Vulnerabilities > CVE-2019-12735 - OS Command Injection vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
- Command Delimiters An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or a blacklist input validation, as opposed to whitelist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or blacklist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
- Exploiting Multiple Input Interpretation Layers An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
- Argument Injection An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.
- OS Command Injection In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.
Exploit-Db
| id | EDB-ID:46973 |
| last seen | 2019-06-07 |
| modified | 2019-06-04 |
| published | 2019-06-04 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/46973 |
| title | Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution |
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_CURL.NASL description An update of the curl package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126195 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126195 title Photon OS 1.0: Curl PHSA-2019-1.0-0237 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0162_VIM.NASL description An update of the vim package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126211 published 2019-06-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126211 title Photon OS 2.0: Vim PHSA-2019-2.0-0162 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_ZOOKEEPER.NASL description An update of the zookeeper package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126205 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126205 title Photon OS 1.0: Zookeeper PHSA-2019-1.0-0237 NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1759.NASL description This update for neovim fixes the following issues : neovim was updated to version 0.3.7 : - CVE-2019-12735: source should check sandbox (boo#1137443) - genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5 : - options: properly reset directories on last seen 2020-06-01 modified 2020-06-02 plugin id 126899 published 2019-07-22 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126899 title openSUSE Security Update : neovim (openSUSE-2019-1759) NASL family Scientific Linux Local Security Checks NASL id SL_20190701_VIM_ON_SL7_X.NASL description Security Fix(es) : - vim/neovim: last seen 2020-03-18 modified 2019-07-02 plugin id 126436 published 2019-07-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126436 title Scientific Linux Security Update : vim on SL7.x x86_64 (20190701) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1456-1.NASL description This update for vim fixes the following issue : Security issue fixed : CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125847 published 2019-06-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125847 title SUSE SLED12 / SLES12 Security Update : vim (SUSE-SU-2019:1456-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1871.NASL description Several minor issues have been fixed in vim, a highly configurable text editor. CVE-2017-11109 Vim allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. CVE-2017-17087 Vim sets the group ownership of a .swp file to the editor last seen 2020-06-01 modified 2020-06-02 plugin id 127480 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127480 title Debian DLA-1871-1 : vim security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4016-1.NASL description It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-5953) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125853 published 2019-06-12 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125853 title Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : vim vulnerabilities (USN-4016-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_GLIB.NASL description An update of the glib package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126196 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126196 title Photon OS 1.0: Glib PHSA-2019-1.0-0237 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_GNUPG.NASL description An update of the gnupg package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126197 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126197 title Photon OS 1.0: Gnupg PHSA-2019-1.0-0237 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_WGET.NASL description An update of the wget package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126204 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126204 title Photon OS 1.0: Wget PHSA-2019-1.0-0237 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_OPENSSH.NASL description An update of the openssh package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126199 published 2019-06-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126199 title Photon OS 1.0: Openssh PHSA-2019-1.0-0237 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1997.NASL description According to the version of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution.(CVE-2019-12735) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-24 plugin id 129190 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129190 title EulerOS 2.0 SP3 : vim (EulerOS-SA-2019-1997) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1562.NASL description This update for vim fixes the following issue : Security issue fixed : - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 125983 published 2019-06-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125983 title openSUSE Security Update : vim (openSUSE-2019-1562) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1561.NASL description This update for vim fixes the following issue : Security issue fixed : - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 125982 published 2019-06-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125982 title openSUSE Security Update : vim (openSUSE-2019-1561) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_BBDB97138E0911E987BC002590ACAE31.NASL description Security releases for Vim/NeoVim : Sandbox escape allows for arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 125913 published 2019-06-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125913 title FreeBSD : Vim/NeoVim -- Security vulnerability (bbdb9713-8e09-11e9-87bc-002590acae31) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1766.NASL description According to the version of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution.