FreeBSD81F127A8-0038-11DA-86BC-000E0C2E438Avim -- vulnerabilities in modeline handling: glob, expand
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
80.7%
Georgi Guninski discovered a way to construct Vim modelines
that execute arbitrary shell commands. The vulnerability
can be exploited by including shell commands in modelines
that call the glob() or expand() functions. An attacker
could trick an user to read or edit a trojaned file with
modelines enabled, after which the attacker is able to
execute arbitrary commands with the privileges of the user.
Note: It is generally recommended that VIM
users use set nomodeline in
~/.vimrc to avoid the possibility of trojaned
text files.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | vim | = 6.3 | UNKNOWN |
| FreeBSD | any | noarch | vim | < 6.3.82 | UNKNOWN |
| FreeBSD | any | noarch | vim-console | = 6.3 | UNKNOWN |
| FreeBSD | any | noarch | vim-console | < 6.3.82 | UNKNOWN |
| FreeBSD | any | noarch | vim-lite | = 6.3 | UNKNOWN |
| FreeBSD | any | noarch | vim-lite | < 6.3.82 | UNKNOWN |
| FreeBSD | any | noarch | vim+ruby | = 6.3 | UNKNOWN |
| FreeBSD | any | noarch | vim+ruby | < 6.3.82 | UNKNOWN |
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
80.7%