Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)
2009-04-23T00:00:00
ID MANDRIVA_MDVSA-2008-236.NASL Type nessus Reporter Tenable Modified 2018-07-19T00:00:00
Description
Several vulnerabilities were found in the vim editor :
A number of input sanitization flaws were found in various vim system
functions. If a user were to open a specially crafted file, it would
be possible to execute arbitrary code as the user running vim
(CVE-2008-2712).
Ulf Härnhammar of Secunia Research found a format
string flaw in vim's help tags processor. If a user were tricked into
executing the helptags command on malicious data, it could result in
the execution of arbitrary code as the user running vim
(CVE-2008-2953).
A flaw was found in how tar.vim handled TAR archive browsing. If a
user were to open a special TAR archive using the plugin, it could
result in the execution of arbitrary code as the user running vim
(CVE-2008-3074).
A flaw was found in how zip.vim handled ZIP archive browsing. If a
user were to open a special ZIP archive using the plugin, it could
result in the execution of arbitrary code as the user running vim
(CVE-2008-3075).
A number of security flaws were found in netrw.vim, the vim plugin
that provides the ability to read and write files over the network. If
a user opened a specially crafted file or directory with the netrw
plugin, it could result in the execution of arbitrary code as the user
running vim (CVE-2008-3076).
A number of input validation flaws were found in vim's keyword and tag
handling. If vim looked up a document's maliciously crafted tag or
keyword, it was possible to execute arbitary code as the user running
vim (CVE-2008-4101).
A vulnerability was found in certain versions of netrw.vim where it
would send FTP credentials stored for an FTP session to subsequent FTP
sessions to servers on different hosts, exposing FTP credentials to
remote hosts (CVE-2008-4677).
This update provides vim 7.2 (patchlevel 65) which corrects all of
these issues and introduces a number of new features and bug fixes.
Update :
The previous vim update incorrectly introduced a requirement on
libruby and also conflicted with a file from the git-core package (in
contribs). These issues have been corrected with these updated
packages.
#%NASL_MIN_LEVEL 70103
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2008:236.
# The text itself is copyright (C) Mandriva S.A.
#
include("compat.inc");
if (description)
{
script_id(36821);
script_version ("1.14");
script_cvs_date("Date: 2018/07/19 20:59:15");
script_cve_id("CVE-2007-2953", "CVE-2008-2712", "CVE-2008-2953", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4101", "CVE-2008-4677");
script_bugtraq_id(25095);
script_xref(name:"MDVSA", value:"2008:236-1");
script_name(english:"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Several vulnerabilities were found in the vim editor :
A number of input sanitization flaws were found in various vim system
functions. If a user were to open a specially crafted file, it would
be possible to execute arbitrary code as the user running vim
(CVE-2008-2712).
Ulf Härnhammar of Secunia Research found a format
string flaw in vim's help tags processor. If a user were tricked into
executing the helptags command on malicious data, it could result in
the execution of arbitrary code as the user running vim
(CVE-2008-2953).
A flaw was found in how tar.vim handled TAR archive browsing. If a
user were to open a special TAR archive using the plugin, it could
result in the execution of arbitrary code as the user running vim
(CVE-2008-3074).
A flaw was found in how zip.vim handled ZIP archive browsing. If a
user were to open a special ZIP archive using the plugin, it could
result in the execution of arbitrary code as the user running vim
(CVE-2008-3075).
A number of security flaws were found in netrw.vim, the vim plugin
that provides the ability to read and write files over the network. If
a user opened a specially crafted file or directory with the netrw
plugin, it could result in the execution of arbitrary code as the user
running vim (CVE-2008-3076).
A number of input validation flaws were found in vim's keyword and tag
handling. If vim looked up a document's maliciously crafted tag or
keyword, it was possible to execute arbitary code as the user running
vim (CVE-2008-4101).
A vulnerability was found in certain versions of netrw.vim where it
would send FTP credentials stored for an FTP session to subsequent FTP
sessions to servers on different hosts, exposing FTP credentials to
remote hosts (CVE-2008-4677).
This update provides vim 7.2 (patchlevel 65) which corrects all of
these issues and introduces a number of new features and bug fixes.
Update :
The previous vim update incorrectly introduced a requirement on
libruby and also conflicted with a file from the git-core package (in
contribs). These issues have been corrected with these updated
packages."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 78, 94, 255);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vim-X11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vim-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vim-enhanced");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vim-minimal");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
script_set_attribute(attribute:"patch_publication_date", value:"2008/12/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2008.0", reference:"vim-X11-7.2.065-9.3mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"vim-common-7.2.065-9.3mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"vim-enhanced-7.2.065-9.3mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"vim-minimal-7.2.065-9.3mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"vim-X11-7.2.065-9.3mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"vim-common-7.2.065-9.3mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"vim-enhanced-7.2.065-9.3mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"vim-minimal-7.2.065-9.3mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"vim-X11-7.2.065-9.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"vim-common-7.2.065-9.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"vim-enhanced-7.2.065-9.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"vim-minimal-7.2.065-9.3mdv2009.0", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "MANDRIVA_MDVSA-2008-236.NASL", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.", "published": "2009-04-23T00:00:00", "modified": "2018-07-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "type": "nessus", "lastseen": "2019-01-16T20:09:05", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:mandriva:linux:vim-minimal", "p-cpe:/a:mandriva:linux:vim-common", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:vim-X11", "p-cpe:/a:mandriva:linux:vim-enhanced"], "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.", "edition": 6, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "8e24a6f8d6ceebe01211f2323825b75ca6c2cbe3de851551522d132377ea3940", "hashmap": [{"hash": "306207caabaade4830e874dd955afbce", "key": "description"}, {"hash": "8a405feac8e71cab87116ef933dfc17e", "key": "href"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f374bc60a75d16a6a8615022c3815f94", "key": "cvelist"}, {"hash": "1f855a3a9b7d8766f0ad2f09df06e822", "key": "cpe"}, {"hash": "197a63ce57b10c1f43b5342b9dd90820", "key": "published"}, {"hash": "d79f372f585dad80577c166ffc754e23", "key": "title"}, {"hash": "889e0ac5bc12f5d7a0222c4c66705b8b", "key": "sourceData"}, {"hash": "b94468282c77ce98c794d894337ae500", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "id": "MANDRIVA_MDVSA-2008-236.NASL", "lastseen": "2018-09-01T23:37:08", "modified": "2018-07-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "36821", "published": "2009-04-23T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 6, "lastseen": "2018-09-01T23:37:08"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:mandriva:linux:vim-minimal", "p-cpe:/a:mandriva:linux:vim-common", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:vim-X11", "p-cpe:/a:mandriva:linux:vim-enhanced"], "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "8e24a6f8d6ceebe01211f2323825b75ca6c2cbe3de851551522d132377ea3940", "hashmap": [{"hash": "306207caabaade4830e874dd955afbce", "key": "description"}, {"hash": "8a405feac8e71cab87116ef933dfc17e", "key": "href"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f374bc60a75d16a6a8615022c3815f94", "key": "cvelist"}, {"hash": "1f855a3a9b7d8766f0ad2f09df06e822", "key": "cpe"}, {"hash": "197a63ce57b10c1f43b5342b9dd90820", "key": "published"}, {"hash": "d79f372f585dad80577c166ffc754e23", "key": "title"}, {"hash": "889e0ac5bc12f5d7a0222c4c66705b8b", "key": "sourceData"}, {"hash": "b94468282c77ce98c794d894337ae500", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "id": "MANDRIVA_MDVSA-2008-236.NASL", "lastseen": "2018-08-02T07:40:55", "modified": "2018-07-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "36821", "published": "2009-04-23T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-02T07:40:55"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.", "edition": 1, "hash": "7a15a6cc1305f5fb745e58d7cd4eed16a701cbd11a77b1370dc97496a80ab73f", "hashmap": [{"hash": "306207caabaade4830e874dd955afbce", "key": "description"}, {"hash": "8a405feac8e71cab87116ef933dfc17e", "key": "href"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "3cf12ca51aefc7921e2fae5f5b05a36b", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a33e65a768b0cca01f769a54f9f4ed8b", "key": "cvss"}, {"hash": "f374bc60a75d16a6a8615022c3815f94", "key": "cvelist"}, {"hash": "197a63ce57b10c1f43b5342b9dd90820", "key": "published"}, {"hash": "d79f372f585dad80577c166ffc754e23", "key": "title"}, {"hash": "800084d14669b7e75c4baba9f7a47966", "key": "modified"}, {"hash": "b94468282c77ce98c794d894337ae500", "key": "pluginID"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "id": "MANDRIVA_MDVSA-2008-236.NASL", "lastseen": "2016-09-26T17:23:42", "modified": "2015-03-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.2", "pluginID": "36821", "published": "2009-04-23T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2015/03/19 14:49:27 $\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:23:42"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:mandriva:linux:vim-minimal", "p-cpe:/a:mandriva:linux:vim-common", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:vim-X11", "p-cpe:/a:mandriva:linux:vim-enhanced"], "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "e3a9c585eaec95cd5dcd806c17f5e714bc63ffe34eef42a0c6453a40c352ed94", "hashmap": [{"hash": "306207caabaade4830e874dd955afbce", "key": "description"}, {"hash": "8a405feac8e71cab87116ef933dfc17e", "key": "href"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f374bc60a75d16a6a8615022c3815f94", "key": "cvelist"}, {"hash": "1f855a3a9b7d8766f0ad2f09df06e822", "key": "cpe"}, {"hash": "5b6e285ed6333e664cb3599907b7f5b6", "key": "modified"}, {"hash": "197a63ce57b10c1f43b5342b9dd90820", "key": "published"}, {"hash": "d79f372f585dad80577c166ffc754e23", "key": "title"}, {"hash": "5b40e55bd47ed91ed23084d83dfb8192", "key": "sourceData"}, {"hash": "b94468282c77ce98c794d894337ae500", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "id": "MANDRIVA_MDVSA-2008-236.NASL", "lastseen": "2017-10-29T13:35:09", "modified": "2016-11-28T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "36821", "published": "2009-04-23T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/11/28 21:39:22 $\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-10-29T13:35:09"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.", "edition": 2, "enchantments": {}, "hash": "c219d551c35834d5c42e265073489302e9a9916028b233cc2340c17be9e56040", "hashmap": [{"hash": "306207caabaade4830e874dd955afbce", "key": "description"}, {"hash": "8a405feac8e71cab87116ef933dfc17e", "key": "href"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f374bc60a75d16a6a8615022c3815f94", "key": "cvelist"}, {"hash": "5b6e285ed6333e664cb3599907b7f5b6", "key": "modified"}, {"hash": "197a63ce57b10c1f43b5342b9dd90820", "key": "published"}, {"hash": "d79f372f585dad80577c166ffc754e23", "key": "title"}, {"hash": "5b40e55bd47ed91ed23084d83dfb8192", "key": "sourceData"}, {"hash": "b94468282c77ce98c794d894337ae500", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "id": "MANDRIVA_MDVSA-2008-236.NASL", "lastseen": "2016-11-29T05:31:32", "modified": "2016-11-28T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.2", "pluginID": "36821", "published": "2009-04-23T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/11/28 21:39:22 $\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2016-11-29T05:31:32"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:mandriva:linux:vim-minimal", "p-cpe:/a:mandriva:linux:vim-common", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:vim-X11", "p-cpe:/a:mandriva:linux:vim-enhanced"], "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.", "edition": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "23ca678364fb4cb389bea2c78a45870b6af7e1d123348befdec7db9f5ad463d9", "hashmap": [{"hash": "306207caabaade4830e874dd955afbce", "key": "description"}, {"hash": "8a405feac8e71cab87116ef933dfc17e", "key": "href"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f374bc60a75d16a6a8615022c3815f94", "key": "cvelist"}, {"hash": "1f855a3a9b7d8766f0ad2f09df06e822", "key": "cpe"}, {"hash": "197a63ce57b10c1f43b5342b9dd90820", "key": "published"}, {"hash": "d79f372f585dad80577c166ffc754e23", "key": "title"}, {"hash": "889e0ac5bc12f5d7a0222c4c66705b8b", "key": "sourceData"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "b94468282c77ce98c794d894337ae500", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "id": "MANDRIVA_MDVSA-2008-236.NASL", "lastseen": "2018-08-30T19:33:54", "modified": "2018-07-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "36821", "published": "2009-04-23T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:33:54"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "1f855a3a9b7d8766f0ad2f09df06e822"}, {"key": "cvelist", "hash": "f374bc60a75d16a6a8615022c3815f94"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "19f99e97fce7c5c6ca8d1734c858cc4c"}, {"key": "href", "hash": "8a405feac8e71cab87116ef933dfc17e"}, {"key": "modified", "hash": "e2914120514a29eeccc01e381df164d8"}, {"key": "naslFamily", "hash": "526837706681051344a466f9e51ac982"}, {"key": "pluginID", "hash": "b94468282c77ce98c794d894337ae500"}, {"key": "published", "hash": "197a63ce57b10c1f43b5342b9dd90820"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "889e0ac5bc12f5d7a0222c4c66705b8b"}, {"key": "title", "hash": "d79f372f585dad80577c166ffc754e23"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "2c6a83701b6d36f73aebba037b854326b748ad64325fb4b36922d22bb94292e9", "viewCount": 1, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310830451", "OPENVAS:870099", "OPENVAS:1361412562310870099", "OPENVAS:830568", "OPENVAS:830451", "OPENVAS:1361412562310830568", "OPENVAS:1361412562310122541", "OPENVAS:136141256231065087", "OPENVAS:63500", "OPENVAS:136141256231063500"]}, {"type": "redhat", "idList": ["RHSA-2008:0580", "RHSA-2008:0617", "RHSA-2008:0618"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1733.NASL", "REDHAT-RHSA-2008-0580.NASL", "CENTOS_RHSA-2008-0580.NASL", "SL_20081125_VIM_ON_SL3_X.NASL", "ORACLELINUX_ELSA-2008-0580.NASL", "SUSE9_12360.NASL", "SUSE_11_0_GVIM-090225.NASL", "SUSE_GVIM-6023.NASL", "SUSE_11_1_GVIM-090225.NASL", "REDHAT-RHSA-2008-0617.NASL"]}, {"type": "cve", "idList": ["CVE-2008-4677", "CVE-2007-2953", "CVE-2008-2953", "CVE-2008-4101", "CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076"]}, {"type": "centos", "idList": ["CESA-2008:0580", "CESA-2008:0617", "CESA-2008:0618-01"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0580", "ELSA-2008-0617"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1733-1:0AD7D", "DEBIAN:39911521BDD8B510D11191B007C5C80B:928A4"]}, {"type": "ubuntu", "idList": ["USN-712-1", "USN-505-1"]}, {"type": "vmware", "idList": ["VMSA-2009-0004"]}, {"type": "osvdb", "idList": ["OSVDB:38674"]}, {"type": "seebug", "idList": ["SSV:2059", "SSV:4501"]}, {"type": "exploitdb", "idList": ["EDB-ID:32289", "EDB-ID:31911", "EDB-ID:32012"]}, {"type": "freebsd", "idList": ["1ED03222-3C65-11DC-B3D3-0016179B2DD5", "30866E6C-3C6D-11DD-98C9-00163E000016", "0E1E3789-D87F-11DD-8ECD-00163E000016"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20317", "SECURITYVULNS:VULN:9086", "SECURITYVULNS:DOC:20220"]}], "modified": "2019-01-16T20:09:05"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "36821", "cpe": ["p-cpe:/a:mandriva:linux:vim-minimal", "p-cpe:/a:mandriva:linux:vim-common", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:vim-X11", "p-cpe:/a:mandriva:linux:vim-enhanced"]}
