Vulnerabilities > CVE-2008-4677 - Credentials Management vulnerability in VIM Netrw

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
vim
CWE-255
nessus

Summary

autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately."

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-236.NASL
    descriptionSeveral vulnerabilities were found in the vim editor : A number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712). Ulf Härnhammar of Secunia Research found a format string flaw in vim
    last seen2020-06-01
    modified2020-06-02
    plugin id36821
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36821
    titleMandriva Linux Security Advisory : vim (MDVSA-2008:236-1)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2008:236. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(36821);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:50");
    
      script_cve_id("CVE-2007-2953", "CVE-2008-2712", "CVE-2008-2953", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4101", "CVE-2008-4677");
      script_bugtraq_id(25095);
      script_xref(name:"MDVSA", value:"2008:236-1");
    
      script_name(english:"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were found in the vim editor :
    
    A number of input sanitization flaws were found in various vim system
    functions. If a user were to open a specially crafted file, it would
    be possible to execute arbitrary code as the user running vim
    (CVE-2008-2712).
    
    Ulf Härnhammar of Secunia Research found a format
    string flaw in vim's help tags processor. If a user were tricked into
    executing the helptags command on malicious data, it could result in
    the execution of arbitrary code as the user running vim
    (CVE-2008-2953).
    
    A flaw was found in how tar.vim handled TAR archive browsing. If a
    user were to open a special TAR archive using the plugin, it could
    result in the execution of arbitrary code as the user running vim
    (CVE-2008-3074).
    
    A flaw was found in how zip.vim handled ZIP archive browsing. If a
    user were to open a special ZIP archive using the plugin, it could
    result in the execution of arbitrary code as the user running vim
    (CVE-2008-3075).
    
    A number of security flaws were found in netrw.vim, the vim plugin
    that provides the ability to read and write files over the network. If
    a user opened a specially crafted file or directory with the netrw
    plugin, it could result in the execution of arbitrary code as the user
    running vim (CVE-2008-3076).
    
    A number of input validation flaws were found in vim's keyword and tag
    handling. If vim looked up a document's maliciously crafted tag or
    keyword, it was possible to execute arbitary code as the user running
    vim (CVE-2008-4101).
    
    A vulnerability was found in certain versions of netrw.vim where it
    would send FTP credentials stored for an FTP session to subsequent FTP
    sessions to servers on different hosts, exposing FTP credentials to
    remote hosts (CVE-2008-4677).
    
    This update provides vim 7.2 (patchlevel 65) which corrects all of
    these issues and introduces a number of new features and bug fixes.
    
    Update :
    
    The previous vim update incorrectly introduced a requirement on
    libruby and also conflicted with a file from the git-core package (in
    contribs). These issues have been corrected with these updated
    packages."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 78, 94, 255);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vim-X11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vim-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vim-enhanced");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vim-minimal");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/12/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2008.0", reference:"vim-X11-7.2.065-9.3mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"vim-common-7.2.065-9.3mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"vim-enhanced-7.2.065-9.3mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"vim-minimal-7.2.065-9.3mdv2008.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2008.1", reference:"vim-X11-7.2.065-9.3mdv2008.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.1", reference:"vim-common-7.2.065-9.3mdv2008.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.1", reference:"vim-enhanced-7.2.065-9.3mdv2008.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.1", reference:"vim-minimal-7.2.065-9.3mdv2008.1", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2009.0", reference:"vim-X11-7.2.065-9.3mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"vim-common-7.2.065-9.3mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"vim-enhanced-7.2.065-9.3mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"vim-minimal-7.2.065-9.3mdv2009.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_GVIM-090225.NASL
    descriptionThe VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs. CVE-2008-4677: The netrw plugin sent credentials to all servers. CVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used. CVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed. CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677: credential disclosure by netrw plugin
    last seen2020-06-01
    modified2020-06-02
    plugin id39980
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39980
    titleopenSUSE Security Update : gvim (gvim-561)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update gvim-561.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39980);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:34");
    
      script_cve_id("CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4677", "CVE-2008-6235", "CVE-2009-0316");
    
      script_name(english:"openSUSE Security Update : gvim (gvim-561)");
      script_summary(english:"Check for the gvim-561 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The VI Improved editor (vim) was updated to version 7.2.108 to fix
    various security problems and other bugs.
    
