{"id": "MANDRIVA_MDVSA-2008-236.NASL", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.", "published": "2009-04-23T00:00:00", "modified": "2018-07-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "type": "nessus", "lastseen": "2019-02-21T01:11:41", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:mandriva:linux:vim-minimal", "p-cpe:/a:mandriva:linux:vim-common", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:vim-X11", "p-cpe:/a:mandriva:linux:vim-enhanced"], "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.", "edition": 6, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "8e24a6f8d6ceebe01211f2323825b75ca6c2cbe3de851551522d132377ea3940", "hashmap": [{"hash": "306207caabaade4830e874dd955afbce", "key": "description"}, {"hash": "8a405feac8e71cab87116ef933dfc17e", "key": "href"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f374bc60a75d16a6a8615022c3815f94", "key": "cvelist"}, {"hash": "1f855a3a9b7d8766f0ad2f09df06e822", "key": "cpe"}, {"hash": "197a63ce57b10c1f43b5342b9dd90820", "key": "published"}, {"hash": "d79f372f585dad80577c166ffc754e23", "key": "title"}, {"hash": "889e0ac5bc12f5d7a0222c4c66705b8b", "key": "sourceData"}, {"hash": "b94468282c77ce98c794d894337ae500", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "id": "MANDRIVA_MDVSA-2008-236.NASL", "lastseen": "2018-09-01T23:37:08", "modified": "2018-07-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "36821", "published": "2009-04-23T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 6, "lastseen": "2018-09-01T23:37:08"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:mandriva:linux:vim-minimal", "p-cpe:/a:mandriva:linux:vim-common", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:vim-X11", "p-cpe:/a:mandriva:linux:vim-enhanced"], "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "8e24a6f8d6ceebe01211f2323825b75ca6c2cbe3de851551522d132377ea3940", "hashmap": [{"hash": "306207caabaade4830e874dd955afbce", "key": "description"}, {"hash": "8a405feac8e71cab87116ef933dfc17e", "key": "href"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f374bc60a75d16a6a8615022c3815f94", "key": "cvelist"}, {"hash": "1f855a3a9b7d8766f0ad2f09df06e822", "key": "cpe"}, {"hash": "197a63ce57b10c1f43b5342b9dd90820", "key": "published"}, {"hash": "d79f372f585dad80577c166ffc754e23", "key": "title"}, {"hash": "889e0ac5bc12f5d7a0222c4c66705b8b", "key": "sourceData"}, {"hash": "b94468282c77ce98c794d894337ae500", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "id": "MANDRIVA_MDVSA-2008-236.NASL", "lastseen": "2018-08-02T07:40:55", "modified": "2018-07-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "36821", "published": "2009-04-23T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-02T07:40:55"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.", "edition": 1, "hash": "7a15a6cc1305f5fb745e58d7cd4eed16a701cbd11a77b1370dc97496a80ab73f", "hashmap": [{"hash": "306207caabaade4830e874dd955afbce", "key": "description"}, {"hash": "8a405feac8e71cab87116ef933dfc17e", "key": "href"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "3cf12ca51aefc7921e2fae5f5b05a36b", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a33e65a768b0cca01f769a54f9f4ed8b", "key": "cvss"}, {"hash": "f374bc60a75d16a6a8615022c3815f94", "key": "cvelist"}, {"hash": "197a63ce57b10c1f43b5342b9dd90820", "key": "published"}, {"hash": "d79f372f585dad80577c166ffc754e23", "key": "title"}, {"hash": "800084d14669b7e75c4baba9f7a47966", "key": "modified"}, {"hash": "b94468282c77ce98c794d894337ae500", "key": "pluginID"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "id": "MANDRIVA_MDVSA-2008-236.NASL", "lastseen": "2016-09-26T17:23:42", "modified": "2015-03-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.2", "pluginID": "36821", "published": "2009-04-23T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2015/03/19 14:49:27 $\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:23:42"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:mandriva:linux:vim-minimal", "p-cpe:/a:mandriva:linux:vim-common", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:vim-X11", "p-cpe:/a:mandriva:linux:vim-enhanced"], "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "e3a9c585eaec95cd5dcd806c17f5e714bc63ffe34eef42a0c6453a40c352ed94", "hashmap": [{"hash": "306207caabaade4830e874dd955afbce", "key": "description"}, {"hash": "8a405feac8e71cab87116ef933dfc17e", "key": "href"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f374bc60a75d16a6a8615022c3815f94", "key": "cvelist"}, {"hash": "1f855a3a9b7d8766f0ad2f09df06e822", "key": "cpe"}, {"hash": "5b6e285ed6333e664cb3599907b7f5b6", "key": "modified"}, {"hash": "197a63ce57b10c1f43b5342b9dd90820", "key": "published"}, {"hash": "d79f372f585dad80577c166ffc754e23", "key": "title"}, {"hash": "5b40e55bd47ed91ed23084d83dfb8192", "key": "sourceData"}, {"hash": "b94468282c77ce98c794d894337ae500", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "id": "MANDRIVA_MDVSA-2008-236.NASL", "lastseen": "2017-10-29T13:35:09", "modified": "2016-11-28T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "36821", "published": "2009-04-23T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/11/28 