{"openvas": [{"lastseen": "2018-04-09T11:38:37", "bulletinFamily": "scanner", "description": "Check for the Version of vim", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830451", "id": "OPENVAS:1361412562310830451", "title": "Mandriva Update for vim MDVSA-2008:236-1 (vim)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for vim MDVSA-2008:236-1 (vim)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were found in the vim editor:\n\n A number of input sanitization flaws were found in various vim\n system functions. If a user were to open a specially crafted file,\n it would be possible to execute arbitrary code as the user running vim\n (CVE-2008-2712).\n \n Ulf Härnhammar of Secunia Research found a format string flaw in\n vim's help tags processor. If a user were tricked into executing the\n helptags command on malicious data, it could result in the execution\n of arbitrary code as the user running vim (CVE-2008-2953).\n \n A flaw was found in how tar.vim handled TAR archive browsing. If a\n user were to open a special TAR archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3074).\n \n A flaw was found in how zip.vim handled ZIP archive browsing. If a\n user were to open a special ZIP archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3075).\n \n A number of security flaws were found in netrw.vim, the vim plugin\n that provides the ability to read and write files over the network.\n If a user opened a specially crafted file or directory with the netrw\n plugin, it could result in the execution of arbitrary code as the\n user running vim (CVE-2008-3076).\n \n A number of input validation flaws were found in vim's keyword and\n tag handling. If vim looked up a document's maliciously crafted\n tag or keyword, it was possible to execute arbitrary code as the user\n running vim (CVE-2008-4101).\n \n A vulnerability was found in certain versions of netrw.vim where it\n would send FTP credentials stored for an FTP session to subsequent\n FTP sessions to servers on different hosts, exposing FTP credentials\n to remote hosts (CVE-2008-4677).\n \n This update provides vim 7.2 (patchlevel 65) which corrects all of\n these issues and introduces a number of new features and bug fixes.\n \n Update:\n \n The previous vim update incorrectly introduced a requirement on\n libruby and also conflicted with a file from the git-core package\n (in contribs). These issues have been corrected with these updated\n packages.\";\n\ntag_affected = \"vim on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-12/msg00010.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830451\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:236-1\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_name( \"Mandriva Update for vim MDVSA-2008:236-1 (vim)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:59", "bulletinFamily": "scanner", "description": "Check for the Version of vim", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870099", "id": "OPENVAS:870099", "title": "RedHat Update for vim RHSA-2008:0580-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for vim RHSA-2008:0580-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vim (Visual editor IMproved) is an updated and improved version of the vi\n editor.\n\n Several input sanitization flaws were found in Vim's keyword and tag\n handling. If Vim looked up a document's maliciously crafted tag or keyword,\n it was possible to execute arbitrary code as the user running Vim.\n (CVE-2008-4101)\n \n Multiple security flaws were found in netrw.vim, the Vim plug-in providing\n file reading and writing over the network. If a user opened a specially\n crafted file or directory with the netrw plug-in, it could result in\n arbitrary code execution as the user running Vim. (CVE-2008-3076)\n \n A security flaw was found in zip.vim, the Vim plug-in that handles ZIP\n archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\n it could result in arbitrary code execution as the user running Vim.\n (CVE-2008-3075)\n \n A security flaw was found in tar.vim, the Vim plug-in which handles TAR\n archive browsing. If a user opened a TAR archive using the tar.vim plug-in,\n it could result in arbitrary code execution as the user runnin Vim.\n (CVE-2008-3074)\n \n Several input sanitization flaws were found in various Vim system\n functions. If a user opened a specially crafted file, it was possible to\n execute arbitrary code as the user running Vim. (CVE-2008-2712)\n \n Ulf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\n Vim's help tag processor. If a user was tricked into executing the\n "helptags" command on malicious data, arbitrary code could be executed with\n the permissions of the user running Vim. (CVE-2007-2953)\n \n All Vim users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\";\n\ntag_affected = \"vim on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-November/msg00012.html\");\n script_id(870099);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0580-01\");\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\");\n script_name( \"RedHat Update for vim RHSA-2008:0580-01\");\n\n script_summary(\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-debuginfo\", rpm:\"vim-debuginfo~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:31", "bulletinFamily": "scanner", "description": "Check for the Version of vim", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870099", "id": "OPENVAS:1361412562310870099", "type": "openvas", "title": "RedHat Update for vim RHSA-2008:0580-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for vim RHSA-2008:0580-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vim (Visual editor IMproved) is an updated and improved version of the vi\n editor.\n\n Several input sanitization flaws were found in Vim's keyword and tag\n handling. If Vim looked up a document's maliciously crafted tag or keyword,\n it was possible to execute arbitrary code as the user running Vim.\n (CVE-2008-4101)\n \n Multiple security flaws were found in netrw.vim, the Vim plug-in providing\n file reading and writing over the network. If a user opened a specially\n crafted file or directory with the netrw plug-in, it could result in\n arbitrary code execution as the user running Vim. (CVE-2008-3076)\n \n A security flaw was found in zip.vim, the Vim plug-in that handles ZIP\n archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\n it could result in arbitrary code execution as the user running Vim.\n (CVE-2008-3075)\n \n A security flaw was found in tar.vim, the Vim plug-in which handles TAR\n archive browsing. If a user opened a TAR archive using the tar.vim plug-in,\n it could result in arbitrary code execution as the user runnin Vim.\n (CVE-2008-3074)\n \n Several input sanitization flaws were found in various Vim system\n functions. If a user opened a specially crafted file, it was possible to\n execute arbitrary code as the user running Vim. (CVE-2008-2712)\n \n Ulf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\n Vim's help tag processor. If a user was tricked into executing the\n "helptags" command on malicious data, arbitrary code could be executed with\n the permissions of the user running Vim. (CVE-2007-2953)\n \n All Vim users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\";\n\ntag_affected = \"vim on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-November/msg00012.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870099\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0580-01\");\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\");\n script_name( \"RedHat Update for vim RHSA-2008:0580-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-debuginfo\", rpm:\"vim-debuginfo~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:05", "bulletinFamily": "scanner", "description": "Check for the Version of vim", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830568", "id": "OPENVAS:830568", "title": "Mandriva Update for vim MDVSA-2008:236 (vim)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for vim MDVSA-2008:236 (vim)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were found in the vim editor:\n\n A number of input sanitization flaws were found in various vim\n system functions. If a user were to open a specially crafted file,\n it would be possible to execute arbitrary code as the user running vim\n (CVE-2008-2712).\n \n Ulf Härnhammar of Secunia Research found a format string flaw in\n vim's help tags processor. If a user were tricked into executing the\n helptags command on malicious data, it could result in the execution\n of arbitrary code as the user running vim (CVE-2008-2953).\n \n A flaw was found in how tar.vim handled TAR archive browsing. If a\n user were to open a special TAR archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3074).\n \n A flaw was found in how zip.vim handled ZIP archive browsing. If a\n user were to open a special ZIP archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3075).\n \n A number of security flaws were found in netrw.vim, the vim plugin\n that provides the ability to read and write files over the network.\n If a user opened a specially crafted file or directory with the netrw\n plugin, it could result in the execution of arbitrary code as the\n user running vim (CVE-2008-3076).\n \n A number of input validation flaws were found in vim's keyword and\n tag handling. If vim looked up a document's maliciously crafted\n tag or keyword, it was possible to execute arbitrary code as the user\n running vim (CVE-2008-4101).\n \n A vulnerability was found in certain versions of netrw.vim where it\n would send FTP credentials stored for an FTP session to subsequent\n FTP sessions to servers on different hosts, exposing FTP credentials\n to remote hosts (CVE-2008-4677).\n \n This update provides vim 7.2 (patchlevel 65) which corrects all of\n these issues and introduces a number of new features and bug fixes.\";\n\ntag_affected = \"vim on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-12/msg00003.php\");\n script_id(830568);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:236\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_name( \"Mandriva Update for vim MDVSA-2008:236 (vim)\");\n\n script_summary(\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:22", "bulletinFamily": "scanner", "description": "Check for the Version of vim", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830568", "id": "OPENVAS:1361412562310830568", "type": "openvas", "title": "Mandriva Update for vim MDVSA-2008:236 (vim)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for vim MDVSA-2008:236 (vim)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were found in the vim editor:\n\n A number of input sanitization flaws were found in various vim\n system functions. If a user were to open a specially crafted file,\n it would be possible to execute arbitrary code as the user running vim\n (CVE-2008-2712).\n \n Ulf Härnhammar of Secunia Research found a format string flaw in\n vim's help tags processor. If a user were tricked into executing the\n helptags command on malicious data, it could result in the execution\n of arbitrary code as the user running vim (CVE-2008-2953).\n \n A flaw was found in how tar.vim handled TAR archive browsing. If a\n user were to open a special TAR archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3074).\n \n A flaw was found in how zip.vim handled ZIP archive browsing. If a\n user were to open a special ZIP archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3075).\n \n A number of security flaws were found in netrw.vim, the vim plugin\n that provides the ability to read and write files over the network.\n If a user opened a specially crafted file or directory with the netrw\n plugin, it could result in the execution of arbitrary code as the\n user running vim (CVE-2008-3076).\n \n A number of input validation flaws were found in vim's keyword and\n tag handling. If vim looked up a document's maliciously crafted\n tag or keyword, it was possible to execute arbitrary code as the user\n running vim (CVE-2008-4101).\n \n A vulnerability was found in certain versions of netrw.vim where it\n would send FTP credentials stored for an FTP session to subsequent\n FTP sessions to servers on different hosts, exposing FTP credentials\n to remote hosts (CVE-2008-4677).\n \n This update provides vim 7.2 (patchlevel 65) which corrects all of\n these issues and introduces a number of new features and bug fixes.\";\n\ntag_affected = \"vim on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-12/msg00003.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830568\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:236\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_name( \"Mandriva Update for vim MDVSA-2008:236 (vim)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:04", "bulletinFamily": "scanner", "description": "Check for the Version of vim", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830451", "id": "OPENVAS:830451", "title": "Mandriva Update for vim MDVSA-2008:236-1 (vim)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for vim MDVSA-2008:236-1 (vim)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were found in the vim editor:\n\n A number of input sanitization flaws were found in various vim\n system functions. If a user were to open a specially crafted file,\n it would be possible to execute arbitrary code as the user running vim\n (CVE-2008-2712).\n \n Ulf Härnhammar of Secunia Research found a format string flaw in\n vim's help tags processor. If a user were tricked into executing the\n helptags command on malicious data, it could result in the execution\n of arbitrary code as the user running vim (CVE-2008-2953).\n \n A flaw was found in how tar.vim handled TAR archive browsing. If a\n user were to open a special TAR archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3074).\n \n A flaw was found in how zip.vim handled ZIP archive browsing. If a\n user were to open a special ZIP archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3075).\n \n A number of security flaws were found in netrw.vim, the vim plugin\n that provides the ability to read and write files over the network.