Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2022_ALAS2022-2022-251.NASLHistoryDec 09, 2022 - 12:00 a.m.
Amazon Linux 2022 : vim (ALAS2022-2022-251)
2022-12-0900:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-251 advisory.
- A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. (CVE-2022-3705)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-251.
##
include('compat.inc');
if (description)
{
script_id(168575);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/23");
script_cve_id("CVE-2022-3705");
script_xref(name:"IAVB", value:"2023-B-0016-S");
script_name(english:"Amazon Linux 2022 : vim (ALAS2022-2022-251)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2022 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-251 advisory.
- A vulnerability was found in vim and classified as problematic. Affected by this issue is the function
qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use
after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this
issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the
affected component. The identifier of this vulnerability is VDB-212324. (CVE-2022-3705)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2022/ALAS-2022-251.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-3705.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update vim' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3705");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/26");
script_set_attribute(attribute:"patch_publication_date", value:"2022/12/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/12/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:vim-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:vim-common-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:vim-data");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:vim-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:vim-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:vim-default-editor");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:vim-enhanced");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:vim-enhanced-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:vim-filesystem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:vim-minimal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:vim-minimal-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2022");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2022")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2022", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'vim-common-9.0.828-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-common-9.0.828-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-common-9.0.828-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-common-debuginfo-9.0.828-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-common-debuginfo-9.0.828-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-common-debuginfo-9.0.828-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-data-9.0.828-1.amzn2022.0.1', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-debuginfo-9.0.828-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-debuginfo-9.0.828-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-debuginfo-9.0.828-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-debugsource-9.0.828-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-debugsource-9.0.828-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-debugsource-9.0.828-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-default-editor-9.0.828-1.amzn2022.0.1', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-enhanced-9.0.828-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-enhanced-9.0.828-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-enhanced-9.0.828-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-enhanced-debuginfo-9.0.828-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-enhanced-debuginfo-9.0.828-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-enhanced-debuginfo-9.0.828-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-filesystem-9.0.828-1.amzn2022.0.1', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-minimal-9.0.828-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-minimal-9.0.828-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-minimal-9.0.828-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-minimal-debuginfo-9.0.828-1.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-minimal-debuginfo-9.0.828-1.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},
{'reference':'vim-minimal-debuginfo-9.0.828-1.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim-common / vim-common-debuginfo / vim-data / etc");
}| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | vim-common | p-cpe:/a:amazon:linux:vim-common |
| amazon | linux | vim-common-debuginfo | p-cpe:/a:amazon:linux:vim-common-debuginfo |
| amazon | linux | vim-data | p-cpe:/a:amazon:linux:vim-data |
| amazon | linux | vim-debuginfo | p-cpe:/a:amazon:linux:vim-debuginfo |
| amazon | linux | vim-debugsource | p-cpe:/a:amazon:linux:vim-debugsource |
| amazon | linux | vim-default-editor | p-cpe:/a:amazon:linux:vim-default-editor |
| amazon | linux | vim-enhanced | p-cpe:/a:amazon:linux:vim-enhanced |
| amazon | linux | vim-enhanced-debuginfo | p-cpe:/a:amazon:linux:vim-enhanced-debuginfo |
| amazon | linux | vim-filesystem | p-cpe:/a:amazon:linux:vim-filesystem |
| amazon | linux | vim-minimal | p-cpe:/a:amazon:linux:vim-minimal |
Related
redhatcve
redhatcve
CVE-2022-3705
2022-11-01 12:26:15
ubuntucve
ubuntucve
CVE-2022-3705
2022-10-26 00:00:00
openvas
openvas
Fedora: Security Advisory for vim (FEDORA-2022-06e4f1dd58)
2022-11-06 00:00:00
Slackware: Security Advisory (SSA:2022-304-01)
2022-11-01 00:00:00
Fedora: Security Advisory for vim (FEDORA-2022-3d354ef0fb)
2022-11-10 00:00:00
amazon
amazon
nessus
nessus
Fedora 36 : 2:vim (2022-06e4f1dd58)
2022-12-21 00:00:00
Slackware Linux 15.0 / current vim Vulnerability (SSA:2022-304-01)
2022-11-18 00:00:00
Fedora 35 : 2:vim (2022-3d354ef0fb)
2022-12-23 00:00:00
cvelist
cvelist
CVE-2022-3705 vim autocmd quickfix.c qf_update_buffer use after free
2022-10-26 00:00:00
slackware
slackware
[slackware-security] vim
2022-10-31 23:46:43
osv
osv
CVE-2022-3705
2022-10-26 20:15:00
vim vulnerabilities
2023-10-09 04:10:20
vim - security update
2022-11-08 00:00:00
prion
prion
Design/Logic Flaw
2022-10-26 20:15:00
cve
cve
CVE-2022-3705
2022-10-26 20:15:00
debiancve
debiancve
CVE-2022-3705
2022-10-26 20:15:00
fedora
fedora
[SECURITY] Fedora 35 Update: vim-9.0.828-1.fc35
2022-11-09 11:27:25
[SECURITY] Fedora 36 Update: vim-9.0.828-1.fc36
2022-11-05 17:00:42
[SECURITY] Fedora 37 Update: vim-9.0.828-1.fc37
2022-11-10 22:58:15
alpinelinux
alpinelinux
CVE-2022-3705
2022-10-26 20:15:00
cbl_mariner
cbl_mariner
CVE-2022-3705 affecting package vim 9.0.0614-1
2022-11-24 00:45:40
CVE-2022-3705 affecting package vim for versions less than 9.0.0805-1
2022-11-16 02:26:20
veracode
veracode
Denial Of Service (DoS)
2022-10-29 07:48:01
redos
redos
ROS-20221103-01
2022-11-03 00:00:00
ubuntu
ubuntu
Vim vulnerabilities
2023-10-09 00:00:00
cloudfoundry
cloudfoundry
USN-6420-1: Vim vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
apple
apple
About the security content of macOS Ventura 13.2
2023-01-23 00:00:00
debian
debian
[SECURITY] [DLA 3182-1] vim security update
2022-11-08 14:55:16
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0380
2023-04-25 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0568
2023-04-19 00:00:00
mageia
mageia
Updated vim packages fix security vulnerability
2022-11-19 01:50:51
gentoo
gentoo
Vim, gVim: Multiple Vulnerabilities
2023-05-03 00:00:00
Related for AL2022_ALAS2022-2022-251.NASL