin"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=406693"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=436755"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=439148"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=457098"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=465255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=470100"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gvim packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 78, 94, 255);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-enhanced");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.0", reference:"gvim-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"vim-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"vim-base-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"vim-data-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"vim-enhanced-7.2-9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0580.NASL
    descriptionUpdated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim
    last seen2020-06-01
    modified2020-06-02
    plugin id34953
    published2008-11-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34953
    titleRHEL 5 : vim (RHSA-2008:0580)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0580. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34953);
      script_version ("1.28");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4101", "CVE-2008-6235");
      script_bugtraq_id(25095);
      script_xref(name:"RHSA", value:"2008:0580");
    
      script_name(english:"RHEL 5 : vim (RHSA-2008:0580)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated vim packages that fix security issues are now available for
    Red Hat Enterprise Linux 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Vim (Visual editor IMproved) is an updated and improved version of the
    vi editor.
    
    Several input sanitization flaws were found in Vim's keyword and tag
    handling. If Vim looked up a document's maliciously crafted tag or
    keyword, it was possible to execute arbitrary code as the user running
    Vim. (CVE-2008-4101)
    
    Multiple security flaws were found in netrw.vim, the Vim plug-in
    providing file reading and writing over the network. If a user opened
    a specially crafted file or directory with the netrw plug-in, it could
    result in arbitrary code execution as the user running Vim.
    (CVE-2008-3076)
    
    A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
    archive browsing. If a user opened a ZIP archive using the zip.vim
    plug-in, it could result in arbitrary code execution as the user
    running Vim. (CVE-2008-3075)
    
    A security flaw was found in tar.vim, the Vim plug-in which handles
    TAR archive browsing. If a user opened a TAR archive using the tar.vim
    plug-in, it could result in arbitrary code execution as the user
    runnin Vim. (CVE-2008-3074)
    
    Several input sanitization flaws were found in various Vim system
    functions. If a user opened a specially crafted file, it was possible
    to execute arbitrary code as the user running Vim. (CVE-2008-2712)
    
    Ulf Harnhammar, of Secunia Research, discovered a format string flaw
    in Vim's help tag processor. If a user was tricked into executing the
    'helptags' command on malicious data, arbitrary code could be executed
    with the permissions of the user running Vim. (CVE-2007-2953)
    
    All Vim users are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2953"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-2712"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3075"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-4101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-6235"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0580"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 78, 94);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:vim-X11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:vim-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:vim-enhanced");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:vim-minimal");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0580";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"vim-X11-7.0.109-4.el5_2.4z")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"vim-X11-7.0.109-4.el5_2.4z")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"vim-X11-7.0.109-4.el5_2.4z")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"vim-common-7.0.109-4.el5_2.4z")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"vim-common-7.0.109-4.el5_2.4z")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"vim-common-7.0.109-4.el5_2.4z")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"vim-enhanced-7.0.109-4.el5_2.4z")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"vim-enhanced-7.0.109-4.el5_2.4z")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"vim-enhanced-7.0.109-4.el5_2.4z")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"vim-minimal-7.0.109-4.el5_2.4z")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"vim-minimal-7.0.109-4.el5_2.4z")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"vim-minimal-7.0.109-4.el5_2.4z")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim-X11 / vim-common / vim-enhanced / vim-minimal");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GVIM-6023.NASL
    descriptionThe VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs. CVE-2008-4677: The netrw plugin sent credentials to all servers. CVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used. CVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed. CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677: credential disclosure by netrw plugin
    last seen2020-06-01
    modified2020-06-02
    plugin id35921
    published2009-03-13
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35921
    titleopenSUSE 10 Security Update : gvim (gvim-6023)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update gvim-6023.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(35921);
      script_version ("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:36");
    
      script_cve_id("CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4677", "CVE-2008-6235", "CVE-2009-0316");
    
      script_name(english:"openSUSE 10 Security Update : gvim (gvim-6023)");
      script_summary(english:"Check for the gvim-6023 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The VI Improved editor (vim) was updated to version 7.2.108 to fix
    various security problems and other bugs.
    
    CVE-2008-4677: The netrw plugin sent credentials to all servers.
    CVE-2009-0316: The python support used a search path including the
    current directory, allowing code injection when python code was used.
    CVE-2008-2712: Arbitrary code execution in vim helper plugins
    filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.
    CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code
    injection CVE-2008-3076: several netrw bugs, code injection
    CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:
    credential disclosure by netrw plugin"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gvim packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 78, 94, 255);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-enhanced");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.3", reference:"gvim-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"vim-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"vim-base-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"vim-data-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"vim-enhanced-7.2-9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0580.NASL
    descriptionUpdated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim
    last seen2020-06-01
    modified2020-06-02
    plugin id43697
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43697
    titleCentOS 5 : vim (CESA-2008:0580)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0580 and 
    # CentOS Errata and Security Advisory 2008:0580 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43697);
      script_version("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:04");
    
      script_cve_id("CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4101", "CVE-2008-6235");
      script_bugtraq_id(25095);
      script_xref(name:"RHSA", value:"2008:0580");
    
      script_name(english:"CentOS 5 : vim (CESA-2008:0580)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated vim packages that fix security issues are now available for
    Red Hat Enterprise Linux 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Vim (Visual editor IMproved) is an updated and improved version of the
    vi editor.
    