21:39:22 $\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-10-29T13:35:09"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.", "edition": 2, "enchantments": {}, "hash": "c219d551c35834d5c42e265073489302e9a9916028b233cc2340c17be9e56040", "hashmap": [{"hash": "306207caabaade4830e874dd955afbce", "key": "description"}, {"hash": "8a405feac8e71cab87116ef933dfc17e", "key": "href"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f374bc60a75d16a6a8615022c3815f94", "key": "cvelist"}, {"hash": "5b6e285ed6333e664cb3599907b7f5b6", "key": "modified"}, {"hash": "197a63ce57b10c1f43b5342b9dd90820", "key": "published"}, {"hash": "d79f372f585dad80577c166ffc754e23", "key": "title"}, {"hash": "5b40e55bd47ed91ed23084d83dfb8192", "key": "sourceData"}, {"hash": "b94468282c77ce98c794d894337ae500", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "id": "MANDRIVA_MDVSA-2008-236.NASL", "lastseen": "2016-11-29T05:31:32", "modified": "2016-11-28T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.2", "pluginID": "36821", "published": "2009-04-23T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/11/28 21:39:22 $\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2016-11-29T05:31:32"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:mandriva:linux:vim-minimal", "p-cpe:/a:mandriva:linux:vim-common", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:vim-X11", "p-cpe:/a:mandriva:linux:vim-enhanced"], "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-01-16T20:09:05", "references": [{"idList": ["REDHAT-RHSA-2008-0580.NASL", "SUSE_GVIM-6023.NASL", "DEBIAN_DSA-1733.NASL", "REDHAT-RHSA-2008-0617.NASL", "SUSE9_12360.NASL", "SUSE_11_1_GVIM-090225.NASL", "CENTOS_RHSA-2008-0580.NASL", "ORACLELINUX_ELSA-2008-0580.NASL", "SUSE_11_0_GVIM-090225.NASL", "SL_20081125_VIM_ON_SL3_X.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310830451", "OPENVAS:830568", "OPENVAS:870099", "OPENVAS:136141256231065087", "OPENVAS:136141256231063500", "OPENVAS:830451", "OPENVAS:1361412562310870099", "OPENVAS:1361412562310122541", "OPENVAS:1361412562310830568", "OPENVAS:63500"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-1733-1:0AD7D", "DEBIAN:39911521BDD8B510D11191B007C5C80B:928A4"], "type": "debian"}, {"idList": ["SECURITYVULNS:DOC:20317", "SECURITYVULNS:DOC:20220", "SECURITYVULNS:VULN:9086"], "type": "securityvulns"}, {"idList": ["SSV:2059", "SSV:4501"], "type": "seebug"}, {"idList": ["0E1E3789-D87F-11DD-8ECD-00163E000016", "30866E6C-3C6D-11DD-98C9-00163E000016", "1ED03222-3C65-11DC-B3D3-0016179B2DD5"], "type": "freebsd"}, {"idList": ["VMSA-2009-0004"], "type": "vmware"}, {"idList": ["OSVDB:38674"], "type": "osvdb"}, {"idList": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "type": "cve"}, {"idList": ["ELSA-2008-0580", "ELSA-2008-0617"], "type": "oraclelinux"}, {"idList": ["CESA-2008:0580", "CESA-2008:0618-01", "CESA-2008:0617"], "type": "centos"}, {"idList": ["EDB-ID:32012", "EDB-ID:32289", "EDB-ID:31911"], "type": "exploitdb"}, {"idList": ["RHSA-2008:0618", "RHSA-2008:0580", "RHSA-2008:0617"], "type": "redhat"}, {"idList": ["USN-712-1", "USN-505-1"], "type": "ubuntu"}]}, "score": {"value": 7.2, "vector": "NONE"}}, "hash": "2c6a83701b6d36f73aebba037b854326b748ad64325fb4b36922d22bb94292e9", "hashmap": [{"hash": "8a405feac8e71cab87116ef933dfc17e", "key": "href"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f374bc60a75d16a6a8615022c3815f94", "key": "cvelist"}, {"hash": "1f855a3a9b7d8766f0ad2f09df06e822", "key": "cpe"}, {"hash": "197a63ce57b10c1f43b5342b9dd90820", "key": "published"}, {"hash": "d79f372f585dad80577c166ffc754e23", "key": "title"}, {"hash": "889e0ac5bc12f5d7a0222c4c66705b8b", "key": "sourceData"}, {"hash": "b94468282c77ce98c794d894337ae500", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "19f99e97fce7c5c6ca8d1734c858cc4c", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "id": "MANDRIVA_MDVSA-2008-236.NASL", "lastseen": "2019-01-16T20:09:05", "modified": "2018-07-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "36821", "published": "2009-04-23T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 7, "lastseen": "2019-01-16T20:09:05"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:mandriva:linux:vim-minimal", "p-cpe:/a:mandriva:linux:vim-common", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:vim-X11", "p-cpe:/a:mandriva:linux:vim-enhanced"], "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.", "edition": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "23ca678364fb4cb389bea2c78a45870b6af7e1d123348befdec7db9f5ad463d9", "hashmap": [{"hash": "306207caabaade4830e874dd955afbce", "key": "description"}, {"hash": "8a405feac8e71cab87116ef933dfc17e", "key": "href"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f374bc60a75d16a6a8615022c3815f94", "key": "cvelist"}, {"hash": "1f855a3a9b7d8766f0ad2f09df06e822", "key": "cpe"}, {"hash": "197a63ce57b10c1f43b5342b9dd90820", "key": "published"}, {"hash": "d79f372f585dad80577c166ffc754e23", "key": "title"}, {"hash": "889e0ac5bc12f5d7a0222c4c66705b8b", "key": "sourceData"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "b94468282c77ce98c794d894337ae500", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "id": "MANDRIVA_MDVSA-2008-236.NASL", "lastseen": "2018-08-30T19:33:54", "modified": "2018-07-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "36821", "published": "2009-04-23T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:33:54"}], "edition": 8, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "1f855a3a9b7d8766f0ad2f09df06e822"}, {"key": "cvelist", "hash": "f374bc60a75d16a6a8615022c3815f94"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "306207caabaade4830e874dd955afbce"}, {"key": "href", "hash": "8a405feac8e71cab87116ef933dfc17e"}, {"key": "modified", "hash": "e2914120514a29eeccc01e381df164d8"}, {"key": "naslFamily", "hash": "526837706681051344a466f9e51ac982"}, {"key": "pluginID", "hash": "b94468282c77ce98c794d894337ae500"}, {"key": "published", "hash": "197a63ce57b10c1f43b5342b9dd90820"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "889e0ac5bc12f5d7a0222c4c66705b8b"}, {"key": "title", "hash": "d79f372f585dad80577c166ffc754e23"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "8e24a6f8d6ceebe01211f2323825b75ca6c2cbe3de851551522d132377ea3940", "viewCount": 277, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310870099", "OPENVAS:870099", "OPENVAS:1361412562310830568", "OPENVAS:830568", "OPENVAS:830451", "OPENVAS:1361412562310830451", "OPENVAS:136141256231063500", "OPENVAS:63500", "OPENVAS:1361412562310122541", "OPENVAS:65087"]}, {"type": "centos", "idList": ["CESA-2008:0580", "CESA-2008:0617", "CESA-2008:0618-01"]}, {"type": "redhat", "idList": ["RHSA-2008:0580", "RHSA-2008:0617", "RHSA-2008:0618"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1733.NASL", "SL_20081125_VIM_ON_SL3_X.NASL", "CENTOS_RHSA-2008-0580.NASL", "ORACLELINUX_ELSA-2008-0580.NASL", "REDHAT-RHSA-2008-0580.NASL", "SUSE9_12360.NASL", "SUSE_GVIM-6023.NASL", "SUSE_11_1_GVIM-090225.NASL", "SUSE_11_0_GVIM-090225.NASL", "ORACLELINUX_ELSA-2008-0617.NASL"]}, {"type": "cve", "idList": ["CVE-2008-4677", "CVE-2007-2953", "CVE-2008-2953", "CVE-2008-2712", "CVE-2008-4101", "CVE-2008-3076", "CVE-2008-3074", "CVE-2008-3075"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1733-1:0AD7D", "DEBIAN:39911521BDD8B510D11191B007C5C80B:928A4", "DEBIAN:DSA-1364-2:30E6F"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0580", "ELSA-2008-0617"]}, {"type": "ubuntu", "idList": ["USN-712-1", "USN-505-1"]}, {"type": "vmware", "idList": ["VMSA-2009-0004"]}, {"type": "freebsd", "idList": ["1ED03222-3C65-11DC-B3D3-0016179B2DD5", "30866E6C-3C6D-11DD-98C9-00163E000016", "0E1E3789-D87F-11DD-8ECD-00163E000016"]}, {"type": "exploitdb", "idList": ["EDB-ID:32289", "EDB-ID:31911", "EDB-ID:32012"]}, {"type": "osvdb", "idList": ["OSVDB:38674"]}, {"type": "seebug", "idList": ["SSV:2059", "SSV:4501"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20220", "SECURITYVULNS:DOC:20317", "SECURITYVULNS:VULN:9086"]}], "modified": "2019-02-21T01:11:41"}, "score": {"value": 8.0, "vector": "NONE", "modified": "2019-02-21T01:11:41"}, "vulnersScore": 8.0}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:236. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36821);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDVSA\", value:\"2008:236-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system\nfunctions. If a user were to open a specially crafted file, it would\nbe possible to execute arbitrary code as the user running vim\n(CVE-2008-2712).\n\nUlf Härnhammar of Secunia Research found a format\nstring flaw in vim's help tags processor. If a user were tricked into\nexecuting the helptags command on malicious data, it could result in\nthe execution of arbitrary code as the user running vim\n(CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a\nuser were to open a special TAR archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a\nuser were to open a special ZIP archive using the plugin, it could\nresult in the execution of arbitrary code as the user running vim\n(CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin\nthat provides the ability to read and write files over the network. If\na user opened a specially crafted file or directory with the netrw\nplugin, it could result in the execution of arbitrary code as the user\nrunning vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag\nhandling. If vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitary code as the user running\nvim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it\nwould send FTP credentials stored for an FTP session to subsequent FTP\nsessions to servers on different hosts, exposing FTP credentials to\nremote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of\nthese issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on\nlibruby and also conflicted with a file from the git-core package (in\ncontribs). These issues have been corrected with these updated\npackages.