(CVE-2019-12735) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-07-25 plugin id 127003 published 2019-07-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127003 title EulerOS 2.0 SP8 : vim (EulerOS-SA-2019-1766) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-1619.NASL description An update for vim is now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es) : * vim/neovim: last seen 2020-06-01 modified 2020-06-02 plugin id 126387 published 2019-07-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126387 title CentOS 7 : vim (CESA-2019:1619) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4487.NASL description User last seen 2020-06-01 modified 2020-06-02 plugin id 126968 published 2019-07-24 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126968 title Debian DSA-4487-1 : neovim - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1690.NASL description According to the version of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution.(CVE-2019-12735) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-07-02 plugin id 126431 published 2019-07-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126431 title EulerOS 2.0 SP5 : vim (EulerOS-SA-2019-1690) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_SQLITE.NASL description An update of the sqlite package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126202 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126202 title Photon OS 1.0: Sqlite PHSA-2019-1.0-0237 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1699.NASL description According to the version of the vim packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution.(CVE-2019-12735) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126541 published 2019-07-09 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126541 title EulerOS Virtualization for ARM 64 3.0.2.0 : vim (EulerOS-SA-2019-1699) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1457-1.NASL description This update for vim fixes the following issue : Security issue fixed : CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125848 published 2019-06-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125848 title SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2019:1457-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1793.NASL description An update for vim is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es) : * vim/neovim: last seen 2020-06-01 modified 2020-06-02 plugin id 126761 published 2019-07-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126761 title RHEL 7 : vim (RHSA-2019:1793) NASL family Fedora Local Security Checks NASL id FEDORA_2019-DCD49378B8.NASL description 1717503 - Security issue: patch 8.1.1365: source command doesn last seen 2020-06-01 modified 2020-06-02 plugin id 125868 published 2019-06-13 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125868 title Fedora 29 : 2:vim (2019-dcd49378b8) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1619.NASL description An update for vim is now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es) : * vim/neovim: last seen 2020-06-01 modified 2020-06-02 plugin id 126302 published 2019-06-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126302 title RHEL 7 / 8 : vim (RHSA-2019:1619) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4016-2.NASL description It was discovered that Neovim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125854 published 2019-06-12 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125854 title Ubuntu 18.10 / 19.04 : Neovim vulnerability (USN-4016-2) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_VIM.NASL description An update of the vim package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126203 published 2019-06-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126203 title Photon OS 1.0: Vim PHSA-2019-1.0-0237 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-1774.NASL description From Red Hat Security Advisory 2019:1774 : An update for vim is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es) : * vim/neovim: last seen 2020-06-01 modified 2020-06-02 plugin id 126807 published 2019-07-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126807 title Oracle Linux 6 : vim (ELSA-2019-1774) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-1619.NASL description From Red Hat Security Advisory 2019:1619 : An update for vim is now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es) : * vim/neovim: last seen 2020-06-01 modified 2020-06-02 plugin id 126316 published 2019-06-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126316 title Oracle Linux 7 / 8 : vim (ELSA-2019-1619) NASL family Scientific Linux Local Security Checks NASL id SL_20190715_VIM_ON_SL6_X.NASL description Security Fix(es) : - vim/neovim: last seen 2020-03-18 modified 2019-07-16 plugin id 126715 published 2019-07-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126715 title Scientific Linux Security Update : vim on SL6.x i386/x86_64 (20190715) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1239.NASL description It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. (CVE-2019-12735) last seen 2020-06-01 modified 2020-06-02 plugin id 127460 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127460 title Amazon Linux 2 : vim (ALAS-2019-1239) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1753.NASL description According to the version of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution.(CVE-2019-12735) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-07-22 plugin id 126880 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126880 title EulerOS 2.0 SP2 : vim (EulerOS-SA-2019-1753) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1774.NASL description An update for vim is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es) : * vim/neovim: last seen 2020-06-01 modified 2020-06-02 plugin id 126710 published 2019-07-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126710 title RHEL 6 : vim (RHSA-2019:1774) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2020-0020_VIM.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has vim packages installed that are affected by a vulnerability: - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. (CVE-2019-12735) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-18 modified 2020-03-08 plugin id 134315 published 2020-03-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134315 title NewStart CGSL MAIN 4.05 : vim Vulnerability (NS-SA-2020-0020) NASL family Fedora Local Security Checks NASL id FEDORA_2019-D79F89346C.NASL description 1717503 - Security issue: patch 8.1.1365: source command doesn last seen 2020-06-01 modified 2020-06-02 plugin id 125788 published 2019-06-10 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125788 title Fedora 30 : 2:vim (2019-d79f89346c) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-14078-1.NASL description This update for vim fixes the following issues : Security issue fixed : CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125846 published 2019-06-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125846 title SUSE SLES11 Security Update : vim (SUSE-SU-2019:14078-1) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0161_VIM.