Vulnerabilities > CVE-2009-0316 - Remote Command Execution vulnerability in Vim 'PySys_SetArgv'

047910
CVSS 6.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
vim
nessus

Summary

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

Vulnerable Configurations

Part Description Count
Application
Vim
638

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-047.NASL
    descriptionPython has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Vim working directory (CVE-2009-0316). This update provides fix for that vulnerability. Update : This update also provides updated packages for Mandriva Linux 2008.0.
    last seen2020-06-01
    modified2020-06-02
    plugin id36407
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36407
    titleMandriva Linux Security Advisory : vim (MDVSA-2009:047-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_GVIM-090225.NASL
    descriptionThe VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs. CVE-2008-4677: The netrw plugin sent credentials to all servers. CVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used. CVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed. CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677: credential disclosure by netrw plugin
    last seen2020-06-01
    modified2020-06-02
    plugin id39980
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39980
    titleopenSUSE Security Update : gvim (gvim-561)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GVIM-6023.NASL
    descriptionThe VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs. CVE-2008-4677: The netrw plugin sent credentials to all servers. CVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used. CVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed. CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677: credential disclosure by netrw plugin
    last seen2020-06-01
    modified2020-06-02
    plugin id35921
    published2009-03-13
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35921
    titleopenSUSE 10 Security Update : gvim (gvim-6023)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2010-002.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-002 applied. This security update contains fixes for the following products : - AppKit - Application Firewall - AFP Server - Apache - ClamAV - CoreTypes - CUPS - curl - Cyrus IMAP - Cyrus SASL - Disk Images - Directory Services - Event Monitor - FreeRADIUS - FTP Server - iChat Server - Image RAW - Libsystem - Mail - Mailman - OS Services - Password Server - perl - PHP - PS Normalizer - Ruby - Server Admin - SMB - Tomcat - unzip - vim - Wiki Server - X11 - xar
    last seen2020-06-01
    modified2020-06-02
    plugin id45373
    published2010-03-29
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45373
    titleMac OS X Multiple Vulnerabilities (Security Update 2010-002)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0027.NASL
    descriptionUpdated python packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the current working directory to the module search path (sys.path). A local attacker able to trick a victim into running such an application in an attacker-controlled directory could use this flaw to execute code with the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id51524
    published2011-01-14
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51524
    titleRHEL 5 : python (RHSA-2011:0027)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_GVIM-090225.NASL
    descriptionThe VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs. CVE-2008-4677: The netrw plugin sent credentials to all servers. CVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used. CVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed. CVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677: credential disclosure by netrw plugin
    last seen2020-06-01
    modified2020-06-02
    plugin id40230
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40230
    titleopenSUSE Security Update : gvim (gvim-561)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 33447 CVE(CAN) ID: CVE-2009-0316 VIM是一款免费开放源代码文本编辑器,可使用在Unix/Linux操作系统下。 VIM的python接口使用argv[0]调用PySys_SetArgv函数。由于Python对sys.path变量附加了空字符串,如果工作目录中的文件名匹配VIM试图导入的python模块名,就可能允许本地用户在系统中执行任意代码。 VIM Development Group VIM < 7.2.045 厂商补丁: VIM Development Group --------------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045 target=_blank rel=external nofollow>https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045</a>
idSSV:4819
last seen2017-11-19
modified2009-02-23
published2009-02-23
reporterRoot
titleVim PySys_SetArgv函数本地命令执行漏洞