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-X11-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-common-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"vim-minimal-7.2.065-9.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-X11-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-common-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-enhanced-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"vim-minimal-7.2.065-9.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-X11-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-common-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-enhanced-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vim-minimal-7.2.065-9.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "36821", "cpe": ["p-cpe:/a:mandriva:linux:vim-minimal", "p-cpe:/a:mandriva:linux:vim-common", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:vim-X11", "p-cpe:/a:mandriva:linux:vim-enhanced"], "scheme": null}

{"centos": [{"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0580\n\n\nVim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015453.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015454.html\n\n**Affected packages:**\nvim\nvim-X11\nvim-common\nvim-enhanced\nvim-minimal\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0580.html", "modified": "2008-11-26T22:22:42", "published": "2008-11-26T22:22:41", "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/015453.html", "id": "CESA-2008:0580", "title": "vim security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:46", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0617\n\n\nVim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file name\npatterns with shell wildcards. An attacker could create a specially-crafted\nfile or directory name that, when opened by Vim, caused the application to\ncrash or, possibly, execute arbitrary code. (CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015438.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015439.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015440.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015441.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015442.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015449.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015457.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015458.html\n\n**Affected packages:**\nvim\nvim-X11\nvim-common\nvim-enhanced\nvim-minimal\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0617.html", "modified": "2008-11-26T22:58:49", "published": "2008-11-25T16:56:47", "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/015438.html", "id": "CESA-2008:0617", "title": "vim security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:19", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0618-01\n\n\nVim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015444.html\n\n**Affected packages:**\nvim-X11\nvim-common\nvim-enhanced\nvim-minimal\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2008-11-25T23:40:39", "published": "2008-11-25T23:40:39", "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/015444.html", "id": "CESA-2008:0618-01", "title": "vim security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-27T10:55:59", "bulletinFamily": "scanner", "description": "Check for the Version of vim", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870099", "id": "OPENVAS:870099", "title": "RedHat Update for vim RHSA-2008:0580-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for vim RHSA-2008:0580-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vim (Visual editor IMproved) is an updated and improved version of the vi\n editor.\n\n Several input sanitization flaws were found in Vim's keyword and tag\n handling. If Vim looked up a document's maliciously crafted tag or keyword,\n it was possible to execute arbitrary code as the user running Vim.\n (CVE-2008-4101)\n \n Multiple security flaws were found in netrw.vim, the Vim plug-in providing\n file reading and writing over the network. If a user opened a specially\n crafted file or directory with the netrw plug-in, it could result in\n arbitrary code execution as the user running Vim. (CVE-2008-3076)\n \n A security flaw was found in zip.vim, the Vim plug-in that handles ZIP\n archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\n it could result in arbitrary code execution as the user running Vim.\n (CVE-2008-3075)\n \n A security flaw was found in tar.vim, the Vim plug-in which handles TAR\n archive browsing. If a user opened a TAR archive using the tar.vim plug-in,\n it could result in arbitrary code execution as the user runnin Vim.