Lucene search

[email protected]CVE-2008-2712

HistoryJun 16, 2008 - 9:41 p.m.

CVE-2008-2712

2008-06-1621:41:00

CWE-20

[email protected]

web.nvd.nist.gov

cve

vim

user-assisted

remote attackers

arbitrary commands

security vulnerability

execute

scripts

sanitize inputs

7.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.0%

JSON

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

CPENameOperatorVersion
vim:vimvimle6.4
vim:vimvimle7.1.314
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.10

CPE	Name	Operator	Version
vim:vim	vim	le	6.4
vim:vim	vim	le	7.1.314
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.10

References

lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

marc.info/?l=bugtraq&m=121494431426308&w=2

secunia.com/advisories/30731

secunia.com/advisories/32222

secunia.com/advisories/32858

secunia.com/advisories/32864

secunia.com/advisories/33410

secunia.com/advisories/34418

securityreason.com/securityalert/3951

support.apple.com/kb/HT3216

support.apple.com/kb/HT4077

support.avaya.com/elmodocs2/security/ASA-2008-457.htm

support.avaya.com/elmodocs2/security/ASA-2009-001.htm

wiki.rpath.com/Advisories:rPSA-2008-0247

www.mandriva.com/security/advisories?name=MDVSA-2008:236

www.openwall.com/lists/oss-security/2008/06/16/2

www.openwall.com/lists/oss-security/2008/10/15/1

www.rdancer.org/vulnerablevim.html

www.redhat.com/support/errata/RHSA-2008-0580.html

www.redhat.com/support/errata/RHSA-2008-0617.html

www.redhat.com/support/errata/RHSA-2008-0618.html

www.securityfocus.com/archive/1/493352/100/0/threaded

www.securityfocus.com/archive/1/493353/100/0/threaded

www.securityfocus.com/archive/1/495319/100/0/threaded

www.securityfocus.com/archive/1/502322/100/0/threaded

www.securityfocus.com/bid/29715

www.securityfocus.com/bid/31681

www.securitytracker.com/id?1020293

www.ubuntu.com/usn/USN-712-1

www.vmware.com/security/advisories/VMSA-2009-0004.html

www.vupen.com/english/advisories/2008/1851/references

www.vupen.com/english/advisories/2008/2780

www.vupen.com/english/advisories/2009/0033

www.vupen.com/english/advisories/2009/0904

exchange.xforce.ibmcloud.com/vulnerabilities/43083

issues.rpath.com/browse/RPL-2622

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238

7.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.0%

JSON

Related for CVE-2008-2712

prion5 ubuntucve5 debiancve5 cve4 securityvulns3 openvas42 veracode2 nessus21 freebsd1 debian4 centos3 ubuntu1 redhat3 osv1 oraclelinux2 vmware2 threatpost1