Vulnerabilities > CVE-2017-5953 - Integer Overflow or Wraparound vulnerability in VIM

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
vim
CWE-190
critical
nessus
NVD
Published: 2017-02-10
Updated: 2023-11-07

Summary

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Vim
5142

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0006.NASL
    descriptionAn update of [linux,vim] packages for PhotonOS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111855
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111855
    titlePhoton OS 1.0: Linux / Vim PHSA-2017-0006 (deprecated)
    code
    #
# (C) Tenable Network Security, Inc.
#
# @DEPRECATED@
#
# Disabled on 2/7/2019
#

# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2017-0006. The text
# itself is copyright (C) VMware, Inc.

include("compat.inc");

if (description)
{
  script_id(111855);
  script_version("1.5");
  script_cvs_date("Date: 2019/04/05 23:25:07");

  script_cve_id("CVE-2017-5953", "CVE-2017-5986", "CVE-2017-6074");

  script_name(english:"Photon OS 1.0: Linux / Vim PHSA-2017-0006 (deprecated)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"This plugin has been deprecated.");
  script_set_attribute(attribute:"description", value:
"An update of [linux,vim] packages for PhotonOS has been released.");
  # https://github.com/vmware/photon/wiki/Security-Updates-26
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c02e8b6a");
  script_set_attribute(attribute:"solution", value:"n/a.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5953");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/02/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:linux");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:vim");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"PhotonOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");

  exit(0);
}

exit(0, "This plugin has been deprecated.");

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/PhotonOS/release");
if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");

if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);

flag = 0;

pkgs = [
  "linux-4.4.51-1.ph1",
  "linux-api-headers-4.4.51-1.ph1",
  "linux-debuginfo-4.4.51-1.ph1",
  "linux-dev-4.4.51-1.ph1",
  "linux-docs-4.4.51-1.ph1",
  "linux-drivers-gpu-4.4.51-1.ph1",
  "linux-esx-4.4.51-1.ph1",
  "linux-esx-debuginfo-4.4.51-1.ph1",
  "linux-esx-devel-4.4.51-1.ph1",
  "linux-esx-docs-4.4.51-1.ph1",
  "linux-oprofile-4.4.51-1.ph1",
  "linux-sound-4.4.51-1.ph1",
  "linux-tools-4.4.51-1.ph1",
  "linux-tools-debuginfo-4.4.51-1.ph1",
  "vim-7.4-7.ph1",
  "vim-extra-7.4-7.ph1"
];

foreach (pkg in pkgs)
  if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux / vim");
}
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4016-1.NASL
    descriptionIt was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-5953) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125853
    published2019-06-12
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125853
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : vim vulnerabilities (USN-4016-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4016-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(125853);
  script_version("1.4");
  script_cvs_date("Date: 2020/01/10");

  script_cve_id("CVE-2017-5953", "CVE-2019-12735");
  script_xref(name:"USN", value:"4016-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : vim vulnerabilities (USN-4016-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that Vim incorrectly handled certain files. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS. (CVE-2017-5953)

It was discovered that Vim incorrectly handled certain files. An
attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12735).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/4016-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12735");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vim");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vim-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vim-gui-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vim-runtime");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(16\.04|18\.04|18\.10|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 18.10 / 19.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"16.04", pkgname:"vim", pkgver:"2:7.4.1689-3ubuntu1.3")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"vim-common", pkgver:"2:7.4.1689-3ubuntu1.3")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"vim-gui-common", pkgver:"2:7.4.1689-3ubuntu1.3")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"vim-runtime", pkgver:"2:7.4.1689-3ubuntu1.3")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"vim", pkgver:"2:8.0.1453-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"vim-common", pkgver:"2:8.0.1453-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"vim-gui-common", pkgver:"2:8.0.1453-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"vim-runtime", pkgver:"2:8.0.1453-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"18.10", pkgname:"vim", pkgver:"2:8.0.1766-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"18.10", pkgname:"vim-common", pkgver:"2:8.0.1766-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"18.10", pkgname:"vim-gui-common", pkgver:"2:8.0.1766-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"18.10", pkgname:"vim-runtime", pkgver:"2:8.0.1766-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"vim", pkgver:"2:8.1.0320-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"vim-common", pkgver:"2:8.1.0320-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"vim-gui-common", pkgver:"2:8.1.0320-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"vim-runtime", pkgver:"2:8.1.0320-1ubuntu3.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim / vim-common / vim-gui-common / vim-runtime");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-788.NASL
    descriptionThis update for vim fixes the following issues : Security issues fixed : - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) - CVE-2017-6350: Fixed a possible overflow when reading a corrupted undo file (bsc#1027053) - CVE-2017-6349: Fixed a possible overflow when reading a corrupted undo file (bsc#1027057) Non security issues fixed : - Speed up YAML syntax highlighting (bsc#1018870) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-07-07
    plugin id101285
    published2017-07-07
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/101285
    titleopenSUSE Security Update : vim (openSUSE-2017-788)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-788.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(101285);
  script_version("3.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2017-5953", "CVE-2017-6349", "CVE-2017-6350");

  script_name(english:"openSUSE Security Update : vim (openSUSE-2017-788)");
  script_summary(english:"Check for the openSUSE-2017-788 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for vim fixes the following issues :