\n (CVE-2008-3074)\n \n Several input sanitization flaws were found in various Vim system\n functions. If a user opened a specially crafted file, it was possible to\n execute arbitrary code as the user running Vim. (CVE-2008-2712)\n \n Ulf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\n Vim's help tag processor. If a user was tricked into executing the\n &quot;helptags&quot; command on malicious data, arbitrary code could be executed with\n the permissions of the user running Vim. (CVE-2007-2953)\n \n All Vim users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\";\n\ntag_affected = \"vim on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-November/msg00012.html\");\n script_id(870099);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0580-01\");\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\");\n script_name( \"RedHat Update for vim RHSA-2008:0580-01\");\n\n script_summary(\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-debuginfo\", rpm:\"vim-debuginfo~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:22", "bulletinFamily": "scanner", "description": "Check for the Version of vim", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830568", "id": "OPENVAS:1361412562310830568", "type": "openvas", "title": "Mandriva Update for vim MDVSA-2008:236 (vim)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for vim MDVSA-2008:236 (vim)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were found in the vim editor:\n\n A number of input sanitization flaws were found in various vim\n system functions. If a user were to open a specially crafted file,\n it would be possible to execute arbitrary code as the user running vim\n (CVE-2008-2712).\n \n Ulf H&#xC3;&#xA4;rnhammar of Secunia Research found a format string flaw in\n vim's help tags processor. If a user were tricked into executing the\n helptags command on malicious data, it could result in the execution\n of arbitrary code as the user running vim (CVE-2008-2953).\n \n A flaw was found in how tar.vim handled TAR archive browsing. If a\n user were to open a special TAR archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3074).\n \n A flaw was found in how zip.vim handled ZIP archive browsing. If a\n user were to open a special ZIP archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3075).\n \n A number of security flaws were found in netrw.vim, the vim plugin\n that provides the ability to read and write files over the network.\n If a user opened a specially crafted file or directory with the netrw\n plugin, it could result in the execution of arbitrary code as the\n user running vim (CVE-2008-3076).\n \n A number of input validation flaws were found in vim's keyword and\n tag handling. If vim looked up a document's maliciously crafted\n tag or keyword, it was possible to execute arbitrary code as the user\n running vim (CVE-2008-4101).\n \n A vulnerability was found in certain versions of netrw.vim where it\n would send FTP credentials stored for an FTP session to subsequent\n FTP sessions to servers on different hosts, exposing FTP credentials\n to remote hosts (CVE-2008-4677).\n \n This update provides vim 7.2 (patchlevel 65) which corrects all of\n these issues and introduces a number of new features and bug fixes.\";\n\ntag_affected = \"vim on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-12/msg00003.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830568\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:236\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_name( \"Mandriva Update for vim MDVSA-2008:236 (vim)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:37", "bulletinFamily": "scanner", "description": "Check for the Version of vim", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830451", "id": "OPENVAS:1361412562310830451", "title": "Mandriva Update for vim MDVSA-2008:236-1 (vim)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for vim MDVSA-2008:236-1 (vim)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were found in the vim editor:\n\n A number of input sanitization flaws were found in various vim\n system functions. If a user were to open a specially crafted file,\n it would be possible to execute arbitrary code as the user running vim\n (CVE-2008-2712).\n \n Ulf H&#xC3;&#xA4;rnhammar of Secunia Research found a format string flaw in\n vim's help tags processor. If a user were tricked into executing the\n helptags command on malicious data, it could result in the execution\n of arbitrary code as the user running vim (CVE-2008-2953).\n \n A flaw was found in how tar.vim handled TAR archive browsing. If a\n user were to open a special TAR archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3074).\n \n A flaw was found in how zip.vim handled ZIP archive browsing. If a\n user were to open a special ZIP archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3075).\n \n A number of security flaws were found in netrw.vim, the vim plugin\n that provides the ability to read and write files over the network.\n If a user opened a specially crafted file or directory with the netrw\n plugin, it could result in the execution of arbitrary code as the\n user running vim (CVE-2008-3076).