Debian Security Bug TrackerDEBIANCVE:CVE-2008-3074CVE-2008-3074
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.006 Low
EPSS
Percentile
78.1%
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the β!β (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | vim | <Β 2:7.2.010-1 | vim_2:7.2.010-1_all.deb |
| Debian | 11 | all | vim | <Β 2:7.2.010-1 | vim_2:7.2.010-1_all.deb |
| Debian | 10 | all | vim | <Β 2:7.2.010-1 | vim_2:7.2.010-1_all.deb |
| Debian | 999 | all | vim | <Β 2:7.2.010-1 | vim_2:7.2.010-1_all.deb |
| Debian | 13 | all | vim | <Β 2:7.2.010-1 | vim_2:7.2.010-1_all.deb |
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.006 Low
EPSS
Percentile
78.1%