Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2023-2672.NASLHistoryJan 16, 2024 - 12:00 a.m.
EulerOS 2.0 SP11 : vim (EulerOS-SA-2023-2672)
2024-01-1600:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
euleros
vim
vulnerabilities
cve-2023-1264
cve-2023-2426
cve-2023-2609
cve-2023-2610
null pointer dereference
out-of-range pointer offset
integer overflow
7 High
AI Score
Confidence
Low
According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
-
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. (CVE-2023-1264)
-
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. (CVE-2023-2426)
-
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. (CVE-2023-2609)
-
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. (CVE-2023-2610)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(189057);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");
script_cve_id(
"CVE-2023-1264",
"CVE-2023-2426",
"CVE-2023-2609",
"CVE-2023-2610"
);
script_name(english:"EulerOS 2.0 SP11 : vim (EulerOS-SA-2023-2672)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the
following vulnerabilities :
- NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. (CVE-2023-1264)
- Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. (CVE-2023-2426)
- NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. (CVE-2023-2609)
- Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. (CVE-2023-2610)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-2672
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2e2e991f");
script_set_attribute(attribute:"solution", value:
"Update the affected vim packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-2610");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/07");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-enhanced");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-filesystem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-minimal");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP11");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(11)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP11");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP11", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"vim-common-9.0-1.h17.eulerosv2r11",
"vim-enhanced-9.0-1.h17.eulerosv2r11",
"vim-filesystem-9.0-1.h17.eulerosv2r11",
"vim-minimal-9.0-1.h17.eulerosv2r11"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"11", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | vim-common | p-cpe:/a:huawei:euleros:vim-common |
| huawei | euleros | vim-enhanced | p-cpe:/a:huawei:euleros:vim-enhanced |
| huawei | euleros | vim-filesystem | p-cpe:/a:huawei:euleros:vim-filesystem |
| huawei | euleros | vim-minimal | p-cpe:/a:huawei:euleros:vim-minimal |
| huawei | euleros | 2.0 | cpe:/o:huawei:euleros:2.0 |
Related
nessus
nessus
EulerOS Virtualization 2.11.1 : vim (EulerOS-SA-2023-2746)
2024-01-16 00:00:00
EulerOS 2.0 SP11 : vim (EulerOS-SA-2023-2714)
2024-01-16 00:00:00
EulerOS Virtualization 2.11.0 : vim (EulerOS-SA-2023-2777)
2024-01-16 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2023-2746)
2023-09-11 00:00:00
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2023-2714)
2023-09-05 00:00:00
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2023-2777)
2023-09-11 00:00:00
amazon
amazon
ubuntu
ubuntu
Vim vulnerabilities
2023-06-12 00:00:00
Vim vulnerabilities
2023-03-20 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: vim-9.0.1562-1.fc37
2023-05-24 01:15:19
[SECURITY] Fedora 38 Update: vim-9.0.1562-1.fc38
2023-05-20 01:49:30
[SECURITY] Fedora 37 Update: vim-9.0.1407-1.fc37
2023-03-20 01:39:05
osv
osv
vim vulnerabilities
2023-06-12 11:33:47
CVE-2023-1264
2023-03-07 22:15:00
vim - security update
2023-06-12 00:00:00
cloudfoundry
cloudfoundry
USN-6154-1: Vim vulnerabilities | Cloud Foundry
2023-10-12 00:00:00
USN-5963-1: Vim vulnerabilities | Cloud Foundry
2023-04-29 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0395
2023-05-20 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0583
2023-05-20 00:00:00
Moderate Photon OS Security Update - PHSA-2023-4.0-0389
2023-05-10 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-03-24 15:37:58
Denial Of Service (DoS)
2023-08-07 00:14:46
Integer Overflow
2023-08-07 00:15:44
huntr
huntr
NULL Pointer Dereference in function utfc_ptr2len
2023-02-09 12:58:25
Null pointer dereference in get_register at register.c:311
2023-03-23 21:49:44
segmentation fault in regexp.c:1788
2023-02-21 07:02:05
cvelist
cvelist
CVE-2023-1264 NULL Pointer Dereference in vim/vim
2023-03-07 00:00:00
CVE-2023-2609 NULL Pointer Dereference in vim/vim
2023-05-09 00:00:00
CVE-2023-2610 Integer Overflow or Wraparound in vim/vim
2023-05-09 00:00:00
redhatcve
redhatcve
cnvd
cnvd
Vim Denial of Service Vulnerability (CNVD-2023-72256)
2023-03-13 00:00:00
prion
prion
Null pointer dereference
2023-03-07 22:15:00
Null pointer dereference
2023-05-09 18:15:00
Integer overflow
2023-05-09 22:15:00
alpinelinux
alpinelinux
wolfi
wolfi
CVE-2023-1264 vulnerabilities
2024-05-28 21:07:31
debiancve
debiancve
cgr
cgr
CVE-2023-1264 vulnerabilities
2024-05-19 03:07:16
ubuntucve
ubuntucve
cve
cve
cbl_mariner
cbl_mariner
CVE-2023-1264 affecting package vim for versions less than 9.0.1402-1
2023-03-24 23:57:10
CVE-2023-1264 affecting package vim 9.0.1247-1
2023-04-07 04:59:55
CVE-2023-2609 affecting package vim 9.0.1527-1
2023-05-25 17:55:45
redos
redos
ROS-20230616-07
2023-06-16 00:00:00
ROS-20230616-03
2023-06-16 00:00:00
cloudlinux
cloudlinux
vim: Fix of CVE-2023-2609
2023-06-01 15:44:17
vim: Fix of CVE-2023-2610
2023-05-29 16:22:04
mageia
mageia
Updated vim packages fix security vulnerability
2023-05-31 09:41:32
slackware
slackware
[slackware-security] vim
2023-03-20 19:36:04
debian
debian
[SECURITY] [DLA 3453-1] vim security update
2023-06-12 17:41:50
rosalinux
rosalinux
Advisory ROSA-SA-2023-2268
2023-10-22 06:02:22
apple
apple
About the security content of macOS Big Sur 11.7.9
2023-07-24 00:00:00
About the security content of macOS Monterey 12.6.8
2023-07-24 00:00:00
About the security content of macOS Ventura 13.5
2023-07-24 00:00:00
hp
hp
HP ThinPro 8.0 SP 7 Security Updates
2024-01-26 00:00:00