Lucene search

K
centosCentOS ProjectCESA-2016:2972
HistoryDec 21, 2016 - 5:28 p.m.

vim security update

2016-12-2117:28:53
CentOS Project
lists.centos.org
71

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.81

Percentile

98.4%

CentOS Errata and Security Advisory CESA-2016:2972

Vim (Vi IMproved) is an updated and improved version of the vi editor.

Security Fix(es):

  • A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. (CVE-2016-1248)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-December/084347.html
https://lists.centos.org/pipermail/centos-announce/2016-December/084349.html

Affected packages:
vim-X11
vim-common
vim-enhanced
vim-filesystem
vim-minimal

Upstream details at:
https://access.redhat.com/errata/RHSA-2016:2972

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.81

Percentile

98.4%