Lucene search

K
centosCentOS ProjectCESA-2016:2972
HistoryDec 21, 2016 - 5:28 p.m.

vim security update

2016-12-2117:28:53
CentOS Project
lists.centos.org
59

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.8 High

EPSS

Percentile

98.2%

CentOS Errata and Security Advisory CESA-2016:2972

Vim (Vi IMproved) is an updated and improved version of the vi editor.

Security Fix(es):

  • A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. (CVE-2016-1248)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-December/084347.html
https://lists.centos.org/pipermail/centos-announce/2016-December/084349.html

Affected packages:
vim-X11
vim-common
vim-enhanced
vim-filesystem
vim-minimal

Upstream details at:
https://access.redhat.com/errata/RHSA-2016:2972

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.8 High

EPSS

Percentile

98.2%