Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2007-2438HistoryMay 02, 2007 - 9:19 p.m.
CVE-2007-2438
2007-05-0221:19:00
Debian Security Bug Tracker
security-tracker.debian.org
10
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.018 Low
EPSS
Percentile
88.1%
The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | vim | < 1:7.1-022+1 | vim_1:7.1-022+1_all.deb |
| Debian | 11 | all | vim | < 1:7.1-022+1 | vim_1:7.1-022+1_all.deb |
| Debian | 10 | all | vim | < 1:7.1-022+1 | vim_1:7.1-022+1_all.deb |
| Debian | 999 | all | vim | < 1:7.1-022+1 | vim_1:7.1-022+1_all.deb |
| Debian | 13 | all | vim | < 1:7.1-022+1 | vim_1:7.1-022+1_all.deb |
Related
nessus
nessus
Oracle Linux 5 : vim (ELSA-2007-0346)
2013-07-12 00:00:00
RHEL 5 : vim (RHSA-2007:0346)
2007-05-25 00:00:00
Mandrake Linux Security Advisory : vim (MDKSA-2007:101)
2007-05-10 00:00:00
openvas
openvas
Ubuntu Update for vim vulnerability USN-463-1
2009-03-23 00:00:00
Ubuntu: Security Advisory (USN-463-1)
2009-03-23 00:00:00
Mandriva Update for vim MDKSA-2007:101 (vim)
2009-04-09 00:00:00
redhat
redhat
(RHSA-2007:0346) Moderate: vim security update
2007-05-09 00:00:00
oraclelinux
oraclelinux
Moderate: vim security update
2007-06-26 00:00:00
cve
cve
CVE-2007-2438
2007-05-02 21:19:00
CVE-2007-2653
2007-05-14 21:19:00
centos
centos
vim security update
2007-05-10 15:37:27
prion
prion
Command injection
2007-05-02 21:19:00
Design/Logic Flaw
2007-05-14 21:19:00
ubuntucve
ubuntucve
CVE-2007-2438
2007-05-02 00:00:00
securityvulns
securityvulns
vim sandbox protection bypass
2007-05-12 00:00:00
[ MDKSA-2007:101 ] - Updated vim packages fix vulnerability
2007-05-12 00:00:00
ubuntu
ubuntu
vim vulnerability
2007-05-23 00:00:00
osv
osv
vim
2007-09-19 00:00:00
vim - several vulnerabilities
2007-09-19 00:00:00
debian
debian
[SECURITY] [DSA 1364-1] New vim packages fix several vulnerabilities
2007-09-01 11:30:35
[SECURITY] [DSA 1364-2] New vim packages fix several vulnerabilities
2007-09-19 22:20:43
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.018 Low
EPSS
Percentile
88.1%
Related for DEBIANCVE:CVE-2007-2438