    CVE-2008-4677: The netrw plugin sent credentials to all servers.
    CVE-2009-0316: The python support used a search path including the
    current directory, allowing code injection when python code was used.
    CVE-2008-2712: Arbitrary code execution in vim helper plugins
    filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.
    CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code
    injection CVE-2008-3076: several netrw bugs, code injection
    CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:
    credential disclosure by netrw plugin"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=406693"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=436755"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=439148"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=457098"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=465255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=470100"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gvim packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 78, 94, 255);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-enhanced");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.0", reference:"gvim-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"vim-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"vim-base-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"vim-data-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"vim-enhanced-7.2-9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12360.NASL
    descriptionThe VI Improved editor (vim) received bugfixes for some code execution problems. - Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed. (CVE-2008-2712) - Arbitrary code execution when pressing K, ctrl-] or g] depending on the text under the cursor. (CVE-2008-4101) - The netrw plugin sent credentials to all servers. (CVE-2008-4677)
    last seen2020-06-01
    modified2020-06-02
    plugin id41283
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41283
    titleSuSE9 Security Update : ViM (YOU Patch Number 12360)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41283);
      script_version("1.9");
      script_cvs_date("Date: 2019/10/25 13:36:33");
    
      script_cve_id("CVE-2008-2712", "CVE-2008-4101", "CVE-2008-4677");
    
      script_name(english:"SuSE9 Security Update : ViM (YOU Patch Number 12360)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The VI Improved editor (vim) received bugfixes for some code execution
    problems.
    
      - Arbitrary code execution in vim helper plugins
        filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw
        were fixed. (CVE-2008-2712)
    
      - Arbitrary code execution when pressing K, ctrl-] or g]
        depending on the text under the cursor. (CVE-2008-4101)
    
      - The netrw plugin sent credentials to all servers.
        (CVE-2008-4677)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2712.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-4101.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2008-4677/"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12360.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 255);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"gvim-6.2-235.8")) flag++;
    if (rpm_check(release:"SUSE9", reference:"vim-6.2-235.8")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GVIM-6023.NASL
    descriptionThe VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs. CVE-2008-4677: The netrw plugin sent credentials to all servers. CVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used. CVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed. CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677: credential disclosure by netrw plugin
    last seen2020-06-01
    modified2020-06-02
    plugin id35921
    published2009-03-13
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35921
    titleopenSUSE 10 Security Update : gvim (gvim-6023)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update gvim-6023.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(35921);
      script_version ("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:36");
    
      script_cve_id("CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4677", "CVE-2008-6235", "CVE-2009-0316");
    
      script_name(english:"openSUSE 10 Security Update : gvim (gvim-6023)");
      script_summary(english:"Check for the gvim-6023 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The VI Improved editor (vim) was updated to version 7.2.108 to fix
    various security problems and other bugs.
    
    CVE-2008-4677: The netrw plugin sent credentials to all servers.
    CVE-2009-0316: The python support used a search path including the
    current directory, allowing code injection when python code was used.
    CVE-2008-2712: Arbitrary code execution in vim helper plugins
    filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.
    CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code
    injection CVE-2008-3076: several netrw bugs, code injection
    CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:
    credential disclosure by netrw plugin"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gvim packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 78, 94, 255);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-enhanced");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.3", reference:"gvim-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"vim-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"vim-base-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"vim-data-7.2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"vim-enhanced-7.2-9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_GVIM-090225.NASL
    descriptionThe VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs. CVE-2008-4677: The netrw plugin sent credentials to all servers. CVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used. CVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed. CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677: credential disclosure by netrw plugin
    last seen2020-06-01
    modified2020-06-02
    plugin id40230
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40230
    titleopenSUSE Security Update : gvim (gvim-561)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update gvim-561.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40230);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:34");
    
      script_cve_id("CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4677", "CVE-2008-6235", "CVE-2009-0316");
    
      script_name(english:"openSUSE Security Update : gvim (gvim-561)");
      script_summary(english:"Check for the gvim-561 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The VI Improved editor (vim) was updated to version 7.2.108 to fix
    various security problems and other bugs.
    
    CVE-2008-4677: The netrw plugin sent credentials to all servers.
    CVE-2009-0316: The python support used a search path including the
    current directory, allowing code injection when python code was used.
    CVE-2008-2712: Arbitrary code execution in vim helper plugins
    filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.
    CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code
    injection CVE-2008-3076: several netrw bugs, code injection
    CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:
    credential disclosure by netrw plugin"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=406693"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=436755"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=439148"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=457098"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=465255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=470100"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gvim packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 78, 94, 255);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-enhanced");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.1", reference:"gvim-7.2-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"vim-7.2-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"vim-base-7.2-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"vim-data-7.2-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"vim-enhanced-7.2-7.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim");
    }
    

Statements

contributorTomas Hoger
lastmodified2008-10-25
organizationRed Hat
statementNot vulnerable. This issue did not affect the versions of vim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.