\n If a user opened a specially crafted file or directory with the netrw\n plugin, it could result in the execution of arbitrary code as the\n user running vim (CVE-2008-3076).\n \n A number of input validation flaws were found in vim's keyword and\n tag handling. If vim looked up a document's maliciously crafted\n tag or keyword, it was possible to execute arbitrary code as the user\n running vim (CVE-2008-4101).\n \n A vulnerability was found in certain versions of netrw.vim where it\n would send FTP credentials stored for an FTP session to subsequent\n FTP sessions to servers on different hosts, exposing FTP credentials\n to remote hosts (CVE-2008-4677).\n \n This update provides vim 7.2 (patchlevel 65) which corrects all of\n these issues and introduces a number of new features and bug fixes.\n \n Update:\n \n The previous vim update incorrectly introduced a requirement on\n libruby and also conflicted with a file from the git-core package\n (in contribs). These issues have been corrected with these updated\n packages.\";\n\ntag_affected = \"vim on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-12/msg00010.php\");\n script_id(830451);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:236-1\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_name( \"Mandriva Update for vim MDVSA-2008:236-1 (vim)\");\n\n script_summary(\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:06", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gvim\n vim\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5044520 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065087", "id": "OPENVAS:136141256231065087", "type": "openvas", "title": "SLES9: Security update for ViM", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5044520.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for ViM\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gvim\n vim\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5044520 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65087\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for ViM\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gvim\", rpm:\"gvim~6.2~235.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:24:31", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2008-0580", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122541", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122541", "title": "Oracle Linux Local Check: ELSA-2008-0580", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0580.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122541\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:47:36 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0580\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0580 - vim security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0580\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0580.html\");\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-4101\", \"CVE-2008-6235\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.0.109~4.el5_2.4z\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.0.109~4.el5_2.4z\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.0.109~4.el5_2.4z\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.0.109~4.el5_2.4z\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:45", "bulletinFamily": "scanner", "description": "The remote host is missing an update to vim\nannounced via advisory DSA 1733-1.", "modified": "2017-07-07T00:00:00", "published": "2009-03-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63500", "id": "OPENVAS:63500", "title": "Debian Security Advisory DSA 1733-1 (vim)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1733_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1733-1 (vim)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2008-2712\n\nJan Minar discovered that vim did not properly sanitise inputs\nbefore invoking the execute or system functions inside vim\nscripts. This could lead to the execution of arbitrary code.\n\nCVE-2008-3074\n\nJan Minar discovered that the tar plugin of vim did not properly\nsanitise the filenames in the tar archive or the name of the\narchive file itself, making it prone to arbitrary code execution.\n\nCVE-2008-3075\n\nJan Minar discovered that the zip plugin of vim did not properly\nsanitise the filenames in the zip archive or the name of the\narchive file itself, making it prone to arbitrary code execution.\n\nCVE-2008-3076\n\nJan Minar discovered that the netrw plugin of vim did not properly\nsanitise the filenames or directory names it is given. This could\nlead to the execution of arbitrary code.\n\nCVE-2008-4101\n\nBen Schmidt discovered that vim did not properly escape characters\nwhen performing keyword or tag lookups. This could lead to the\nexecution of arbitrary code.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1:7.1.314-3+lenny1, which was already included in the lenny\nrelease.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 1:7.0-122+1etch4.\n\nFor the testing distribution (squeeze), these problems have been fixed\nin version 1:7.1.314-3+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:7.2.010-1.\";\ntag_summary = \"The remote host is missing an update to vim\nannounced via advisory DSA 1733-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201733-1\";\n\n\nif(description)\n{\n script_id(63500);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-07 21:47:03 +0100 (Sat, 07 Mar 2009)\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4104\", \"CVE-2008-4101\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1733-1 (vim)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"vim-gui-common\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-runtime\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-full\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-lesstif\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tiny\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update to vim\nannounced via advisory DSA 1733-1.", "modified": "2018-04-06T00:00:00", "published": "2009-03-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063500", "id": "OPENVAS:136141256231063500", "type": "openvas", "title": "Debian Security Advisory DSA 1733-1 (vim)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1733_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1733-1 (vim)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2008-2712\n\nJan Minar discovered that vim did not properly sanitise inputs\nbefore invoking the execute or system functions inside vim\nscripts. This could lead to the execution of arbitrary code.\n\nCVE-2008-3074\n\nJan Minar discovered that the tar plugin of vim did not properly\nsanitise the filenames in the tar archive or the name of the\narchive file itself, making it prone to arbitrary code execution.\n\nCVE-2008-3075\n\nJan Minar discovered that the zip plugin of vim did not properly\nsanitise the filenames in the zip archive or the name of the\narchive file itself, making it prone to arbitrary code execution.\n\nCVE-2008-3076\n\nJan Minar discovered that the netrw plugin of vim did not properly\nsanitise the filenames or directory names it is given. This could\nlead to the execution of arbitrary code.\n\nCVE-2008-4101\n\nBen Schmidt discovered that vim did not properly escape characters\nwhen performing keyword or tag lookups. This could lead to the\nexecution of arbitrary code.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1:7.1.314-3+lenny1, which was already included in the lenny\nrelease.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 1:7.0-122+1etch4.\n\nFor the testing distribution (squeeze), these problems have been fixed\nin version 1:7.1.314-3+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:7.2.010-1.\";\ntag_summary = \"The remote host is missing an update to vim\nannounced via advisory DSA 1733-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201733-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63500\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-07 21:47:03 +0100 (Sat, 07 Mar 2009)\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4104\", \"CVE-2008-4101\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1733-1 (vim)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"vim-gui-common\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-runtime\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-full\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-lesstif\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tiny\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:42:18", "bulletinFamily": "unix", "description": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2017-09-08T12:06:57", "published": "2008-11-25T05:00:00", "id": "RHSA-2008:0580", "href": "https://access.redhat.com/errata/RHSA-2008:0580", "type": "redhat", "title": "(RHSA-2008:0580) Moderate: vim security update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:41", "bulletinFamily": "unix", "description": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file name\npatterns with shell wildcards. An attacker could create a specially-crafted\nfile or directory name that, when opened by Vim, caused the application to\ncrash or, possibly, execute arbitrary code. (CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2017-09-08T11:47:42", "published": "2008-11-25T05:00:00", "id": "RHSA-2008:0617", "href": "https://access.redhat.com/errata/RHSA-2008:0617", "type": "redhat", "title": "(RHSA-2008:0617) Moderate: vim security update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:33", "bulletinFamily": "unix", "description": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2018-03-14T19:25:39", "published": "2008-11-25T05:00:00", "id": "RHSA-2008:0618", "href": "https://access.redhat.com/errata/RHSA-2008:0618", "type": "redhat", "title": "(RHSA-2008:0618) Moderate: vim security update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:08:54", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2008-2712\n Jan Minar discovered that vim did not properly sanitise\n inputs before invoking the execute or system functions\n inside vim scripts. This could lead to the execution of\n arbitrary code.\n\n - CVE-2008-3074\n Jan Minar discovered that the tar plugin of vim did not\n properly sanitise the filenames in the tar archive or\n the name of the archive file itself, making it prone to\n arbitrary code execution.\n\n - CVE-2008-3075\n Jan Minar discovered that the zip plugin of vim did not\n properly sanitise the filenames in the zip archive or\n the name of the archive file itself, making it prone to\n arbitrary code execution.\n\n - CVE-2008-3076\n Jan Minar discovered that the netrw plugin of vim did\n not properly sanitise the filenames or directory names\n it is given. This could lead to the execution of\n arbitrary code.\n\n - CVE-2008-4101\n Ben Schmidt discovered that vim did not properly escape\n characters when performing keyword or tag lookups. This\n could lead to the execution of arbitrary code.", "modified": "2018-11-10T00:00:00", "published": "2009-03-04T00:00:00", "id": "DEBIAN_DSA-1733.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35764", "title": "Debian DSA-1733-1 : vim - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1733. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35764);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\");\n script_xref(name:\"DSA\", value:\"1733\");\n\n script_name(english:\"Debian DSA-1733-1 : vim - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2008-2712\n Jan Minar discovered that vim did not properly sanitise\n inputs before invoking the execute or system functions\n inside vim scripts. This could lead to the execution of\n arbitrary code.\n\n - CVE-2008-3074\n Jan Minar discovered that the tar plugin of vim did not\n properly sanitise the filenames in the tar archive or\n the name of the archive file itself, making it prone to\n arbitrary code execution.\n\n - CVE-2008-3075\n Jan Minar discovered that the zip plugin of vim did not\n properly sanitise the filenames in the zip archive or\n the name of the archive file itself, making it prone to\n arbitrary code execution.\n\n - CVE-2008-3076\n Jan Minar discovered that the netrw plugin of vim did\n not properly sanitise the filenames or directory names\n it is given. This could lead to the execution of\n arbitrary code.\n\n - CVE-2008-4101\n Ben Schmidt discovered that vim did not properly escape\n characters when performing keyword or tag lookups. This\n could lead to the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1733\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the oldstable distribution (etch), these problems have been fixed\nin version 1:7.0-122+1etch5.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1:7.1.314-3+lenny1, which was already included in the lenny\nrelease.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 78, 94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"vim\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-common\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-doc\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-full\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-gnome\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-gtk\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-gui-common\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-lesstif\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-perl\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-python\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-ruby\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-runtime\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-tcl\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-tiny\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"vim\", reference:\"1:7.1.314-3+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:43", "bulletinFamily": "scanner", "description": "Updated vim packages that fix security issues are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in\nproviding file reading and writing over the network. If a user opened\na specially crafted file or directory with the netrw plug-in, it could\nresult in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim\nplug-in, it could result in arbitrary code execution as the user\nrunning Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles\nTAR archive browsing. If a user opened a TAR archive using the tar.vim\nplug-in, it could result in arbitrary code execution as the user\nrunnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2018-11-27T00:00:00", "published": "2008-11-25T00:00:00", "id": "REDHAT-RHSA-2008-0580.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34953", "title": "RHEL 5 : vim (RHSA-2008:0580)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0580. