7.8 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.278 Low
EPSS
Percentile
96.8%
CentOS Errata and Security Advisory CESA-2008:0617
Vim (Visual editor IMproved) is an updated and improved version of the vi
editor.
Several input sanitization flaws were found in Vim’s keyword and tag
handling. If Vim looked up a document’s maliciously crafted tag or keyword,
it was possible to execute arbitrary code as the user running Vim.
(CVE-2008-4101)
A heap-based overflow flaw was discovered in Vim’s expansion of file name
patterns with shell wildcards. An attacker could create a specially-crafted
file or directory name that, when opened by Vim, caused the application to
crash or, possibly, execute arbitrary code. (CVE-2008-3432)
Several input sanitization flaws were found in various Vim system
functions. If a user opened a specially crafted file, it was possible to
execute arbitrary code as the user running Vim. (CVE-2008-2712)
Ulf Härnhammar, of Secunia Research, discovered a format string flaw in
Vim’s help tag processor. If a user was tricked into executing the
“helptags” command on malicious data, arbitrary code could be executed with
the permissions of the user running Vim. (CVE-2007-2953)
All Vim users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-November/077600.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077601.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077602.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077603.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077604.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077611.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077619.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077620.html
Affected packages:
vim-X11
vim-common
vim-enhanced
vim-minimal
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0617
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | vim-common | < 6.3.046-0.30E.11 | vim-common-6.3.046-0.30E.11.i386.rpm |
CentOS | 3 | i386 | vim-enhanced | < 6.3.046-0.30E.11 | vim-enhanced-6.3.046-0.30E.11.i386.rpm |
CentOS | 3 | i386 | vim-minimal | < 6.3.046-0.30E.11 | vim-minimal-6.3.046-0.30E.11.i386.rpm |
CentOS | 3 | i386 | vim-x11 | < 6.3.046-0.30E.11 | vim-X11-6.3.046-0.30E.11.i386.rpm |
CentOS | 3 | x86_64 | vim-common | < 6.3.046-0.30E.11 | vim-common-6.3.046-0.30E.11.x86_64.rpm |
CentOS | 3 | x86_64 | vim-enhanced | < 6.3.046-0.30E.11 | vim-enhanced-6.3.046-0.30E.11.x86_64.rpm |
CentOS | 3 | x86_64 | vim-minimal | < 6.3.046-0.30E.11 | vim-minimal-6.3.046-0.30E.11.x86_64.rpm |
CentOS | 3 | x86_64 | vim-x11 | < 6.3.046-0.30E.11 | vim-X11-6.3.046-0.30E.11.x86_64.rpm |
CentOS | 3 | ia64 | vim-x11 | < 6.3.046-0.30E.11 | vim-X11-6.3.046-0.30E.11.ia64.rpm |
CentOS | 3 | ia64 | vim-common | < 6.3.046-0.30E.11 | vim-common-6.3.046-0.30E.11.ia64.rpm |