    Several input sanitization flaws were found in Vim's keyword and tag
    handling. If Vim looked up a document's maliciously crafted tag or
    keyword, it was possible to execute arbitrary code as the user running
    Vim. (CVE-2008-4101)
    
    Multiple security flaws were found in netrw.vim, the Vim plug-in
    providing file reading and writing over the network. If a user opened
    a specially crafted file or directory with the netrw plug-in, it could
    result in arbitrary code execution as the user running Vim.
    (CVE-2008-3076)
    
    A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
    archive browsing. If a user opened a ZIP archive using the zip.vim
    plug-in, it could result in arbitrary code execution as the user
    running Vim. (CVE-2008-3075)
    
    A security flaw was found in tar.vim, the Vim plug-in which handles
    TAR archive browsing. If a user opened a TAR archive using the tar.vim
    plug-in, it could result in arbitrary code execution as the user
    runnin Vim. (CVE-2008-3074)
    
    Several input sanitization flaws were found in various Vim system
    functions. If a user opened a specially crafted file, it was possible
    to execute arbitrary code as the user running Vim. (CVE-2008-2712)
    
    Ulf Harnhammar, of Secunia Research, discovered a format string flaw
    in Vim's help tag processor. If a user was tricked into executing the
    'helptags' command on malicious data, arbitrary code could be executed
    with the permissions of the user running Vim. (CVE-2007-2953)
    
    All Vim users are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-November/015453.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ab334c2c"
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-November/015454.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?928c4900"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected vim packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 78, 94);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:vim-X11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:vim-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:vim-enhanced");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:vim-minimal");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"vim-X11-7.0.109-4.el5_2.4z")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"vim-common-7.0.109-4.el5_2.4z")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"vim-enhanced-7.0.109-4.el5_2.4z")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"vim-minimal-7.0.109-4.el5_2.4z")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim-X11 / vim-common / vim-enhanced / vim-minimal");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1733.NASL
    descriptionSeveral vulnerabilities have been found in vim, an enhanced vi editor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-2712 Jan Minar discovered that vim did not properly sanitise inputs before invoking the execute or system functions inside vim scripts. This could lead to the execution of arbitrary code. - CVE-2008-3074 Jan Minar discovered that the tar plugin of vim did not properly sanitise the filenames in the tar archive or the name of the archive file itself, making it prone to arbitrary code execution. - CVE-2008-3075 Jan Minar discovered that the zip plugin of vim did not properly sanitise the filenames in the zip archive or the name of the archive file itself, making it prone to arbitrary code execution. - CVE-2008-3076 Jan Minar discovered that the netrw plugin of vim did not properly sanitise the filenames or directory names it is given. This could lead to the execution of arbitrary code. - CVE-2008-4101 Ben Schmidt discovered that vim did not properly escape characters when performing keyword or tag lookups. This could lead to the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id35764
    published2009-03-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35764
    titleDebian DSA-1733-1 : vim - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1733. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(35764);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:21");
    
      script_cve_id("CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4101");
      script_xref(name:"DSA", value:"1733");
    
      script_name(english:"Debian DSA-1733-1 : vim - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been found in vim, an enhanced vi editor.
    The Common Vulnerabilities and Exposures project identifies the
    following problems :
    
      - CVE-2008-2712
        Jan Minar discovered that vim did not properly sanitise
        inputs before invoking the execute or system functions
        inside vim scripts. This could lead to the execution of
        arbitrary code.
    
      - CVE-2008-3074
        Jan Minar discovered that the tar plugin of vim did not
        properly sanitise the filenames in the tar archive or
        the name of the archive file itself, making it prone to
        arbitrary code execution.
    
      - CVE-2008-3075
        Jan Minar discovered that the zip plugin of vim did not
        properly sanitise the filenames in the zip archive or
        the name of the archive file itself, making it prone to
        arbitrary code execution.
    
      - CVE-2008-3076
        Jan Minar discovered that the netrw plugin of vim did
        not properly sanitise the filenames or directory names
        it is given. This could lead to the execution of
        arbitrary code.
    
      - CVE-2008-4101
        Ben Schmidt discovered that vim did not properly escape
        characters when performing keyword or tag lookups. This
        could lead to the execution of arbitrary code."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486502"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-2712"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3075"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3076"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-4101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2009/dsa-1733"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "For the oldstable distribution (etch), these problems have been fixed
    in version 1:7.0-122+1etch5.
    