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34953);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-6235\");\n script_bugtraq_id(25095);\n script_xref(name:\"RHSA\", value:\"2008:0580\");\n\n script_name(english:\"RHEL 5 : vim (RHSA-2008:0580)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vim packages that fix security issues are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in\nproviding file reading and writing over the network. If a user opened\na specially crafted file or directory with the netrw plug-in, it could\nresult in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim\nplug-in, it could result in arbitrary code execution as the user\nrunning Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles\nTAR archive browsing. If a user opened a TAR archive using the tar.vim\nplug-in, it could result in arbitrary code execution as the user\nrunnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-6235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0580\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 78, 94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0580\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"vim-X11-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"vim-X11-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"vim-X11-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"vim-common-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"vim-common-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"vim-common-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"vim-enhanced-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"vim-enhanced-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"vim-enhanced-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"vim-minimal-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"vim-minimal-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"vim-minimal-7.0.109-4.el5_2.4z\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim-X11 / vim-common / vim-enhanced / vim-minimal\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:10:13", "bulletinFamily": "scanner", "description": "Updated vim packages that fix security issues are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in\nproviding file reading and writing over the network. If a user opened\na specially crafted file or directory with the netrw plug-in, it could\nresult in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim\nplug-in, it could result in arbitrary code execution as the user\nrunning Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles\nTAR archive browsing. If a user opened a TAR archive using the tar.vim\nplug-in, it could result in arbitrary code execution as the user\nrunnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2018-11-10T00:00:00", "published": "2010-01-06T00:00:00", "id": "CENTOS_RHSA-2008-0580.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43697", "title": "CentOS 5 : vim (CESA-2008:0580)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0580 and \n# CentOS Errata and Security Advisory 2008:0580 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43697);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-6235\");\n script_bugtraq_id(25095);\n script_xref(name:\"RHSA\", value:\"2008:0580\");\n\n script_name(english:\"CentOS 5 : vim (CESA-2008:0580)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vim packages that fix security issues are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in\nproviding file reading and writing over the network. If a user opened\na specially crafted file or directory with the netrw plug-in, it could\nresult in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim\nplug-in, it could result in arbitrary code execution as the user\nrunning Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles\nTAR archive browsing. If a user opened a TAR archive using the tar.vim\nplug-in, it could result in arbitrary code execution as the user\nrunnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015453.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab334c2c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015454.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?928c4900\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 78, 94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"vim-X11-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"vim-common-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"vim-enhanced-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"vim-minimal-7.0.109-4.el5_2.4z\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:14:14", "bulletinFamily": "scanner", "description": "Several input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nSL3 and SL4 Only: A heap-based overflow flaw was discovered in Vim's\nexpansion of file name patterns with shell wildcards. An attacker\ncould create a specially crafted file or directory name that, when\nopened by Vim, caused the application to crash or, possibly, execute\narbitrary code. (CVE-2008-3432)\n\nSL5 Only: Multiple security flaws were found in netrw.vim, the Vim\nplug-in providing file reading and writing over the network. If a user\nopened a specially crafted file or directory with the netrw plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nSL5 Only: A security flaw was found in zip.vim, the Vim plug-in that\nhandles ZIP archive browsing. If a user opened a ZIP archive using the\nzip.vim plug-in, it could result in arbitrary code execution as the\nuser running Vim. (CVE-2008-3075)\n\nSL5 Only: A security flaw was found in tar.vim, the Vim plug-in which\nhandles TAR archive browsing. If a user opened a TAR archive using the\ntar.vim plug-in, it could result in arbitrary code execution as the\nuser runnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Härnhammar, of Secunia Research, discovered a format string\nflaw in Vim's help tag processor. If a user was tricked into executing\nthe 'helptags' command on malicious data, arbitrary code could be\nexecuted with the permissions of the user running Vim. (CVE-2007-2953)", "modified": "2019-01-07T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20081125_VIM_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60500", "title": "Scientific Linux Security Update : vim on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60500);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/01/07 9:52:18\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-3432\", \"CVE-2008-4101\");\n\n script_name(english:\"Scientific Linux Security Update : vim on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nSL3 and SL4 Only: A heap-based overflow flaw was discovered in Vim's\nexpansion of file name patterns with shell wildcards. An attacker\ncould create a specially crafted file or directory name that, when\nopened by Vim, caused the application to crash or, possibly, execute\narbitrary code. (CVE-2008-3432)\n\nSL5 Only: Multiple security flaws were found in netrw.vim, the Vim\nplug-in providing file reading and writing over the network. If a user\nopened a specially crafted file or directory with the netrw plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nSL5 Only: A security flaw was found in zip.vim, the Vim plug-in that\nhandles ZIP archive browsing. If a user opened a ZIP archive using the\nzip.vim plug-in, it could result in arbitrary code execution as the\nuser running Vim. (CVE-2008-3075)\n\nSL5 Only: A security flaw was found in tar.vim, the Vim plug-in which\nhandles TAR archive browsing. If a user opened a TAR archive using the\ntar.vim plug-in, it could result in arbitrary code execution as the\nuser runnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Härnhammar, of Secunia Research, discovered a format string\nflaw in Vim's help tag processor. If a user was tricked into executing\nthe 'helptags' command on malicious data, arbitrary code could be\nexecuted with the permissions of the user running Vim. (CVE-2007-2953)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0811&L=scientific-linux-errata&T=0&P=1936\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ee91c3b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 78, 94, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"vim-X11-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"vim-common-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"vim-enhanced-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"vim-minimal-6.3.046-0.30E.11\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"vim-X11-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"vim-common-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"vim-enhanced-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"vim-minimal-6.3.046-1.el4_7.5z\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"vim-X11-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"vim-common-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"vim-enhanced-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"vim-minimal-7.0.109-4.el5_2.4z\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:16:29", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0580 :\n\nUpdated vim packages that fix security issues are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in\nproviding file reading and writing over the network. If a user opened\na specially crafted file or directory with the netrw plug-in, it could\nresult in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim\nplug-in, it could result in arbitrary code execution as the user\nrunning Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles\nTAR archive browsing. If a user opened a TAR archive using the tar.vim\nplug-in, it could result in arbitrary code execution as the user\nrunnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2008-0580.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67722", "title": "Oracle Linux 5 : vim (ELSA-2008-0580)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0580 and \n# Oracle Linux Security Advisory ELSA-2008-0580 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67722);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-6235\");\n script_bugtraq_id(25095);\n script_xref(name:\"RHSA\", value:\"2008:0580\");\n\n script_name(english:\"Oracle Linux 5 : vim (ELSA-2008-0580)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0580 :\n\nUpdated vim packages that fix security issues are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in\nproviding file reading and writing over the network. If a user opened\na specially crafted file or directory with the netrw plug-in, it could\nresult in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim\nplug-in, it could result in arbitrary code execution as the user\nrunning Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles\nTAR archive browsing. If a user opened a TAR archive using the tar.vim\nplug-in, it could result in arbitrary code execution as the user\nrunnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-November/000812.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 78, 94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"vim-X11-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"vim-common-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"vim-enhanced-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"vim-minimal-7.0.109-4.el5_2.4z\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim-X11 / vim-common / vim-enhanced / vim-minimal\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:09:49", "bulletinFamily": "scanner", "description": "The VI Improved editor (vim) received bugfixes for some code execution\nproblems.\n\n - Arbitrary code execution in vim helper plugins\n filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw\n were fixed. (CVE-2008-2712)\n\n - Arbitrary code execution when pressing K, ctrl-] or g]\n depending on the text under the cursor. (CVE-2008-4101)\n\n - The netrw plugin sent credentials to all servers.\n (CVE-2008-4677)", "modified": "2018-11-15T00:00:00", "published": "2009-09-24T00:00:00", "id": "SUSE9_12360.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41283", "title": "SuSE9 Security Update : ViM (YOU Patch Number 12360)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41283);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n\n script_name(english:\"SuSE9 Security Update : ViM (YOU Patch Number 12360)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The VI Improved editor (vim) received bugfixes for some code execution\nproblems.\n\n - Arbitrary code execution in vim helper plugins\n filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw\n were fixed. (CVE-2008-2712)\n\n - Arbitrary code execution when pressing K, ctrl-] or g]\n depending on the text under the cursor. (CVE-2008-4101)\n\n - The netrw plugin sent credentials to all servers.\n (CVE-2008-4677)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2712.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2008-4677/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12360.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"gvim-6.2-235.8\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"vim-6.2-235.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:55", "bulletinFamily": "scanner", "description": "The VI Improved editor (vim) was updated to version 7.2.108 to fix\nvarious security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the\ncurrent directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins\nfiletype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code\ninjection CVE-2008-3076: several netrw bugs, code injection\nCVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin", "modified": "2016-12-22T00:00:00", "published": "2009-03-13T00:00:00", "id": "SUSE_GVIM-6023.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35921", "title": "openSUSE 10 Security Update : gvim (gvim-6023)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gvim-6023.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35921);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:46 $\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4677\", \"CVE-2008-6235\", \"CVE-2009-0316\");\n\n script_name(english:\"openSUSE 10 Security Update : gvim (gvim-6023)\");\n script_summary(english:\"Check for the gvim-6023 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The VI Improved editor (vim) was updated to version 7.2.108 to fix\nvarious security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the\ncurrent directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins\nfiletype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code\ninjection CVE-2008-3076: several netrw bugs, code injection\nCVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gvim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gvim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"gvim-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"vim-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"vim-base-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"vim-data-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"vim-enhanced-7.2-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:09:29", "bulletinFamily": "scanner", "description": "The VI Improved editor (vim) was updated to version 7.2.108 to fix\nvarious security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the\ncurrent directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins\nfiletype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code\ninjection CVE-2008-3076: several netrw bugs, code injection\nCVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin", "modified": "2016-12-21T00:00:00", "published": "2009-07-21T00:00:00", "id": "SUSE_11_0_GVIM-090225.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39980", "title": "openSUSE Security Update : gvim (gvim-561)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gvim-561.