Lucene search
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS_RHSA-2008-0580.NASLHistoryJan 06, 2010 - 12:00 a.m.
CentOS 5 : vim (CESA-2008:0580)
2010-01-0600:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Vim (Visual editor IMproved) is an updated and improved version of the vi editor.
Several input sanitization flaws were found in Vim’s keyword and tag handling. If Vim looked up a document’s maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)
Multiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim.
(CVE-2008-3076)
A security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075)
A security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074)
Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712)
Ulf Harnhammar, of Secunia Research, discovered a format string flaw in Vim’s help tag processor. If a user was tricked into executing the ‘helptags’ command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953)
All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2008:0580 and
# CentOS Errata and Security Advisory 2008:0580 respectively.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(43697);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4101", "CVE-2008-6235");
script_bugtraq_id(25095);
script_xref(name:"RHSA", value:"2008:0580");
script_name(english:"CentOS 5 : vim (CESA-2008:0580)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated vim packages that fix security issues are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
Vim (Visual editor IMproved) is an updated and improved version of the
vi editor.
Several input sanitization flaws were found in Vim's keyword and tag
handling. If Vim looked up a document's maliciously crafted tag or
keyword, it was possible to execute arbitrary code as the user running
Vim. (CVE-2008-4101)
Multiple security flaws were found in netrw.vim, the Vim plug-in
providing file reading and writing over the network. If a user opened
a specially crafted file or directory with the netrw plug-in, it could
result in arbitrary code execution as the user running Vim.
(CVE-2008-3076)
A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
archive browsing. If a user opened a ZIP archive using the zip.vim
plug-in, it could result in arbitrary code execution as the user
running Vim. (CVE-2008-3075)
A security flaw was found in tar.vim, the Vim plug-in which handles
TAR archive browsing. If a user opened a TAR archive using the tar.vim
plug-in, it could result in arbitrary code execution as the user
runnin Vim. (CVE-2008-3074)
Several input sanitization flaws were found in various Vim system
functions. If a user opened a specially crafted file, it was possible
to execute arbitrary code as the user running Vim. (CVE-2008-2712)
Ulf Harnhammar, of Secunia Research, discovered a format string flaw
in Vim's help tag processor. If a user was tricked into executing the
'helptags' command on malicious data, arbitrary code could be executed
with the permissions of the user running Vim. (CVE-2007-2953)
All Vim users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues."
);
# https://lists.centos.org/pipermail/centos-announce/2008-November/015453.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?ab334c2c"
);
# https://lists.centos.org/pipermail/centos-announce/2008-November/015454.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?928c4900"
);
script_set_attribute(attribute:"solution", value:"Update the affected vim packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20, 78, 94);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:vim-X11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:vim-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:vim-enhanced");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:vim-minimal");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/31");
script_set_attribute(attribute:"patch_publication_date", value:"2008/11/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-5", reference:"vim-X11-7.0.109-4.el5_2.4z")) flag++;
if (rpm_check(release:"CentOS-5", reference:"vim-common-7.0.109-4.el5_2.4z")) flag++;
if (rpm_check(release:"CentOS-5", reference:"vim-enhanced-7.0.109-4.el5_2.4z")) flag++;
if (rpm_check(release:"CentOS-5", reference:"vim-minimal-7.0.109-4.el5_2.4z")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim-X11 / vim-common / vim-enhanced / vim-minimal");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| centos | centos | vim-x11 | p-cpe:/a:centos:centos:vim-x11 |
| centos | centos | vim-common | p-cpe:/a:centos:centos:vim-common |
| centos | centos | vim-enhanced | p-cpe:/a:centos:centos:vim-enhanced |
| centos | centos | vim-minimal | p-cpe:/a:centos:centos:vim-minimal |
| centos | centos | 5 | cpe:/o:centos:centos:5 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6235
www.nessus.org/u?928c4900
www.nessus.org/u?ab334c2c
Related
nessus
nessus
RHEL 5 : vim (RHSA-2008:0580)
2008-11-25 00:00:00
Oracle Linux 5 : vim (ELSA-2008-0580)
2013-07-12 00:00:00
Scientific Linux Security Update : vim on SL3.x, SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
redhat
redhat
(RHSA-2008:0580) Moderate: vim security update
2008-11-25 00:00:00
(RHSA-2008:0617) Moderate: vim security update
2008-11-25 00:00:00
(RHSA-2008:0618) Moderate: vim security update
2008-11-25 00:00:00
oraclelinux
oraclelinux
vim security update
2008-11-25 00:00:00
vim security update
2008-11-25 00:00:00
centos
centos
vim security update
2008-11-26 22:22:41
vim security update
2008-11-25 16:56:47
vim security update
2008-11-25 23:40:39
openvas
openvas
Oracle: Security Advisory (ELSA-2008-0580)
2015-10-08 00:00:00
RedHat Update for vim RHSA-2008:0580-01
2009-03-06 00:00:00
RedHat Update for vim RHSA-2008:0580-01
2009-03-06 00:00:00
osv
osv
vim - multiple vulnerabilities
2009-03-03 00:00:00
vim
2007-09-19 00:00:00
vim - several vulnerabilities
2007-09-19 00:00:00
debian
debian
[SECURITY] [DSA 1733-1] New vim packages fix multiple vulnerabilities
2009-03-03 08:35:06
[SECURITY] [DSA 1733-1] New vim packages fix multiple vulnerabilities
2009-03-03 08:35:06
[Backports-security-announce] Security Update for vim
2008-11-29 10:05:18
prion
prion
Information disclosure
2009-02-21 22:30:00
Information disclosure
2009-02-21 22:30:00
Design/Logic Flaw
2008-06-16 21:41:00
cve
cve
ubuntucve
ubuntucve
debiancve
debiancve
ubuntu
ubuntu
Vim vulnerabilities
2009-01-27 00:00:00
vim vulnerability
2007-08-28 00:00:00
vmware
vmware
ESX Service Console updates for openssl, bind, and vim
2009-03-31 00:00:00
ESX Service Console updates for openssl, bind, and vim
2009-03-31 00:00:00
securityvulns
securityvulns
vim multiple security vulnerabilities
2008-08-25 00:00:00
Vim: Unfixed Vulnerabilities in Tar Plugin Version 20
2008-08-08 00:00:00
Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim
2008-07-24 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:25:50
Arbitrary Code Execution
2020-04-10 00:25:49
Arbitrary Code Execution
2020-04-10 00:25:49
freebsd
freebsd
vim -- Command Format String Vulnerability
2007-07-27 00:00:00
vim -- Vim Shell Command Injection Vulnerabilities
2008-06-16 00:00:00
vim -- multiple vulnerabilities in the netrw module
2008-10-16 00:00:00
seebug
seebug
Vim HelpTags命令远程格式串处理漏洞
2007-08-01 00:00:00
Vim多个插件字符转义任意命令执行漏洞
2008-11-28 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44
Related for CENTOS_RHSA-2008-0580.NASL