Vulnerabilities > CVE-2008-3432 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VIM 6.2/6.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
| description | Vim 'mch_expand_wildcards()' Heap Based Buffer Overflow Vulnerability. CVE-2008-3432. Remote exploit for linux platform |
| id | EDB-ID:32225 |
| last seen | 2016-02-03 |
| modified | 2005-01-29 |
| published | 2005-01-29 |
| reporter | Brian Hirt |
| source | https://www.exploit-db.com/download/32225/ |
| title | Vim 'mch_expand_wildcards' - Heap Based Buffer Overflow Vulnerability |
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20081125_VIM_ON_SL3_X.NASL description Several input sanitization flaws were found in Vim last seen 2020-06-01 modified 2020-06-02 plugin id 60500 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60500 title Scientific Linux Security Update : vim on SL3.x, SL4.x, SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60500); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:18"); script_cve_id("CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-3432", "CVE-2008-4101"); script_name(english:"Scientific Linux Security Update : vim on SL3.x, SL4.x, SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) SL3 and SL4 Only: A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) SL5 Only: Multiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3076) SL5 Only: A security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075) SL5 Only: A security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf Härnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0811&L=scientific-linux-errata&T=0&P=1936 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7ee91c3b" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 78, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL3", reference:"vim-X11-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"SL3", reference:"vim-common-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"SL3", reference:"vim-enhanced-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"SL3", reference:"vim-minimal-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"SL4", reference:"vim-X11-6.3.046-1.el4_7.5z")) flag++; if (rpm_check(release:"SL4", reference:"vim-common-6.3.046-1.el4_7.5z")) flag++; if (rpm_check(release:"SL4", reference:"vim-enhanced-6.3.046-1.el4_7.5z")) flag++; if (rpm_check(release:"SL4", reference:"vim-minimal-6.3.046-1.el4_7.5z")) flag++; if (rpm_check(release:"SL5", reference:"vim-X11-7.0.109-4.el5_2.4z")) flag++; if (rpm_check(release:"SL5", reference:"vim-common-7.0.109-4.el5_2.4z")) flag++; if (rpm_check(release:"SL5", reference:"vim-enhanced-7.0.109-4.el5_2.4z")) flag++; if (rpm_check(release:"SL5", reference:"vim-minimal-7.0.109-4.el5_2.4z")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0617.NASL description From Red Hat Security Advisory 2008:0617 : Updated vim packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim last seen 2020-06-01 modified 2020-06-02 plugin id 67732 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67732 title Oracle Linux 3 / 4 : vim (ELSA-2008-0617) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0617 and # Oracle Linux Security Advisory ELSA-2008-0617 respectively. # include("compat.inc"); if (description) { script_id(67732); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3432", "CVE-2008-4101"); script_xref(name:"RHSA", value:"2008:0617"); script_name(english:"Oracle Linux 3 / 4 : vim (ELSA-2008-0617)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2008:0617 : Updated vim packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-November/000814.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-November/000815.html" ); script_set_attribute(attribute:"solution", value:"Update the affected vim packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:vim-X11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:vim-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:vim-enhanced"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:vim-minimal"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/31"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"vim-X11-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"vim-X11-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"vim-common-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"vim-common-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"vim-enhanced-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"vim-enhanced-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"vim-minimal-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"vim-minimal-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"EL4", reference:"vim-X11-6.3.046-1.el4_7.5z")) flag++; if (rpm_check(release:"EL4", reference:"vim-common-6.3.046-1.el4_7.5z")) flag++; if (rpm_check(release:"EL4", reference:"vim-enhanced-6.3.046-1.el4_7.5z")) flag++; if (rpm_check(release:"EL4", reference:"vim-minimal-6.3.046-1.el4_7.5z")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim-X11 / vim-common / vim-enhanced / vim-minimal"); }NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2009-0004.NASL description a. Updated OpenSSL package for the Service Console fixes a security issue. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue. b. Update bind package for the Service Console fixes a security issue. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0025 to this issue. c. Updated vim package for the Service Console addresses several security issues. Several input flaws were found in Visual editor IMproved last seen 2020-06-01 modified 2020-06-02 plugin id 40389 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40389 title VMSA-2009-0004 : ESX Service Console updates for openssl, bind, and vim code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2009-0004. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(40389); script_version("1.28"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id("CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-5077", "CVE-2009-0021", "CVE-2009-0025", "CVE-2009-0046", "CVE-2009-0047", "CVE-2009-0048", "CVE-2009-0049", "CVE-2009-0050", "CVE-2009-0051", "CVE-2009-0124", "CVE-2009-0125", "CVE-2009-0127", "CVE-2009-0128", "CVE-2009-0130"); script_bugtraq_id(25095, 33150, 33151); script_xref(name:"VMSA", value:"2009-0004"); script_name(english:"VMSA-2009-0004 : ESX Service Console updates for openssl, bind, and vim"); script_summary(english:"Checks esxupdate output for the patches"); script_set_attribute( attribute:"synopsis", value: "The remote VMware ESX host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "a. Updated OpenSSL package for the Service Console fixes a security issue. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue. b. Update bind package for the Service Console fixes a security issue. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0025 to this issue. c. Updated vim package for the Service Console addresses several security issues. Several input flaws were found in Visual editor IMproved's (Vim) keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4101 to this issue. A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name, when opened by Vim causes the application to stop responding or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3432 to this issue. Several input flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2712 to this issue. A format string flaw was discovered in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running VIM. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2953 to this issue." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2010/000077.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patches."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 119, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:2.5.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/27"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2009-03-31"); flag = 0; if (esx_check(ver:"ESX 2.5.5", patch:"13")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1008406")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1008408")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1008409")) flag++; if ( esx_check( ver : "ESX 3.0.3", patch : "ESX303-200903403-SG", patch_updates : make_list("ESX303-Rollup01", "ESX303-Update01") ) ) flag++; if ( esx_check( ver : "ESX 3.0.3", patch : "ESX303-200903405-SG", patch_updates : make_list("ESX303-Rollup01", "ESX303-Update01") ) ) flag++; if ( esx_check( ver : "ESX 3.0.3", patch : "ESX303-200903406-SG", patch_updates : make_list("ESX303-Rollup01", "ESX303-Update01") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200904406-SG", patch_updates : make_list("ESX350-Update05", "ESX350-Update05a") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200904407-SG", patch_updates : make_list("ESX350-201002404-SG", "ESX350-Update05", "ESX350-Update05a") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200904408-SG", patch_updates : make_list("ESX350-201012401-SG", "ESX350-Update05", "ESX350-Update05a") ) ) flag++; if ( esx_check( ver : "ESX 4.0", patch : "ESX400-200912402-SG", patch_updates : make_list("ESX400-Update02", "ESX400-Update03", "ESX400-Update04") ) ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-007.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog last seen 2020-06-01 modified 2020-06-02 plugin id 34374 published 2008-10-10 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34374 title Mac OS X Multiple Vulnerabilities (Security Update 2008-007) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(34374); script_version("1.31"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2007-2691", "CVE-2007-4850", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5969", "CVE-2007-6286", "CVE-2007-6420", "CVE-2008-0002", "CVE-2008-0226", "CVE-2008-0227", "CVE-2008-0674", "CVE-2008-1232", "CVE-2008-1389", "CVE-2008-1678", "CVE-2008-1767", "CVE-2008-1947", "CVE-2008-2079", "CVE-2008-2364", "CVE-2008-2370", "CVE-2008-2371", "CVE-2008-2712", "CVE-2008-2938", "CVE-2008-3294", "CVE-2008-3432", "CVE-2008-3641", "CVE-2008-3642", "CVE-2008-3643", "CVE-2008-3645", "CVE-2008-3646", "CVE-2008-3647", "CVE-2008-3912", "CVE-2008-3913", "CVE-2008-3914", "CVE-2008-4101", "CVE-2008-4211", "CVE-2008-4212", "CVE-2008-4214", "CVE-2008-4215" ); script_bugtraq_id( 24016, 26070, 26765, 27006, 27140, 27236, 27413, 27703, 27706, 27786, 29106, 29312, 29502, 29653, 29715, 30087, 30279, 30494, 30496, 30633, 30795, 30994, 31051, 31681, 31692, 31707, 31708, 31711, 31715, 31716, 31718, 31719, 31720, 31721, 31722 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-007)"); script_summary(english:"Check for the presence of Security Update 2008-007"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog" ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3216" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" ); script_set_attribute(attribute:"solution", value: "Install Security Update 2008-007 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'MySQL yaSSL SSL Hello Message Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(16, 20, 22, 79, 94, 119, 189, 200, 264, 352, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/10/10"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/10/15"); script_set_attribute(attribute:"patch_publication_date", value: "2008/10/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(0); if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[78]|2009-|20[1-9][0-9]-)", string:packages)) security_hole(0); } else if (egrep(pattern:"Darwin.* (9\.[0-5]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(0); if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.007\.bom", string:packages)) security_hole(0); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0617.NASL description Updated vim packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim last seen 2020-06-01 modified 2020-06-02 plugin id 37794 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37794 title CentOS 3 / 4 : vim (CESA-2008:0617) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0617 and # CentOS Errata and Security Advisory 2008:0617 respectively. # include("compat.inc"); if (description) { script_id(37794); script_version("1.19"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3432", "CVE-2008-4101"); script_xref(name:"RHSA", value:"2008:0617"); script_name(english:"CentOS 3 / 4 : vim (CESA-2008:0617)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated vim packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2008-November/015438.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cc54fc6a" ); # https://lists.centos.org/pipermail/centos-announce/2008-November/015439.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?367a1c9a" ); # https://lists.centos.org/pipermail/centos-announce/2008-November/015440.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fbfb5dee" ); # https://lists.centos.org/pipermail/centos-announce/2008-November/015442.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a4a2cdf8" ); # https://lists.centos.org/pipermail/centos-announce/2008-November/015457.