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39980);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:49 $\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4677\", \"CVE-2008-6235\", \"CVE-2009-0316\");\n\n script_name(english:\"openSUSE Security Update : gvim (gvim-561)\");\n script_summary(english:\"Check for the gvim-561 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The VI Improved editor (vim) was updated to version 7.2.108 to fix\nvarious security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the\ncurrent directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins\nfiletype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code\ninjection CVE-2008-3076: several netrw bugs, code injection\nCVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=406693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=436755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=439148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=457098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=465255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=470100\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gvim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gvim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"gvim-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"vim-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"vim-base-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"vim-data-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"vim-enhanced-7.2-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:09:34", "bulletinFamily": "scanner", "description": "The VI Improved editor (vim) was updated to version 7.2.108 to fix\nvarious security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the\ncurrent directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins\nfiletype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code\ninjection CVE-2008-3076: several netrw bugs, code injection\nCVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin", "modified": "2016-12-21T00:00:00", "published": "2009-07-21T00:00:00", "id": "SUSE_11_1_GVIM-090225.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40230", "title": "openSUSE Security Update : gvim (gvim-561)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gvim-561.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40230);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:51 $\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4677\", \"CVE-2008-6235\", \"CVE-2009-0316\");\n\n script_name(english:\"openSUSE Security Update : gvim (gvim-561)\");\n script_summary(english:\"Check for the gvim-561 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The VI Improved editor (vim) was updated to version 7.2.108 to fix\nvarious security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the\ncurrent directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins\nfiletype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code\ninjection CVE-2008-3076: several netrw bugs, code injection\nCVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=406693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=436755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=439148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=457098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=465255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=470100\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gvim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gvim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"gvim-7.2-7.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"vim-7.2-7.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"vim-base-7.2-7.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"vim-data-7.2-7.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"vim-enhanced-7.2-7.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:43", "bulletinFamily": "scanner", "description": "Updated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2018-11-27T00:00:00", "published": "2008-11-25T00:00:00", "id": "REDHAT-RHSA-2008-0617.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34954", "title": "RHEL 3 / 4 : vim (RHSA-2008:0617)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0617. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34954);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3432\", \"CVE-2008-4101\");\n script_xref(name:\"RHSA\", value:\"2008:0617\");\n\n script_name(english:\"RHEL 3 / 4 : vim (RHSA-2008:0617)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0617\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0617\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"vim-X11-6.3.046-0.30E.11\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"vim-common-6.3.046-0.30E.11\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"vim-enhanced-6.3.046-0.30E.11\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"vim-minimal-6.3.046-0.30E.11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-X11-6.3.046-1.el4_7.5z\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-common-6.3.046-1.el4_7.5z\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-enhanced-6.3.046-1.el4_7.5z\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-minimal-6.3.046-1.el4_7.5z\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim-X11 / vim-common / vim-enhanced / vim-minimal\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-08-08T11:24:58", "bulletinFamily": "NVD", "description": "autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating \"I'm assuming that they're using the same id and password on that unchanged hostname, deliberately.\"", "modified": "2017-08-07T21:32:49", "published": "2008-10-22T14:00:00", "id": "CVE-2008-4677", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4677", "title": "CVE-2008-4677", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-18T15:06:09", "bulletinFamily": "NVD", "description": "Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.", "modified": "2018-10-16T12:46:44", "published": "2007-07-31T06:17:00", "id": "CVE-2007-2953", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2953", "title": "CVE-2007-2953", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-08T11:24:45", "bulletinFamily": "NVD", "description": "Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via \"partial file list requests\" that trigger a NULL pointer dereference.", "modified": "2017-08-07T21:31:28", "published": "2008-07-01T18:41:00", "id": "CVE-2008-2953", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2953", "title": "CVE-2008-2953", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-12T11:33:47", "bulletinFamily": "NVD", "description": "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.", "modified": "2018-10-11T16:50:44", "published": "2008-09-18T13:59:32", "id": "CVE-2008-4101", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4101", "title": "CVE-2008-4101", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-02T11:43:33", "bulletinFamily": "NVD", "description": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.", "modified": "2018-11-01T11:07:15", "published": "2008-06-16T17:41:00", "id": "CVE-2008-2712", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2712", "title": "CVE-2008-2712", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-29T14:25:58", "bulletinFamily": "NVD", "description": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.", "modified": "2017-09-28T21:31:29", "published": "2009-02-21T17:30:00", "id": "CVE-2008-3074", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3074", "title": "CVE-2008-3074", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-29T14:25:58", "bulletinFamily": "NVD", "description": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.", "modified": "2017-09-28T21:31:29", "published": "2009-02-21T17:30:00", "id": "CVE-2008-3075", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3075", "title": "CVE-2008-3075", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-08T11:24:46", "bulletinFamily": "NVD", "description": "The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.", "modified": "2017-08-07T21:31:33", "published": "2009-02-21T17:30:00", "id": "CVE-2008-3076", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3076", "title": "CVE-2008-3076", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:24:38", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0580\n\n\nVim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015453.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015454.html\n\n**Affected packages:**\nvim\nvim-X11\nvim-common\nvim-enhanced\nvim-minimal\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0580.html", "modified": "2008-11-26T22:22:42", "published": "2008-11-26T22:22:41", "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/015453.html", "id": "CESA-2008:0580", "title": "vim security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:45:39", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0617\n\n\nVim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file name\npatterns with shell wildcards. An attacker could create a specially-crafted\nfile or directory name that, when opened by Vim, caused the application to\ncrash or, possibly, execute arbitrary code. (CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015438.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015439.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015440.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015441.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015442.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015449.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015457.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015458.html\n\n**Affected packages:**\nvim\nvim-X11\nvim-common\nvim-enhanced\nvim-minimal\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0617.html", "modified": "2008-11-26T22:58:49", "published": "2008-11-25T16:56:47", "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/015438.html", "id": "CESA-2008:0617", "title": "vim security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-25T01:00:57", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0618-01\n\n\nVim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015444.html\n\n**Affected packages:**\nvim-X11\nvim-common\nvim-enhanced\nvim-minimal\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2008-11-25T23:40:39", "published": "2008-11-25T23:40:39", "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/015444.html", "id": "CESA-2008:0618-01", "title": "vim security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:49:03", "bulletinFamily": "unix", "description": "[7.0.109-4.4z]\n- fix netrw\n[7.0.109-4.3z]\n- fixes CVE-2008-3074 (tar plugin)\n- fixes CVE-2008-3075 (zip plugin)\n- fixes CVE-2008-3076 (netrw plugin)\n- fixes CVE-2008-4101 (keyword and tag lookup)\n[7.0.109-4.2z]\n- fix some issues with netrw and remote file editing caused by\n the CVE-2008-2712 patch\n[7.0.109-4.1z]\n- more fixes for CVE-2008-2712\n[7.0.109-4.z]\n- fix release\n[7.0.109-3.1z]\n- rebuild for z stream\n[7.0.109-3.6]\n- re-enable debuginfo\n[7.0.109-3.5]\n- update netrw files for CVE-2008-2712\n[7.0.109-3.4]\n- add fixes for CVE-2007-2953 and CVE-2008-2712", "modified": "2008-11-25T00:00:00", "published": "2008-11-25T00:00:00", "id": "ELSA-2008-0580", "href": "http://linux.oracle.com/errata/ELSA-2008-0580.html", "title": "vim security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:38:27", "bulletinFamily": "unix", "description": "[6.3.046-1.el4_7.5z ]\n- remove duplicate vimtutor manpage\n[6.3.046-1.el4_7.4z ]\n- fix netrw\n[6.3.046-1.el4_7.3z ]\n- add fix for CVE-2008-4101\n[6.3.046-1.el4_6.2z]\n- don't add empty line when editing files with netrw\n[6.3.046-1.el4_6.1z]\n- fix erroneous quoting in CVE-2008-2712 patch\n[6.3.046-1.el4_6.z]\n- add fix for CVE-2007-2953\n- add fixes for CVE-2008-2712\n- add fix for incorrect computation of memory requirements for buffer", "modified": "2008-11-25T00:00:00", "published": "2008-11-25T00:00:00", "id": "ELSA-2008-0617", "href": "http://linux.oracle.com/errata/ELSA-2008-0617.html", "title": "vim security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:08", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1733 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nMarch 03, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : vim\nVulnerability : several vulnerabilities\nProblem type : local (remote)\nDebian-specific: no\nCVE Ids : CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-3076\n CVE-2008-4104\nDebian Bugs : 486502 506919\n\nSeveral vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2008-2712\n\n Jan Minar discovered that vim did not properly sanitise inputs\n before invoking the execute or system functions inside vim\n scripts. This could lead to the execution of arbitrary code.\n\nCVE-2008-3074\n\n Jan Minar discovered that the tar plugin of vim did not properly\n sanitise the filenames in the tar archive or the name of the\n archive file itself, making it prone to arbitrary code execution.\n\nCVE-2008-3075\n\n Jan Minar discovered that the zip plugin of vim did not properly\n sanitise the filenames in the zip archive or the name of the\n archive file itself, making it prone to arbitrary code execution.\n\nCVE-2008-3076\n\n Jan Minar discovered that the netrw plugin of vim did not properly\n sanitise the filenames or directory names it is given. This could\n lead to the execution of arbitrary code.\n\nCVE-2008-4101\n\n Ben Schmidt discovered that vim did not properly escape characters\n when performing keyword or tag lookups. This could lead to the\n execution of arbitrary code.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1:7.1.314-3+lenny1, which was already included in the lenny\nrelease.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 1:7.0-122+1etch4.\n\nFor the testing distribution (squeeze), these problems have been fixed\nin version 1:7.1.314-3+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:7.2.010-1.