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has vim packages installed that are affected by a vulnerability: - It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. (CVE-2019-12735) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127443 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127443 title NewStart CGSL CORE 5.04 / MAIN 5.04 : vim Vulnerability (NS-SA-2019-0161) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_BINUTILS.NASL description An update of the binutils package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126194 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126194 title Photon OS 1.0: Binutils PHSA-2019-1.0-0237 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_LIBVIRT.NASL description An update of the libvirt package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126198 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126198 title Photon OS 1.0: Libvirt PHSA-2019-1.0-0237 NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0164_VIM.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has vim packages installed that are affected by a vulnerability: - It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. (CVE-2019-12735) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127449 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127449 title NewStart CGSL CORE 5.05 / MAIN 5.05 : vim Vulnerability (NS-SA-2019-0164) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0162_SQLITE.NASL description An update of the sqlite package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126210 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126210 title Photon OS 2.0: Sqlite PHSA-2019-2.0-0162 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-04.NASL description The remote host is affected by the vulnerability described in GLSA-202003-04 (Vim, gVim: Remote execution of arbitrary code) It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. Impact : A remote attacker could entice a user to open a specially crafted file using Vim or gVim, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-13 plugin id 134471 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134471 title GLSA-202003-04 : Vim, gVim: Remote execution of arbitrary code NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1239.NASL description It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. (CVE-2019-12735) last seen 2020-06-01 modified 2020-06-02 plugin id 127067 published 2019-07-26 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127067 title Amazon Linux AMI : vim (ALAS-2019-1239) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-1774.NASL description An update for vim is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es) : * vim/neovim: last seen 2020-06-01 modified 2020-06-02 plugin id 126790 published 2019-07-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126790 title CentOS 6 : vim (CESA-2019:1774) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4467.NASL description User last seen 2020-06-01 modified 2020-06-02 plugin id 126013 published 2019-06-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126013 title Debian DSA-4467-1 : vim - security update NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0177_VIM.NASL description The remote NewStart CGSL host, running version MAIN 4.06, has vim packages installed that are affected by a vulnerability: - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. (CVE-2019-12735) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 128690 published 2019-09-11 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128690 title NewStart CGSL MAIN 4.06 : vim Vulnerability (NS-SA-2019-0177) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1947.NASL description An update for vim is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es) : * vim/neovim: last seen 2020-06-01 modified 2020-06-02 plugin id 127634 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127634 title RHEL 7 : vim (RHSA-2019:1947) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1551.NASL description This update for neovim fixes the following issues : Security issue fixed : - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443).	 last seen 2020-05-31 modified 2019-06-14 plugin id 125918 published 2019-06-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125918 title openSUSE Security Update : neovim (openSUSE-2019-1551) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0162_DOCKER.NASL description An update of the docker package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126209 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126209 title Photon OS 2.0: Docker PHSA-2019-2.0-0162 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_PYTHON2.NASL description An update of the python2 package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126200 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126200 title Photon OS 1.0: Python2 PHSA-2019-1.0-0237 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_PYTHON3.NASL description An update of the python3 package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126201 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126201 title Photon OS 1.0: Python3 PHSA-2019-1.0-0237
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
The Hacker News
| id | THN:9460624BCD0856A65B8FA82B14272221 |
| last seen | 2019-06-10 |
| modified | 2019-06-10 |
| published | 2019-06-10 |
| reporter | The Hacker News |
| source | https://thehackernews.com/2019/06/linux-vim-vulnerability.html |
| title | Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor |
References
- https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040
- https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
- https://github.com/neovim/neovim/pull/10082
- https://bugs.debian.org/930024
- https://bugs.debian.org/930020
- https://usn.ubuntu.com/4016-1/
- https://usn.ubuntu.com/4016-2/
- http://www.securityfocus.com/bid/108724
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html
- https://www.debian.org/security/2019/dsa-4467
- https://seclists.org/bugtraq/2019/Jun/33
- https://support.f5.com/csp/article/K93144355
- https://access.redhat.com/errata/RHSA-2019:1619
- https://access.redhat.com/errata/RHSA-2019:1774
- https://access.redhat.com/errata/RHSA-2019:1793
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html
- https://www.debian.org/security/2019/dsa-4487
- https://seclists.org/bugtraq/2019/Jul/39
- https://access.redhat.com/errata/RHSA-2019:1947
- https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html
- https://security.gentoo.org/glsa/202003-04
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/
- https://support.f5.com/csp/article/K93144355?utm_source=f5support&%3Butm_medium=RSS