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ec3f54e1" ); # https://lists.centos.org/pipermail/centos-announce/2008-November/015458.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?22256de6" ); script_set_attribute(attribute:"solution", value:"Update the affected vim packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:vim-X11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:vim-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:vim-enhanced"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:vim-minimal"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/31"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"vim-X11-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"CentOS-3", reference:"vim-common-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"CentOS-3", reference:"vim-enhanced-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"CentOS-3", reference:"vim-minimal-6.3.046-0.30E.11")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"vim-X11-6.3.046-1.el4_7.5z")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"vim-X11-6.3.046-1.c4.5z")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"vim-X11-6.3.046-1.el4_7.5z")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"vim-common-6.3.046-1.el4_7.5z")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"vim-common-6.3.046-1.c4.5z")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"vim-common-6.3.046-1.el4_7.5z")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"vim-enhanced-6.3.046-1.el4_7.5z")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"vim-enhanced-6.3.046-1.c4.5z")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"vim-enhanced-6.3.046-1.el4_7.5z")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"vim-minimal-6.3.046-1.el4_7.5z")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"vim-minimal-6.3.046-1.c4.5z")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"vim-minimal-6.3.046-1.el4_7.5z")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim-X11 / vim-common / vim-enhanced / vim-minimal"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F866D2AFBBBA11DF8A8D0008743BF21A.NASL description Description for CVE-2008-3432 says : Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. last seen 2020-06-01 modified 2020-06-02 plugin id 49167 published 2010-09-09 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49167 title FreeBSD : vim6 -- heap-based overflow while parsing shell metacharacters (f866d2af-bbba-11df-8a8d-0008743bf21a) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(49167); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:40"); script_cve_id("CVE-2008-3432"); script_name(english:"FreeBSD : vim6 -- heap-based overflow while parsing shell metacharacters (f866d2af-bbba-11df-8a8d-0008743bf21a)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Description for CVE-2008-3432 says : Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case." ); # http://www.openwall.com/lists/oss-security/2008/07/15/4 script_set_attribute( attribute:"see_also", value:"https://www.openwall.com/lists/oss-security/2008/07/15/4" ); # https://vuxml.freebsd.org/freebsd/f866d2af-bbba-11df-8a8d-0008743bf21a.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?dfa5da53" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:vim6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:vim6+ruby"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/31"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"vim6>=6.2.429<6.3.62")) flag++; if (pkg_test(save_report:TRUE, pkg:"vim6+ruby>=6.2.429<6.3.62")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Misc. NASL id VMWARE_VMSA-2009-0004_REMOTE.NASL description The remote VMware ESX host is missing a security-related patch. It is, therefore, is affected by multiple vulnerabilities : - A format string flaw exists in the Vim help tag processor in the helptags_one() function that allows a remote attacker to execute arbitrary code by tricking a user into executing the last seen 2020-06-01 modified 2020-06-02 plugin id 89112 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89112 title VMware ESX Multiple Vulnerabilities (VMSA-2009-0004) (remote check) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0617.NASL description Updated vim packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim last seen 2020-06-01 modified 2020-06-02 plugin id 34954 published 2008-11-25 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34954 title RHEL 3 / 4 : vim (RHSA-2008:0617)
Oval
accepted 2013-04-29T04:12:18.694-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. family unix id oval:org.mitre.oval:def:11203 status accepted submitted 2010-07-09T03:56:16-04:00 title Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. version 26 accepted 2009-11-30T04:00:17.572-05:00 class vulnerability contributors name Michael Wood organization Hewlett-Packard name Michael Wood organization Hewlett-Packard
definition_extensions comment VMWare ESX Server 3.0.3 is installed oval oval:org.mitre.oval:def:6026 comment VMWare ESX Server 3.0.2 is installed oval oval:org.mitre.oval:def:5613 comment VMware ESX Server 3.5.0 is installed oval oval:org.mitre.oval:def:5887
description Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. family unix id oval:org.mitre.oval:def:5987 status accepted submitted 2009-09-23T15:39:02.000-04:00 title Vim 'mch_expand_wildcards()' Heap Based Buffer Overflow Vulnerability version 3
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://www.openwall.com/lists/oss-security/2008/07/15/4
- ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059
- http://www.securityfocus.com/bid/31681
- ftp://ftp.vim.org/pub/vim/patches/6.2.429
- http://www.openwall.com/lists/oss-security/2008/08/01/1
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
- http://support.apple.com/kb/HT3216
- http://secunia.com/advisories/32222
- http://secunia.com/advisories/33410
- http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
- http://www.redhat.com/support/errata/RHSA-2008-0617.html
- http://www.securityfocus.com/bid/30648
- https://bugzilla.redhat.com/show_bug.cgi?id=455455
- http://www.vmware.com/security/advisories/VMSA-2009-0004.html
- http://www.vupen.com/english/advisories/2009/0904
- http://www.vupen.com/english/advisories/2009/0033
- http://www.vupen.com/english/advisories/2008/2780
- http://secunia.com/advisories/32858
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44722
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203
- http://www.securityfocus.com/archive/1/502322/100/0/threaded