Security issues fixed :

  - CVE-2017-5953: Fixed a possible overflow with corrupted
    spell file (bsc#1024724)

  - CVE-2017-6350: Fixed a possible overflow when reading a
    corrupted undo file (bsc#1027053)

  - CVE-2017-6349: Fixed a possible overflow when reading a
    corrupted undo file (bsc#1027057)

Non security issues fixed :

  - Speed up YAML syntax highlighting (bsc#1018870)

This update was imported from the SUSE:SLE-12:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1018870"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1024724"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027053"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027057"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected vim packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvim");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvim-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-data");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/07/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.2", reference:"gvim-7.4.326-10.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"gvim-debuginfo-7.4.326-10.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"vim-7.4.326-10.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"vim-data-7.4.326-10.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"vim-debuginfo-7.4.326-10.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"vim-debugsource-7.4.326-10.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gvim / gvim-debuginfo / vim / vim-data / vim-debuginfo / etc");
}
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4309-1.NASL
    descriptionIt was discovered that Vim incorrectly handled certain sources. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS (CVE-2017-1110) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. (CVE-2017-5953) It was discovered that Vim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.06 LTS. (CVE-2018-20786) It was discovered that Vim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-20079) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2017-6349, CVE-2017-6350). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-26
    modified2020-03-24
    plugin id134856
    published2020-03-24
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134856
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : vim vulnerabilities (USN-4309-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4309-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(134856);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/25");

  script_cve_id("CVE-2017-1110", "CVE-2017-11109", "CVE-2017-5953", "CVE-2017-6349", "CVE-2017-6350", "CVE-2018-20786", "CVE-2019-20079");
  script_xref(name:"USN", value:"4309-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : vim vulnerabilities (USN-4309-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that Vim incorrectly handled certain sources. An
attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu
16.04 LTS (CVE-2017-1110)

It was discovered that Vim incorrectly handled certain files. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
(CVE-2017-5953)

It was discovered that Vim incorrectly handled certain inputs. An
attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.06 LTS. (CVE-2018-20786)

It was discovered that Vim incorrectly handled certain inputs. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 19.10. (CVE-2019-20079)

It was discovered that Vim incorrectly handled certain files. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu
16.04 LTS. (CVE-2017-6349, CVE-2017-6350).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/4309-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vim");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vim-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vim-gui-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vim-runtime");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04|14\.04|16\.04|18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 18.04 / 19.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"16.04", pkgname:"vim", pkgver:"2:7.4.1689-3ubuntu1.4")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"vim-common", pkgver:"2:7.4.1689-3ubuntu1.4")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"vim-gui-common", pkgver:"2:7.4.1689-3ubuntu1.4")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"vim-runtime", pkgver:"2:7.4.1689-3ubuntu1.4")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"vim", pkgver:"2:8.0.1453-1ubuntu1.3")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"vim-common", pkgver:"2:8.0.1453-1ubuntu1.3")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"vim-gui-common", pkgver:"2:8.0.1453-1ubuntu1.3")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"vim-runtime", pkgver:"2:8.0.1453-1ubuntu1.3")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"vim", pkgver:"2:8.1.0875-5ubuntu2.1")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"vim-common", pkgver:"2:8.1.0875-5ubuntu2.1")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"vim-gui-common", pkgver:"2:8.1.0875-5ubuntu2.1")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"vim-runtime", pkgver:"2:8.1.0875-5ubuntu2.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim / vim-common / vim-gui-common / vim-runtime");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1775-1.NASL
    descriptionThis update for vim fixes the following issues : - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101228
    published2017-07-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101228
    titleSUSE SLES11 Security Update : vim (SUSE-SU-2017:1775-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2017:1775-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(101228);
  script_version("3.6");
  script_cvs_date("Date: 2019/09/11 11:22:15");

  script_cve_id("CVE-2017-5953");

  script_name(english:"SUSE SLES11 Security Update : vim (SUSE-SU-2017:1775-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for vim fixes the following issues :