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0.orig.tar.gz\n Size/MD5 checksum: 8457888 9ba05680b0719462f653e82720599f32\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.diff.gz\n Size/MD5 checksum: 309257 3fb68c04086cf384e9a0be519a0faa6d\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.dsc\n Size/MD5 checksum: 1445 f49da047b6b5836abfe2d7d93d30d11d\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/v/vim/vim-gui-common_7.0-122+1etch5_all.deb\n Size/MD5 checksum: 166080 77259d158e96c1406dba1f1b4b47a2d2\n http://security.debian.org/pool/updates/main/v/vim/vim-runtime_7.0-122+1etch5_all.deb\n Size/MD5 checksum: 6436142 3e7fee588474fbc9ad1110ae78cdffb5\n http://security.debian.org/pool/updates/main/v/vim/vim-doc_7.0-122+1etch5_all.deb\n Size/MD5 checksum: 2048224 d5005e3efc24d3d7bd3d6a9c7b01cc42\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1072856 8193230db603c1254188fc2013288c55\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1158448 6ceb30fd5932d2945b962dee13d4f4cf\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 925404 23d8b9608aaf47fe3a651aedd3b3c3ce\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 205362 0c7fb486c98a609ac9185c2a794c4ef8\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1065236 90a42e55852d6450cbd79b10a2dd9582\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1080626 973d5e77cf259e3025fb73d9e5734e51\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1124104 59ef34ed09e3f8e1d2d01c7a419dd15f\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 681132 4dd97b0d70f400ce31e75a7c005103fc\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1069628 9a8757df139e529a7f04edaa015c0db4\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1118000 5553bc93d68daa7010bd2b439603a805\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1129778 7c68287a63f92c85bbe7c451e0cd79db\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 970296 adb9326145046a8517f29430d9185356\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 1024798 474fc78e7e8d1baefbfbbb3b803c4593\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 615478 70ac9e55bb99b0e1b5d22f105e099ce0\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 1019868 97ecb9505f3497309aeff9c821da7451\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 1029122 0b446946ede11c6bd0acca6c701f7043\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 961786 6d0d2f78b0111b1b996fabec5b697230\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 835050 3cfcc7270baad54009293a3aacb1587a\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 972692 71f4f5e25b0962058740ba4d718b7ee0\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 203924 5c46591877f80de331011eb2fc8922e2\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 1055448 750e596ed6bf61bd0c369834577d0760\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 977848 70898b3a8793165593e2279df412847d\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 880468 e49632c4a2368c7caf5321e1d501f5d2\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 959492 8f06863583aa9d8de9e0bae69bdb22ec\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 194216 9f1a19f592d16ee5984e70309fd3046e\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 936934 a32d6e6c4c655469db40537d5e67ed46\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 925570 7ec6e1bd4de8d545fdd452b630ef4200\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 875960 d40a82f95a046771e12158c715394b44\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 548658 b65534d4f507d17343338b209fb4a7ef\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 930386 db9786b5c368e0f7d0c85137720ac265\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 885960 f0a44d7da770bc2c28dd18ac48fcc5f0\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 878132 8afa2754690619255e62c685ecbd7384\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 756278 7d66f29205b21154a9ef1a4cd544b2f1\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 918284 2dbb674af6d8fb2906bd7ed6fec1dd95\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 215990 07fc4b6106d1316c92338aa5c5645a2f\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 540652 9c15ac5b85c605011d1b0ab4b13b0269\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 947842 cd7147610def6f6aebfc8ddd14a1f7ed\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 914094 0273374e2bba8706ac12ee449c1835e3\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 866124 00dd2547963789615b71b0f0fb291eb9\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 868326 3f04461e4f0414368fe60e0f4085d28c\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 873570 dae9ebb6f4e2cd0c3d82e5e547dd1957\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 860292 467ce64f0171f10ac4149e5716f651da\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 745560 ade89928c860c4990ec6e202a294f0c8\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 924858 1942cedccbe124303b4ad0f7c650f0c6\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1591938 aaa5a72cfdacb3c3d2574390902bcfa2\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1523258 08f9a82ec68f452e1701f11b9c20d0e3\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1530006 9b77cd0ec49c8519d0c1af0914092260\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1538210 3dbde934956291182e5bf61157a80b44\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1575130 e328ca048ee883dba500128a2a06fc88\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1525510 e3736c90e105fa354c691546bec3922b\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1325622 693a3412efd63e8ac0d975b4fcae3ac5\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1627904 90ca86e74caf9c0367c20b32eb9d42b3\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 970874 2dccfb8e2287cd9e6285545e43dac87a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1585804 06a43c2668bf468ffe521880cc497518\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 184650 516d8eddce4e6628e8b6ee32f55ce2aa\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1061694 a2e9b2bc8f31cf878805dbc1babd4074\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1027336 d86f7c3fab9143c1c93d82b3762f8c0d\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 215734 c23239c8579e53a4277325a048567e75\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1021942 d75231c3c7950785df8f52680e28c956\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1029478 e74670d4918287fb3d05436419b7f5a9\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1037498 ac41c65a077d84f0f5405356d0b52ef1\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 654740 994339f109e5db97079633b5249bd8d2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1034390 2c4337c763ea13a11e13b711c25313b5\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1033336 eb70a508dd3a9f30f31a87c4a2266959\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1024984 8d99fbb2712f791c3a0989929cf3f0a4\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 884306 7aeb2418d5366493e09306cb0dff0080\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 884962 b58372db99660ff0e4f547b3c66335e2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1034202 0622c0fac8ee51c7dd403a2d3a709f1f\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1024616 fa6a91224476aadab8e9086031c93843\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 655488 9ecdf0e56665da0aff429e23e9c0cb85\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1061362 accba14e8f0043ef3a0b9be85ae481cd\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 181736 5ba79db87623562481162cbac53ec2b6\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1037954 28979a474d512ec1abfb33a598b524c7\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1026874 5c10e35e281ec28eecc36b8fa80ef0d7\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1032800 75be0356398f5a88e836eafccdf11154\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1029056 0a13b0913667d03e2d3875611498c54c\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1022658 18d03119dc62eaca237a2513cba2c0ca\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 996154 f3c3d5660dd3e5e7fdb325a1f9ee80f3\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 1019842 f626233054124e014d335722e6b7b1f5\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 592366 e4bd0cbf615c36476bff4979d0987393\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 936024 be64d238a9cbf4d938999472026fde89\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 808854 7dfff56d11567d2dabafa290618b5e18\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 990262 6114d3fcd53521a8c2cd317d586b6fcd\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 933488 503e433ae6fd737f2b3ae48698e8e671\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 985094 28babdde5091f90ae7b64f6e33c6c50f\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 943596 3beb1be6cde901814742b33ee4973142\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 181648 b71e88d76eacbfa861c24c6c21881f66\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 938174 3a729f2922d8e84b222947a18bc6ace3\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1023236 1ee38cca410e5bd069a72a325fd8147e\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1019258 e1f6cae1e293d3cb212ff17dd7beb264\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1049408 4b1f42bb092f9dd62d7324e430a1a88e\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 825560 2b8b69171c45094c184e357b1a6a7336\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 955228 ceea2d07ea609414724aeedae57a3a0a\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 965878 824e5bfdcc9a8ed7ee54e4553c9461f8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 971822 194d010d7aea2f2c47075b6f205de0c1\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 963294 a7636d870a3bc1de7fc8248d35c74cf3\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 610092 6762beafb4e7376087c4f8962d1521f6\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 181488 00d25451b3c22213bf5eb807a6d4a75f\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1013748 598ccccd6f90df0ca7bedd5ec1d136c7\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 881430 2688537934012af957695fea329b48a1\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 545376 1ea2967048cd369cc870441f5caeb1b1\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 867886 f663757c3929af6b241a91efa07a626a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 928250 9c0199efd36a47c6d05861af5e04ff02\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 874108 4d351161d497905352ac6ef1dcabfc9e\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 934390 2151ef35c9424c90850c579f90effce4\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 874100 c05ccf6f4ffb15037cfd794647848617\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 204512 1e3590447f3f0804e9fe27ea61959b31\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 876370 1782507a950cbb17519d768f5655278a\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 751910 582313f03a36980fab96074ee218c0eb\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 952632 31875cb1a0037cf8923e7eda269ead80\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\nze/MD5 checksum: 970874 2dccfb8e2287cd9e6285545e43dac87a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1585804 06a43c2668bf468ffe521880cc497518\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 184650 516d8eddce4e6628e8b6ee32f55ce2aa\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1061694 a2e9b2bc8f31cf878805dbc1babd4074\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1027336 d86f7c3fab9143c1c93d82b3762f8c0d\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 215734 c23239c8579e53a4277325a048567e75\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1021942 d75231c3c7950785df8f52680e28c956\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1029478 e74670d4918287fb3d05436419b7f5a9\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1037498 ac41c65a077d84f0f5405356d0b52ef1\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 654740 994339f109e5db97079633b5249bd8d2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1034390 2c4337c763ea13a11e13b711c25313b5\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1033336 eb70a508dd3a9f30f31a87c4a2266959\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1024984 8d99fbb2712f791c3a0989929cf3f0a4\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 884306 7aeb2418d5366493e09306cb0dff0080\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 884962 b58372db99660ff0e4f547b3c66335e2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1034202 0622c0fac8ee51c7dd403a2d3a709f1f\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1024616 fa6a91224476aadab8e9086031c93843\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 655488 9ecdf0e56665da0aff429e23e9c0cb85\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1061362 accba14e8f0043ef3a0b9be85ae481cd\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 181736 5ba79db87623562481162cbac53ec2b6\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1037954 28979a474d512ec1abfb33a598b524c7\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1026874 5c10e35e281ec28eecc36b8fa80ef0d7\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1032800 75be0356398f5a88e836eafccdf11154\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1029056 0a13b0913667d03e2d3875611498c54c\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1022658 18d03119dc62eaca237a2513cba2c0ca\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 996154 f3c3d5660dd3e5e7fdb325a1f9ee80f3\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 1019842 f626233054124e014d335722e6b7b1f5\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 592366 e4bd0cbf615c36476bff4979d0987393\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 936024 be64d238a9cbf4d938999472026fde89\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 808854 7dfff56d11567d2dabafa290618b5e18\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 990262 6114d3fcd53521a8c2cd317d586b6fcd\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 933488 503e433ae6fd737f2b3ae48698e8e671\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 985094 28babdde5091f90ae7b64f6e33c6c50f\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 943596 3beb1be6cde901814742b33ee4973142\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 181648 b71e88d76eacbfa861c24c6c21881f66\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 938174 3a729f2922d8e84b222947a18bc6ace3\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1023236 1ee38cca410e5bd069a72a325fd8147e\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1019258 e1f6cae1e293d3cb212ff17dd7beb264\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1049408 4b1f42bb092f9dd62d7324e430a1a88e\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 825560 2b8b69171c45094c184e357b1a6a7336\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 955228 ceea2d07ea609414724aeedae57a3a0a\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 965878 824e5bfdcc9a8ed7ee54e4553c9461f8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 971822 194d010d7aea2f2c47075b6f205de0c1\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 963294 a7636d870a3bc1de7fc8248d35c74cf3\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 610092 6762beafb4e7376087c4f8962d1521f6\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 181488 00d25451b3c22213bf5eb807a6d4a75f\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1013748 598ccccd6f90df0ca7bedd5ec1d136c7\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 881430 2688537934012af957695fea329b48a1\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 545376 1ea2967048cd369cc870441f5caeb1b1\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 867886 f663757c3929af6b241a91efa07a626a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 928250 9c0199efd36a47c6d05861af5e04ff02\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 874108 4d351161d497905352ac6ef1dcabfc9e\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 934390 2151ef35c9424c90850c579f90effce4\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 874100 c05ccf6f4ffb15037cfd794647848617\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 204512 1e3590447f3f0804e9fe27ea61959b31\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 876370 1782507a950cbb17519d768f5655278a\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 751910 582313f03a36980fab96074ee218c0eb\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 952632 31875cb1a0037cf8923e7eda269ead80\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-03-03T08:35:17", "published": "2009-03-03T08:35:17", "id": "DEBIAN:DSA-1733-1:0AD7D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00043.html", "title": "[SECURITY] [DSA 1733-1] New vim packages fix multiple vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:49", "bulletinFamily": "unix", "description": "Norbert Tretkowski uploaded new packages for vim which fixed the\nfollowing security problems:\n\nCVE-2008-4101, Debian Bug #500381\n\n Vim 3.0 through 7.x before 7.2.010 does not properly escape\n characters, which allows user-assisted attackers to (1) execute\n arbitrary shell commands by entering a K keystroke on a line that\n contains a ";" (semicolon) followed by a command, or execute arbitrary\n Ex commands by entering an argument after a (2) "Ctrl-]" (control\n close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke\n sequence, a different issue than CVE-2008-2712.