    For the stable distribution (lenny), these problems have been fixed in
    version 1:7.1.314-3+lenny1, which was already included in the lenny
    release."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 78, 94);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vim");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/03/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"vim", reference:"1:7.0-122+1etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"vim-common", reference:"1:7.0-122+1etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"vim-doc", reference:"1:7.0-122+1etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"vim-full", reference:"1:7.0-122+1etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"vim-gnome", reference:"1:7.0-122+1etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"vim-gtk", reference:"1:7.0-122+1etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"vim-gui-common", reference:"1:7.0-122+1etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"vim-lesstif", reference:"1:7.0-122+1etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"vim-perl", reference:"1:7.0-122+1etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"vim-python", reference:"1:7.0-122+1etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"vim-ruby", reference:"1:7.0-122+1etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"vim-runtime", reference:"1:7.0-122+1etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"vim-tcl", reference:"1:7.0-122+1etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"vim-tiny", reference:"1:7.0-122+1etch5")) flag++;
    if (deb_check(release:"5.0", prefix:"vim", reference:"1:7.1.314-3+lenny1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_GVIM-090225.NASL
    descriptionThe VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs. CVE-2008-4677: The netrw plugin sent credentials to all servers. CVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used. CVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed. CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677: credential disclosure by netrw plugin
    last seen2020-06-01
    modified2020-06-02
    plugin id40230
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40230
    titleopenSUSE Security Update : gvim (gvim-561)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update gvim-561.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40230);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:34");
    
      script_cve_id("CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4677", "CVE-2008-6235", "CVE-2009-0316");
    
      script_name(english:"openSUSE Security Update : gvim (gvim-561)");
      script_summary(english:"Check for the gvim-561 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The VI Improved editor (vim) was updated to version 7.2.108 to fix
    various security problems and other bugs.
    
    CVE-2008-4677: The netrw plugin sent credentials to all servers.
    CVE-2009-0316: The python support used a search path including the
    current directory, allowing code injection when python code was used.
    CVE-2008-2712: Arbitrary code execution in vim helper plugins
    filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.
    CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code
    injection CVE-2008-3076: several netrw bugs, code injection
    CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:
    credential disclosure by netrw plugin"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=406693"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=436755"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=439148"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=457098"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=465255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=470100"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gvim packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 78, 94, 255);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-enhanced");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.1", reference:"gvim-7.2-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"vim-7.2-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"vim-base-7.2-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"vim-data-7.2-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"vim-enhanced-7.2-7.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_0E1E3789D87F11DD8ECD00163E000016.NASL
    descriptionJan Minar reports : Applying the ``D
    last seen2020-06-01
    modified2020-06-02
    plugin id35283
    published2009-01-02
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35283
    titleFreeBSD : vim -- multiple vulnerabilities in the netrw module (0e1e3789-d87f-11dd-8ecd-00163e000016)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(35283);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:39");
    
      script_cve_id("CVE-2008-3076");
    
      script_name(english:"FreeBSD : vim -- multiple vulnerabilities in the netrw module (0e1e3789-d87f-11dd-8ecd-00163e000016)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Jan Minar reports :
    
    Applying the ``D'' to a file with a crafted file name, or inside a
    directory with a crafted directory name, can lead to arbitrary code
    execution.
    
    Lack of sanitization throughout Netrw can lead to arbitrary code
    execution upon opening a directory with a crafted name.
    
    The Vim Netrw Plugin shares the FTP user name and password across all
    FTP sessions. Every time Vim makes a new FTP connection, it sends the
    user name and password of the previous FTP session to the FTP server."
      );
      # http://www.openwall.com/lists/oss-security/2008/10/16/2
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.openwall.com/lists/oss-security/2008/10/16/2"
      );
      # http://www.rdancer.org/vulnerablevim-netrw.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.rdancer.org/vulnerablevim-netrw.html"
      );
      # http://www.rdancer.org/vulnerablevim-netrw.v2.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.rdancer.org/vulnerablevim-netrw.v2.html"
      );
      # http://www.rdancer.org/vulnerablevim-netrw.v5.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.rdancer.org/vulnerablevim-netrw.v5.html"
      );
      # http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html"
      );
      # https://vuxml.freebsd.org/freebsd/0e1e3789-d87f-11dd-8ecd-00163e000016.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?af2fa07d"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(78);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:vim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:vim-console");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:vim-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:vim-gtk2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:vim-lite");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/01/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/01/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"vim>=7.0<7.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"vim-console>=7.0<7.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"vim-lite>=7.0<7.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"vim-gtk2>=7.0<7.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"vim-gnome>=7.0<7.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0580.NASL
    descriptionFrom Red Hat Security Advisory 2008:0580 : Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim
    last seen2020-06-01
    modified2020-06-02
    plugin id67722
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67722
    titleOracle Linux 5 : vim (ELSA-2008-0580)

Redhat

advisories
rhsa
idRHSA-2008:0580

Statements

contributorTomas Hoger
lastmodified2009-02-25
organizationRed Hat
statementNot vulnerable. This issue did not affect the versions of the Vim packages, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. Note: This CVE is mentioned in the text of RHSA-2008:0580 (https://rhn.redhat.com/errata/RHSA-2008-0580.html), as it was originally used to track multiple issues. Issues that affected Vim packages in Red Hat Enterprise Linux 5 were later assigned separate CVE identifier - CVE-2008-6235. Neither of issues currently covered by CVE-2008-3076 (insufficient shell escaping in mz and mc commands) affected Vim packages shipped with Red Hat Enterprise Linux 5.