CVE-2008-6235

2009-02-2123:30:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.003

Percentile

67.9%

JSON

The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) “D” (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.

OSVersionArchitecturePackageVersionFilename
Debian12allvim< 2:7.2.148-1vim_2:7.2.148-1_all.deb
Debian11allvim< 2:7.2.148-1vim_2:7.2.148-1_all.deb
Debian999allvim< 2:7.2.148-1vim_2:7.2.148-1_all.deb
Debian13allvim< 2:7.2.148-1vim_2:7.2.148-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	vim	< 2:7.2.148-1	vim_2:7.2.148-1_all.deb
Debian	11	all	vim	< 2:7.2.148-1	vim_2:7.2.148-1_all.deb
Debian	999	all	vim	< 2:7.2.148-1	vim_2:7.2.148-1_all.deb
Debian	13	all	vim	< 2:7.2.148-1	vim_2:7.2.148-1_all.deb