\n\nFor the etch-backports distribution the problems have been fixed in\nversion 1:7.1.314-3+lenny2~bpo40+2.\n\nFor the lenny distribution the problems have been fixed in version\n1:7.1.314-3+lenny2.\n\nFor the sid distribution the problems have been fixed in version\n2:7.2.049-1.\n\nUpgrade instructions\n--------------------\n\nIf you don't use pinning (see [1]) you have to update the packages\nmanually via "apt-get -t etch-backports install <packagelist>" with the\npackagelist of your installed packages affected by this update.\n[1] <http://backports.org/dokuwiki/doku.php?id=instructions>\n\nWe recommend to pin the backports repository to 200 so that new versions\nof installed backports will be installed automatically:\n\n Package: *\n Pin: release a=etch-backports\n Pin-Priority: 200\n", "modified": "2008-11-29T10:05:18", "published": "2008-11-29T10:05:18", "id": "DEBIAN:39911521BDD8B510D11191B007C5C80B:928A4", "href": "https://lists.debian.org/debian-backports-announce/2008/debian-backports-announce-200811/msg00004.html", "title": "[Backports-security-announce] Security Update for vim", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:13:13", "bulletinFamily": "unix", "description": "Gerfried Fuchs uploaded new packages for linuxdcpp which fixed the\nfollowing security problems:\n\nCVE-2008-2953, Debian Bug #488630\n\n Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a\n denial of service (crash) via "partial file list requests" that\n trigger a NULL pointer dereference.\n\nCVE-2008-2954, Debian Bug #488630\n\n cient/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remote\n attackers to cause a denial of service (crash) via an empty private\n message, which triggers an out-of-bounds read.\n\nFor the etch-backports distribution the problems have been fixed in\nversion 1.0.2-1~bpo40+1.\n\nFor the lenny and sid distributions the problems have been fixed in\nversion 1.0.1-2.\n\n\nUpgrade instructions\n--------------------\n\nIf you don't use pinning (see [1]) you have to update the packages\nmanually via "apt-get -t etch-backports install <packagelist>" with the\npackagelist of your installed packages affected by this update.\n[1] <http://backports.org/dokuwiki/doku.php?id=instructions>\n\nWe recommend to pin the backports repository to 200 so that new versions\nof installed backports will be installed automatically:\n\n Package: *\n Pin: release a=etch-backports\n Pin-Priority: 200\n", "modified": "2008-12-10T15:48:51", "published": "2008-12-10T15:48:51", "id": "DEBIAN:7DBFBCCFD01EC128560FB4F6AEF03400:D92FC", "href": "https://lists.debian.org/debian-backports-announce/2008/debian-backports-announce-200812/msg00005.html", "title": "[Backports-security-announce] Security Update for linuxdcpp", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:40", "bulletinFamily": "unix", "description": "a. Updated OpenSSL package for the Service Console fixes a security issue. \nOpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue. \nThe following table lists what action remediates the vulnerability (column 4) if a solution is available. \n\n", "modified": "2010-01-06T00:00:00", "published": "2009-03-31T00:00:00", "id": "VMSA-2009-0004", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0004.html", "title": "ESX Service Console updates for openssl, bind, and vim", "type": "vmware", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:09", "bulletinFamily": "unix", "description": "Jan Minar discovered that Vim did not properly sanitize inputs before invoking the execute or system functions inside Vim scripts. If a user were tricked into running Vim scripts with a specially crafted input, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2712)\n\nBen Schmidt discovered that Vim did not properly escape characters when performing keyword or tag lookups. If a user were tricked into running specially crafted commands, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4101)", "modified": "2009-01-27T00:00:00", "published": "2009-01-27T00:00:00", "id": "USN-712-1", "href": "https://usn.ubuntu.com/712-1/", "title": "Vim vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:24", "bulletinFamily": "unix", "description": "Ulf Harnhammar discovered that vim does not properly sanitise the \u201chelptags_one()\u201d function when running the \u201chelptags\u201d command. By tricking a user into running a crafted help file, a remote attacker could execute arbitrary code with the user\u2019s privileges.", "modified": "2007-08-28T00:00:00", "published": "2007-08-28T00:00:00", "id": "USN-505-1", "href": "https://usn.ubuntu.com/505-1/", "title": "vim vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.vim.org/\n[Secunia Advisory ID:25941](https://secuniaresearch.flexerasoftware.com/advisories/25941/)\n[Secunia Advisory ID:26594](https://secuniaresearch.flexerasoftware.com/advisories/26594/)\n[Secunia Advisory ID:26674](https://secuniaresearch.flexerasoftware.com/advisories/26674/)\n[Secunia Advisory ID:26522](https://secuniaresearch.flexerasoftware.com/advisories/26522/)\n[Secunia Advisory ID:26653](https://secuniaresearch.flexerasoftware.com/advisories/26653/)\n[Secunia Advisory ID:26285](https://secuniaresearch.flexerasoftware.com/advisories/26285/)\n[Secunia Advisory ID:26822](https://secuniaresearch.flexerasoftware.com/advisories/26822/)\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-July/000219.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:168\nOther Advisory URL: http://www.ubuntu.com/usn/usn-505-1\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1364\nOther Advisory URL: http://www.trustix.org/errata/2007/0026/\nOther Advisory URL: http://secunia.com/secunia_research/2007-66/advisory/\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00007.html\nISS X-Force ID: 35655\nFrSIRT Advisory: ADV-2007-2687\n[CVE-2007-2953](https://vulners.com/cve/CVE-2007-2953)\nBugtraq ID: 25095\n", "modified": "2007-07-27T17:06:32", "published": "2007-07-27T17:06:32", "href": "https://vulners.com/osvdb/OSVDB:38674", "id": "OSVDB:38674", "title": "Vim src/ex_cmds.c helptags_one Function help-tags Command Format String", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T21:59:59", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 25095\r\nCVE(CAN) ID: CVE-2007-2953\r\n\r\nVIM\u662f\u4e00\u6b3e\u514d\u8d39\u5f00\u653e\u6e90\u4ee3\u7801\u6587\u672c\u7f16\u8f91\u5668\uff0c\u53ef\u4f7f\u7528\u5728Unix/Linux\u64cd\u4f5c\u7cfb\u7edf\u4e0b\u3002\r\n\r\nVIM\u7684src/ex_cmds.c\u6587\u4ef6\u4e2d\u7684helptags_one()\u51fd\u6570\u5b58\u5728\u683c\u5f0f\u4e32\u5904\u7406\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63d0\u5347\u81ea\u5df1\u7684\u6743\u9650\u3002\r\n\r\n\u5982\u679c\u653b\u51fb\u8005\u53d7\u9a97\u5bf9\u6076\u610f\u6570\u636e\u8fd0\u884c\u4e86helptags\u547d\u4ee4\u7684\u8bdd\uff0c\u653b\u51fb\u8005\u5c31\u53ef\u4ee5\u901a\u8fc7\u7279\u5236\u7684\u5e2e\u52a9\u6587\u4ef6\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\n\nVIM Development Group VIM 7.1\r\nVIM Development Group VIM 6.4\r\n\n \u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039\" target=\"_blank\">ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039</a>", "modified": "2007-08-01T00:00:00", "published": "2007-08-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2059", "id": "SSV:2059", "title": "Vim HelpTags\u547d\u4ee4\u8fdc\u7a0b\u683c\u5f0f\u4e32\u5904\u7406\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T21:20:55", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 32462,32463\r\nCVE(CAN) ID: CVE-2008-3074,CVE-2008-3074\r\n\r\nVIM\u662f\u4e00\u6b3e\u514d\u8d39\u5f00\u653e\u6e90\u4ee3\u7801\u6587\u672c\u7f16\u8f91\u5668\uff0c\u53ef\u4f7f\u7528\u5728Unix/Linux\u64cd\u4f5c\u7cfb\u7edf\u4e0b\u3002\r\n\r\nVIM\u7684tar.vim\u548czip.vim\u63d2\u4ef6\u4e2dshellescape()\u51fd\u6570\u6ca1\u6709\u6b63\u786e\u5730\u8f6c\u4e49\u6240\u6709\u9879\uff08\u201c!\u201d\u5b57\u7b26\uff09\u3002\u5982\u679c\u7528\u6237\u4f7f\u7528tar.vim\u63d2\u4ef6\u6253\u5f00\u4e86TAR\u6587\u6863\u7684\u8bdd\uff0c\u5c31\u4f1a\u5bfc\u81f4\u4ee5\u8fd0\u884cVim\u7528\u6237\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\n\nVIM Development Group VIM 7.1\r\nVIM Development Group VIM 7.0\n RedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:0580-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:0580-01\uff1aModerate: vim security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-0580.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0580.html</a>", "modified": "2008-11-28T00:00:00", "published": "2008-11-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4501", "id": "SSV:4501", "title": "Vim\u591a\u4e2a\u63d2\u4ef6\u5b57\u7b26\u8f6c\u4e49\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "freebsd": [{"lastseen": "2018-08-31T01:15:40", "bulletinFamily": "unix", "description": "\nA Secunia Advisory reports:\n\nA format string error in the \"helptags_one()\" function in\n\t src/ex_cmds.c when running the \"helptags\" command can be exploited\n\t to execute arbitrary code via specially crafted help files.\n\n", "modified": "2007-07-27T00:00:00", "published": "2007-07-27T00:00:00", "id": "1ED03222-3C65-11DC-B3D3-0016179B2DD5", "href": "https://vuxml.freebsd.org/freebsd/1ed03222-3c65-11dc-b3d3-0016179b2dd5.html", "title": "vim -- Command Format String Vulnerability", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:15:34", "bulletinFamily": "unix", "description": "\nRdancer.org reports:\n\nImproper quoting in some parts of Vim written in the Vim Script\n\t can lead to arbitrary code execution upon opening a crafted\n\t file.\n\n", "modified": "2008-06-16T00:00:00", "published": "2008-06-16T00:00:00", "id": "30866E6C-3C6D-11DD-98C9-00163E000016", "href": "https://vuxml.freebsd.org/freebsd/30866e6c-3c6d-11dd-98c9-00163e000016.html", "title": "vim -- Vim Shell Command Injection Vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:15:29", "bulletinFamily": "unix", "description": "\nJan Minar reports:\n\nApplying the ``D'' to a file with a crafted file name,\n\t or inside a directory with a crafted directory name, can\n\t lead to arbitrary code execution.\n\n\nLack of sanitization throughout Netrw can lead to arbitrary\n\t code execution upon opening a directory with a crafted\n\t name.\n\n\nThe Vim Netrw Plugin shares the FTP user name and password\n\t across all FTP sessions. Every time Vim makes a new FTP\n\t connection, it sends the user name and password of the\n\t previous FTP session to the FTP server.\n\n", "modified": "2008-10-16T00:00:00", "published": "2008-10-16T00:00:00", "id": "0E1E3789-D87F-11DD-8ECD-00163E000016", "href": "https://vuxml.freebsd.org/freebsd/0e1e3789-d87f-11dd-8ecd-00163e000016.html", "title": "vim -- multiple vulnerabilities in the netrw module", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T16:38:15", "bulletinFamily": "exploit", "description": "Vim 7.1.314 Insufficient Shell Escaping Multiple Command Execution Vulnerabilities. CVE-2008-4101 . Remote exploit for linux platform", "modified": "2008-08-19T00:00:00", "published": "2008-08-19T00:00:00", "id": "EDB-ID:32289", "href": "https://www.exploit-db.com/exploits/32289/", "type": "exploitdb", "title": "Vim <= 7.1.314 - Insufficient Shell Escaping Multiple Command Execution Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/30795/info\r\n\r\nVim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.\r\n\r\nSuccessfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.\r\n\r\nVersions prior to Vim 7.2.010 are vulnerable. \r\n\r\nCopy-and-paste these examples into separate files:\r\n\r\n;xclock\r\nvim: set iskeyword=;,@\r\n\r\nPlace your cursor on ``xclock'', and press K. xclock appears.\r\n\r\n;date>>pwned\r\nvim: set iskeyword=1-255\r\n\r\nPlace your cursor on ``date'' and press K. File ``pwned'' is created in\r\nthe current working directory.\r\n\r\nPlease note: If modeline processing is disabled, set the 'iskeyword'\r\noption manually. ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/32289/"}, {"lastseen": "2016-02-03T15:46:08", "bulletinFamily": "exploit", "description": "Vim 7.x Vim Script Multiple Command Execution Vulnerabilities. CVE-2008-2712. Local exploit for linux platform", "modified": "2008-06-14T00:00:00", "published": "2008-06-14T00:00:00", "id": "EDB-ID:31911", "href": "https://www.exploit-db.com/exploits/31911/", "type": "exploitdb", "title": "Vim 7.x - Vim Script Multiple Command Execution Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/29715/info\r\n\r\nVim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.\r\n\r\nSuccessfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.\r\n\r\nVim 7.1.298 is vulnerable; other versions may also be affected.\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31911-1.zip\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31911-2.zip\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31911-3.zip\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/31911/"}, {"lastseen": "2016-02-03T15:58:46", "bulletinFamily": "exploit", "description": "Netrw 125 Vim Script Multiple Command Execution Vulnerabilities. CVE-2008-3076. Remote exploit for linux platform", "modified": "2008-07-07T00:00:00", "published": "2008-07-07T00:00:00", "id": "EDB-ID:32012", "href": "https://www.exploit-db.com/exploits/32012/", "type": "exploitdb", "title": "Netrw 125 Vim Script Multiple Command Execution Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/30115/info\r\n\r\nNetrw is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.\r\n\r\nSuccessfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.\r\n\r\nNetrw 125 is vulnerable; other versions may also be affected.\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/32012.tar.bz2", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/32012/"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:27", "bulletinFamily": "software", "description": "1. SUMMARY\r\n\r\nProduct : Vim -- Vi IMproved\r\nVersion : Tested with Vim 7.2b.10, filetype.vim 2008-07-17\r\nImpact : Arbitrary code execution\r\nWherefrom: Local and remote\r\nCVE : CVE-2008-2712\r\nOriginal : http://www.rdancer.org/vulnerablevim-filetype.vim.updated.html\r\n http://www.rdancer.org/vulnerablevim-filetype.vim.updated.patch\r\n http://www.rdancer.org/vulnerablevim-latest.tar.bz2\r\n\r\nThis is an update of a previous advisory[1]. Vim patch 7.1.300 which\r\npurported to fix the ``filetype.vim'' vulnerability did not fix the\r\nvulnerability.\r\n\r\n\r\n2. BACKGROUND\r\n\r\n ``Vim is an almost compatible version of the UNIX editor Vi. Many new\r\n features have been added: multi-level undo, syntax highlighting,\r\n command line history, on-line help, spell checking, filename\r\n completion, block operations, etc.''\r\n\r\n -- Vim README.txt\r\n\r\n ``Problem: Value of asmsyntax argument isn't checked for valid\r\n characters.\r\n Solution: Only accepts letters and digits.''