  - CVE-2017-5953: Fixed a possible overflow with corrupted
    spell file (bsc#1024724)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1024724"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-5953/"
  );
  # https://www.suse.com/support/update/announcement/2017/suse-su-20171775-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?2e3a9631"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-vim-13194=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-vim-13194=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gvim");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:vim");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:vim-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:vim-data");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/07/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/05");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"4", reference:"gvim-7.2-8.20.8")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"vim-7.2-8.20.8")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"vim-base-7.2-8.20.8")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"vim-data-7.2-8.20.8")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim");
}
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3786.NASL
    descriptionEditor spell files passed to the vim (Vi IMproved) editor may result in an integer overflow in memory allocation and a resulting buffer overflow which potentially could result in the execution of arbitrary code or denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id97135
    published2017-02-14
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97135
    titleDebian DSA-3786-1 : vim - security update
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3786. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(97135);
  script_version("3.7");
  script_cvs_date("Date: 2018/11/10 11:49:38");

  script_cve_id("CVE-2017-5953");
  script_xref(name:"DSA", value:"3786");

  script_name(english:"Debian DSA-3786-1 : vim - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Editor spell files passed to the vim (Vi IMproved) editor may result
in an integer overflow in memory allocation and a resulting buffer
overflow which potentially could result in the execution of arbitrary
code or denial of service."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854969"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/vim"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2017/dsa-3786"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the vim packages.

For the stable distribution (jessie), this problem has been fixed in
version 2:7.4.488-7+deb8u2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vim");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/02/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"vim", reference:"2:7.4.488-7+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"vim-athena", reference:"2:7.4.488-7+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"vim-common", reference:"2:7.4.488-7+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"vim-dbg", reference:"2:7.4.488-7+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"vim-doc", reference:"2:7.4.488-7+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"vim-gnome", reference:"2:7.4.488-7+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"vim-gtk", reference:"2:7.4.488-7+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"vim-gui-common", reference:"2:7.4.488-7+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"vim-lesstif", reference:"2:7.4.488-7+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"vim-nox", reference:"2:7.4.488-7+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"vim-runtime", reference:"2:7.4.488-7+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"vim-tiny", reference:"2:7.4.488-7+deb8u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-595FEC72EF.NASL
    descriptionThe newest upstream commit, fixing CVE-2017-5953 vim: Tree length values not validated properly when handling a spell file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-02-15
    plugin id97168
    published2017-02-15
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97168
    titleFedora 25 : 2:vim (2017-595fec72ef)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0006_VIM.NASL
    descriptionAn update of the vim package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121673
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121673
    titlePhoton OS 1.0: Vim PHSA-2017-0006
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0006_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121672
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121672
    titlePhoton OS 1.0: Linux PHSA-2017-0006
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201706-26.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201706-26 (Vim, gVim: Remote execution of arbitrary code) Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted spell file using Vim or gVim, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id101021
    published2017-06-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101021
    titleGLSA-201706-26 : Vim, gVim: Remote execution of arbitrary code
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-809.NASL
    descriptionAn integer overflow flaw was found in the way vim handled tree length values when reading an undo file. This bug could result in vim crashing when trying to process corrupted undo files. (CVE-2017-6350) An integer overflow flaw was found in the way vim handled undo files. This bug could result in vim crashing when trying to process corrupted undo files.(CVE-2017-6349) vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. (CVE-2017-5953)
    last seen2020-06-01
    modified2020-06-02
    plugin id99036
    published2017-03-30
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/99036
    titleAmazon Linux AMI : vim (ALAS-2017-809)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1033.NASL
    descriptionAccording to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. (CVE-2016-1248) - vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.(CVE-2017-5953) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99878
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99878
    titleEulerOS 2.0 SP1 : vim (EulerOS-SA-2017-1033)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-9B2CF468D5.NASL
    descriptionThe newest upstream commit, fixing CVE-2017-5953 vim: Tree length values not validated properly when handling a spell file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-02-28
    plugin id97426
    published2017-02-28
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97426
    titleFedora 24 : 2:vim (2017-9b2cf468d5)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1712-1.NASL
    descriptionThis update for vim fixes the following issues: Security issues fixed : - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) - CVE-2017-6350: Fixed a possible overflow when reading a corrupted undo file (bsc#1027053) - CVE-2017-6349: Fixed a possible overflow when reading a corrupted undo file (bsc#1027057) Non security issues fixed : - Speed up YAML syntax highlighting (bsc#1018870) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101108
    published2017-06-29
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101108
    titleSUSE SLED12 / SLES12 Security Update : vim (SUSE-SU-2017:1712-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1034.NASL
    descriptionAccording to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. (CVE-2016-1248) - vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.(CVE-2017-5953) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99879
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99879
    titleEulerOS 2.0 SP2 : vim (EulerOS-SA-2017-1034)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-280.NASL
    descriptionThis update for vim fixes the following issues : - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724)
    last seen2020-06-05
    modified2017-02-21
    plugin id97289
    published2017-02-21
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97289
    titleopenSUSE Security Update : vim (openSUSE-2017-280)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-822.NASL
    descriptionA vulnerability has been discovered in Vim where a malformed spell file could cause an integer overflow which is used as the size for memory allocation, resulting in a subsequent buffer overflow. For Debian 7
    last seen2020-03-17
    modified2017-02-13
    plugin id97106
    published2017-02-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97106
    titleDebian DLA-822-1 : vim security update

References