\r\n\r\n -- Vim Patch 7.1.300[2]\r\n\r\n3. VULNERABILITY\r\n\r\nThis is the ``filetype.vim'' vulnerability, described in the sections\r\n3.4.2.1. and 3.4.2.2. of the original advisory[1]. It can lead to\r\narbitrary code execution upon Vim opening a crafted file. The file can\r\nbe either local or remote, and the filename must match one of the\r\nfollowing glob patterns:\r\n\r\n *.asm\r\n *.s\r\n *.S\r\n *.a\r\n *.A\r\n *.mac\r\n *.lst (with the exception of /boot/grub/menu.lst)\r\n *.i\r\n\r\n\r\n4. PURPORTED FIX\r\n\r\nQuoting the original advisory[1]:\r\n\r\n ``[A]bsent sanitization on line 190, followed by the execute\r\n statements at filetype.vim lines 181 or 1267:\r\n\r\n ``The code looks in the first five lines [of the file being opened]\r\n for a statement of the form ``asmsyntax=FOO'', where FOO can contain\r\n any characters except Tab and Space. FOO is then executed, without\r\n any sanitization.''\r\n\r\n 187 let head = " ".getline(1)." ".getline(2)." ".getline(3)."\r\n".getline(4).\r\n 188 \" ".getline(5)." "\r\n 189 if head =~ '\sasmsyntax=\S\+\s'\r\n *190 let b:asmsyntax = substitute(head,\r\n'.*\sasmsyntax=\(\S\+\)\s.*','\1', "")\r\n [... logical flow of the code then jumps to line 181 ...]\r\n *181 exe "setf " . b:asmsyntax\r\n [... or line 1267 ...]\r\n *1267 exe "setf " . b:asmsyntax\r\n\r\nPatch 7.1.300 changed the regular expression in the substitute() call on\r\nline 190:\r\n\r\n let b:asmsyntax = substitute(head,\r\n'.*\sasmsyntax=\([a-zA-Z0-9]\+\)\s.*','\1', "")\r\n\r\nThis would work if substitute() were a matching function -- returning a\r\nmatching string, or an empty string if the pattern failed to match. But\r\nsubstitute() always returns its first argument -- substituting the\r\nmatching string (if any). If the pattern fails to match, substitute()\r\nreturns its first argument as-is:\r\n\r\n | pattern matches | no match\r\n ------------------+-----------------+--------------------\r\n substitute() | alter match | return as-is\r\n ------------------+-----------------+--------------------\r\n matching function | return match | return empty string\r\n\r\nThe previous line of code (line 189) remains unchanged, leaving two\r\ndifferent regular expressions. It is easy to create a payload matching\r\nthe first regular expression, but not the second one. As a matter of\r\nfact, the payload in the test suite[3] that accompanied the original\r\nadvisory did just that.\r\n\r\nIt may be also worth noting that the failure to sanitize the input may\r\nnot have been fatal if the ``execute'' statements on lines 181 and 1276\r\nwere updated to use the fnameescape() function to sanitize the\r\narguments.\r\n\r\n\r\n5. EXPLOIT\r\n\r\nThe exploit needed a small update in order to work with the current Vim.\r\nIt produces error messages, and the exploit text is not hidden. Making\r\nthe exploit fully compatible would be just a matter of spending some\r\nmore time. The updated exploit is called ``filetype.vim.updated'':\r\n\r\n -------------------------------------------\r\n -------- Test results below ---------------\r\n -------------------------------------------\r\n Vim version 7.2b, included patches: 1-10\r\n filetype.vim revision date: 2008 Jul 17\r\n zip.vim version: v21\r\n netrw.vim version: v127\r\n -------------------------------------------\r\n filetype.vim\r\n strong : EXPLOIT FAILED\r\n weak : EXPLOIT FAILED\r\n filetype.vim.updated\r\n--> strong : VULNERABLE\r\n--> weak : VULNERABLE\r\n tarplugin : EXPLOIT FAILED\r\n tarplugin.updated: EXPLOIT FAILED\r\n tarplugin.v2: EXPLOIT FAILED\r\n zipplugin : EXPLOIT FAILED\r\n zipplugin.v2: EXPLOIT FAILED\r\n xpm.vim\r\n xpm : EXPLOIT FAILED\r\n xpm2 : EXPLOIT FAILED\r\n remote : EXPLOIT FAILED\r\n gzip_vim : EXPLOIT FAILED\r\n netrw : EXPLOIT FAILED\r\n netrw.v2 : EXPLOIT FAILED\r\n netrw.v3 : EXPLOIT FAILED\r\n netrw.v4 : EXPLOIT FAILED\r\n netrw.v5 : VULNERABLE\r\n shellescape: EXPLOIT FAILED\r\n\r\n\r\n6. PATCH\r\n\r\nA copy of a patch that fixes this vulnerability can be found at the URL\r\nbelow[4].\r\n\r\n\r\n7. REFERENCES\r\n\r\n[1] Collection of Vulnerabilities in Fully Patched Vim 7.1\r\n http://www.rdancer.org/vulnerablevim.html\r\n[2] Patch 7.1.300\r\n http://groups.google.com/group/vim_dev/msg/5a882ab234f02377\r\n http://ftp.vim.org/pub/vim/patches/7.1/7.1.300\r\n[3] The Vulnerable Vim Test Suite\r\n http://www.rdancer.org/vulnerablevim-latest.tar.bz2\r\n[4] Proposed patch\r\n http://www.rdancer.org/vulnerablevim-filetype.vim.updated.patch\r\n\r\n\r\n8. COPYRIGHT\r\n\r\nThis advisory is Copyright 2008 Jan Minar <rdancer@rdancer.org>\r\n\r\nCopying welcome, under the Creative Commons ``Attribution-Share Alike''\r\nLicense http://creativecommons.org/licenses/by-sa/2.0/uk/\r\n\r\nCode included herein, and accompanying this advisory, may be copied\r\naccording to the GNU General Public License version 2, or the Vim\r\nlicense. See the subdirectory ``licenses''.\r\n\r\nVarious portions of the accompanying code were written by various\r\nparties. Those parties may hold copyright, and those portions may be\r\ncopied according to their respective licenses.\r\n\r\n\r\n9. HISTORY\r\n\r\n2008-07-23 Sent to: <bugs@vim.org>, <vim-dev@vim.org>,\r\n <full-disclosure@lists.grok.org.uk>, <bugtraq@securityfocus.com>", "modified": "2008-07-24T00:00:00", "published": "2008-07-24T00:00:00", "id": "SECURITYVULNS:DOC:20220", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20220", "title": "Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:30", "bulletinFamily": "software", "description": "Code execution on file open.", "modified": "2008-08-25T00:00:00", "published": "2008-08-25T00:00:00", "id": "SECURITYVULNS:VULN:9086", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9086", "title": "vim multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:27", "bulletinFamily": "software", "description": "Vim: Unfixed Vulnerabilities in Tar Plugin Version 20\r\n\r\n1. SUMMARY\r\n\r\nProduct : Vim -- Vi IMproved\r\nVersion : Vim >= 7.0 (possibly older), present in 7.2c.002\r\n autoload/tar.vim >= 9 (possibly older), present in version 20\r\nImpact : Arbitrary code execution\r\nWherefrom: Local, remote\r\nCVE : CVE-2008-2712\r\nOriginal : http://www.rdancer.org/vulnerablevim-tarplugin-update.html\r\n\r\nThe Vim Tar Plugin vulnerabilities published in our previous advisories\r\nhave been addressed, but the changes do not provide fix for all attack\r\nvectors. We analyses some of the vulnerabilities remaining in\r\n``$VIMRUNTIME/autoload/tar.vim''.\r\n\r\n\r\n2. BACKGROUND\r\n\r\n ``Vim is an almost compatible version of the UNIX editor Vi. Many new\r\n features have been added: multi-level undo, syntax highlighting,\r\n command line history, on-line help, spell checking, filename\r\n completion, block operations, etc.''\r\n\r\n -- Vim README.txt\r\n\r\n ``When one edits a *.tar file, this plugin will handle displaying a\r\n contents page. Select a file to edit by moving the cursor atop\r\n the desired file, then hit the <return> key. After editing, one may\r\n also write to the file.''\r\n\r\n -- Tar File Interface (pi_tar.txt)\r\n\r\n\r\n3. ATTEMPTED FIX\r\n\r\nThese are all the ``execute'' and system() calls in the current code\r\n(autoload/tar.vim version 20, 2008-07-30) code. It can be seen that all\r\nthe vulnerable statements have been changed. Unfortunately, not all the\r\nchanges provide a sufficient fix. (We analyse the vulnerabilities in\r\nsection 4 below):\r\n\r\n 133\t let tarfile=substitute(system("cygpath -u\r\n".s:Escape(tarfile,0)),'\n$','','e')\r\n 138\t exe "silent r! gzip -d -c -- ".s:Escape(tarfile,1)." |\r\n".g:tar_cmd." -".g:tar_browseoptions." - "\r\n 141\t exe "silent r! cat -- ".s:Escape(tarfile,1)."|gzip -d -c\r\n-|".g:tar_cmd." -".g:tar_browseoptions." - "\r\n 144\t exe "silent r! bzip2 -d -c -- ".s:Escape(tarfile,1)." |\r\n".g:tar_cmd." -".g:tar_browseoptions." - "\r\n 147\t exe "silent r! ".g:tar_cmd." -".g:tar_browseoptions."\r\n".s:Escape(tarfile,1)\r\n 163\t exe "r ".fnameescape(a:tarfile)\r\n 198\t let tarfile=substitute(system("cygpath -u\r\n".s:Escape(tarfile,0)),'\n$','','e')\r\n 223\t let tarfile=substitute(system("cygpath -u\r\n".s:Escape(tarfile,0)),'\n$','','e')\r\n 244\t exe "silent r! gzip -d -c -- ".s:Escape(tarfile,1)."|\r\n".g:tar_cmd." -".g:tar_readoptions." - ".s:Escape(fname,1).decmp\r\n 247\t exe "silent r! cat -- ".s:Escape(tarfile,1)." | gzip -d -c\r\n- | ".g:tar_cmd." -".g:tar_readoptions." - ".s:Escape(fname,1).decmp\r\n 250\t exe "silent r! bzip2 -d -c -- ".s:Escape(tarfile,1)."|\r\n".g:tar_cmd." -".g:tar_readoptions." - ".s:Escape(fname,1).decmp\r\n 253\t exe "silent r! ".g:tar_cmd." -".g:tar_readoptions."\r\n".s:Escape(tarfile,1)." -- ".s:Escape(fname,1).decmp\r\n 262\t exe "file tarfile::".fnameescape(fname)\r\n 308\t exe "cd ".fnameescape(tmpdir)\r\n 332\t call system("gzip -d -- ".s:Escape(tarfile,0))\r\n 336\t call system("gzip -d -- ".s:Escape(tarfile,0))\r\n 341\t call system("bzip2 -d -- ".s:Escape(tarfile,0))\r\n 359\t let dirpath = substitute(system("cygpath\r\n".s:Escape(dirpath, 0)),'\n','','e')\r\n 368\t exe "w! ".fnameescape(fname)\r\n 370\t let tarfile = substitute(system("cygpath\r\n".s:Escape(tarfile,0)),'\n','','e')\r\n 375\t call system("tar --delete -f ".s:Escape(tarfile,0)." --\r\n".s:Escape(fname,0))\r\n 384\t call system("tar -".g:tar_writeoptions."\r\n".s:Escape(tarfile,0)." -- ".s:Escape(fname,0))\r\n 391\t call system(compress)\r\n 407\t exe "e! ".fnameescape(tarfile)\r\n 419\t exe "cd ".fnameescape(curdir)\r\n 431\t call system("/bin/rm -rf -- ".s:Escape(a:fname,0))\r\n 434\t call system("/bin/rm -rf -- ".s:Escape(a:fname,0))\r\n 436\t call system("del /S ".s:Escape(a:fname,0))\r\n\r\nThis is the listing from section ``3.4.2.3.1.'' of the original\r\nadvisory[1], for reference:\r\n\r\n 99\t exe "$put ='".'\"'." Browsing tarfile ".a:tarfile."'"\r\n 107\t let tarfile=substitute(system("cygpath -u ".tarfile),'\n$','','e')\r\n 112\t exe "silent r! gzip -d -c ".g:tar_shq.tarfile.g:tar_shq."|\r\n".g:tar_cmd." -".g:tar_browseoptions." - "\r\n 115\t exe "silent r! bzip2 -d -c ".g:tar_shq.tarfile.g:tar_shq."|\r\n".g:tar_cmd." -".g:tar_browseoptions." - "\r\n 118\t exe "silent r! ".g:tar_cmd." -".g:tar_browseoptions."\r\n".g:tar_shq.tarfile.g:tar_shq\r\n 134\t exe "r ".a:tarfile\r\n 169\t let tarfile=substitute(system("cygpath -u ".tarfile),'\n$','','e')\r\n 192\t let tarfile=substitute(system("cygpath -u ".tarfile),'\n$','','e')\r\n 199\t exe "silent r! gzip -d -c ".g:tar_shq.tarfile.g:tar_shq."|\r\n".g:tar_cmd." -".g:tar_readoptions." - '".fname."'"\r\n 202\t exe "silent r! bzip2 -d -c ".g:tar_shq.tarfile.g:tar_shq."|\r\n".g:tar_cmd." -".g:tar_readoptions." - '".fname."'"\r\n 205\t exe "silent r! ".g:tar_cmd." -".g:tar_readoptions."\r\n".g:tar_shq.tarfile.g:tar_shq." ".g:tar_shq.fname.g:tar_shq\r\n 208\t exe "file tarfile:".fname\r\n 278\t call system("gzip -d ".tarfile)\r\n 282\t call system("gzip -d ".tarfile)\r\n 287\t call system("bzip2 -d ".tarfile)\r\n 303\t let dirpath = substitute(system("cygpath ".dirpath),'\n','','e')\r\n 312\t exe "w! ".fname\r\n 314\t let tarfile = substitute(system("cygpath ".tarfile),'\n','','e')\r\n 319\t call system("tar --delete -f '".tarfile."' '".fname."'")\r\n 335\t call system(compress)\r\n 351\t exe "e! ".tarfile\r\n\r\n\r\n4. VULNERABILITIES\r\n\r\n4.1. Untrusted File Names Interpreted as Optional Argument\r\n\r\n4.1.1. POSIX Systems\r\n\r\nThe POSIX end-of-options double-dash (--) is missing from some of the\r\ncommands invoked by system() -- line 244 a.o.:\r\n\r\n 244\t exe "silent r! gzip -d -c -- ".s:Escape(tarfile,1)."|\r\n".g:tar_cmd." -".g:tar_readoptions." - ".s:Escape(fname,1).decmp\r\n\r\nThe resulting command looks like this:\r\n\r\n gzip -d -c -- TARBALL | tar -OPxf - MEMBER\r\n\r\nMEMBER can be interpreted by tar(1) as a command line option. This can\r\nbe still used to execute arbitrary shell commands (cf. e.g. the\r\n``--compress-program'' option of tar(1)).\r\n\r\n\r\n4.1.2. Other Systems\r\n\r\nWith implementations of tar(1) (and other programs) that do not\r\nunderstand the double-dash convention, another mechanism must be used to\r\nprevent the file name from being interpreted as command line options.\r\nAt the same time, the current code may confuse such programs.\r\n\r\nIt is not possible for Vim to know the invocation syntax of external\r\nprograms. As the double-dash security measure may not be present in any\r\ngiven external command, the security of commands that pass untrusted\r\ninput to these external commands is not be guaranteed.\r\n\r\n\r\n4.2 Unspecified Behaviour of system() and ``!''\r\n\r\n4.2.1. The system() Function\r\n\r\nsystem(), does not invoke /bin/sh to run the commands, as does the C\r\nStandard Library function of the same name. Rather, it uses the program\r\nspecified in the Vim internal option 'shell'. The full details of how\r\nsystem() works can be found in the Vim Manual:\r\n\r\n ``system({expr} [, {input}]) *system()* *E677*\r\n [...]\r\n The command executed is constructed using several options:\r\n 'shell' 'shellcmdflag' 'shellxquote' {expr} 'shellredir' {tmp} 'shellxquote'\r\n ({tmp} is an automatically generated file name). For Unix and OS/2\r\n braces are put around {expr} to allow for concatenated commands.''\r\n\r\n -- Vim Reference Manual (``eval.txt'')\r\n\r\nAs the particularities of how this program interprets the command can\r\nnot be known, it is inherently impossible to say anything meaningful as\r\nto whether there are security issues. In fact, it is not possible to\r\nsay anything about how the command will be interpreted, or if it will be\r\ninterpreted at all. In the absence of a baseline specification, the\r\nbehaviour of system() as implemented by Vim can only be described as\r\n"unspecified".\r\n\r\nBy setting the respective options to known values, it may be possible to\r\nreach the C Standard Library system() functionality. There will still\r\nbe problems on systems without /bin/sh, and on systems where /bin/sh is\r\nnot POSIX-conformant.\r\n\r\n\r\n4.2.2. The ``!'' Command\r\n\r\nThe same applies to the ``!'' command, as used e.g. on line 138:\r\n\r\n 138\t exe "silent r! gzip -d -c -- ".s:Escape(tarfile,1)." |\r\n".g:tar_cmd." -".g:tar_browseoptions." - "\r\n\r\nThe ``r!'' means the ``read'' command reads the output of the ``!''\r\ncommand, which in turn executes shell commands, in a way similar to\r\nsystem().\r\n\r\n\r\n5. EXPLOIT\r\n\r\nNo exploit code is provided.\r\n\r\n\r\n6. REFERENCES\r\n\r\n[1] Collection of Vulnerabilities in Fully Patched Vim 7.1\r\n http://www.rdancer.org/vulnerablevim.html\r\n\r\n\r\n7. COPYRIGHT\r\n\r\nThis advisory is Copyright 2008 Jan Minar <rdancer@rdancer.org>\r\n\r\nCopying welcome, under the Creative Commons ``Attribution-Share Alike''\r\nLicense http://creativecommons.org/licenses/by-sa/2.0/uk/\r\n\r\nCode included herein, and accompanying this advisory, may be copied\r\naccording to the GNU General Public License version 2, or the Vim\r\nlicense. See the subdirectory ``licenses''.\r\n\r\nVarious portions of the accompanying code were written by various\r\nparties. Those parties may hold copyright, and those portions may be\r\ncopied according to their respective licenses.\r\n\r\n\r\n8. HISTORY\r\n\r\n2008-08-08 Sent to: <bugs@vim.org>, <vim-dev@vim.org>,\r\n <full-disclosure@lists.grok.org.uk>,\r\n <bugtraq@securityfocus.com>,\r\n Charles E Campbell, Jr (Vim Tar Plugin Maintainer)\r\n <drchip@campbellfamily.biz>", "modified": "2008-08-08T00:00:00", "published": "2008-08-08T00:00:00", "id": "SECURITYVULNS:DOC:20317", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20317", "title": "Vim: Unfixed Vulnerabilities in Tar Plugin Version 20", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}