\n \n A number of input validation flaws were found in vim's keyword and\n tag handling. If vim looked up a document's maliciously crafted\n tag or keyword, it was possible to execute arbitrary code as the user\n running vim (CVE-2008-4101).\n \n A vulnerability was found in certain versions of netrw.vim where it\n would send FTP credentials stored for an FTP session to subsequent\n FTP sessions to servers on different hosts, exposing FTP credentials\n to remote hosts (CVE-2008-4677).\n \n This update provides vim 7.2 (patchlevel 65) which corrects all of\n these issues and introduces a number of new features and bug fixes.\n \n Update:\n \n The previous vim update incorrectly introduced a requirement on\n libruby and also conflicted with a file from the git-core package\n (in contribs). These issues have been corrected with these updated\n packages.\";\n\ntag_affected = \"vim on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-12/msg00010.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830451\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:236-1\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_name( \"Mandriva Update for vim MDVSA-2008:236-1 (vim)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:31", "bulletinFamily": "scanner", "description": "Check for the Version of vim", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870099", "id": "OPENVAS:1361412562310870099", "type": "openvas", "title": "RedHat Update for vim RHSA-2008:0580-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for vim RHSA-2008:0580-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vim (Visual editor IMproved) is an updated and improved version of the vi\n editor.\n\n Several input sanitization flaws were found in Vim's keyword and tag\n handling. If Vim looked up a document's maliciously crafted tag or keyword,\n it was possible to execute arbitrary code as the user running Vim.\n (CVE-2008-4101)\n \n Multiple security flaws were found in netrw.vim, the Vim plug-in providing\n file reading and writing over the network. If a user opened a specially\n crafted file or directory with the netrw plug-in, it could result in\n arbitrary code execution as the user running Vim. (CVE-2008-3076)\n \n A security flaw was found in zip.vim, the Vim plug-in that handles ZIP\n archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\n it could result in arbitrary code execution as the user running Vim.\n (CVE-2008-3075)\n \n A security flaw was found in tar.vim, the Vim plug-in which handles TAR\n archive browsing. If a user opened a TAR archive using the tar.vim plug-in,\n it could result in arbitrary code execution as the user runnin Vim.\n (CVE-2008-3074)\n \n Several input sanitization flaws were found in various Vim system\n functions. If a user opened a specially crafted file, it was possible to\n execute arbitrary code as the user running Vim. (CVE-2008-2712)\n \n Ulf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\n Vim's help tag processor. If a user was tricked into executing the\n &quot;helptags&quot; command on malicious data, arbitrary code could be executed with\n the permissions of the user running Vim. (CVE-2007-2953)\n \n All Vim users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\";\n\ntag_affected = \"vim on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-November/msg00012.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870099\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0580-01\");\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\");\n script_name( \"RedHat Update for vim RHSA-2008:0580-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-debuginfo\", rpm:\"vim-debuginfo~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.0.109~4.el5_2.4z\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:05", "bulletinFamily": "scanner", "description": "Check for the Version of vim", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830568", "id": "OPENVAS:830568", "title": "Mandriva Update for vim MDVSA-2008:236 (vim)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for vim MDVSA-2008:236 (vim)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were found in the vim editor:\n\n A number of input sanitization flaws were found in various vim\n system functions. If a user were to open a specially crafted file,\n it would be possible to execute arbitrary code as the user running vim\n (CVE-2008-2712).\n \n Ulf H&#xC3;&#xA4;rnhammar of Secunia Research found a format string flaw in\n vim's help tags processor. If a user were tricked into executing the\n helptags command on malicious data, it could result in the execution\n of arbitrary code as the user running vim (CVE-2008-2953).\n \n A flaw was found in how tar.vim handled TAR archive browsing. If a\n user were to open a special TAR archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3074).\n \n A flaw was found in how zip.vim handled ZIP archive browsing. If a\n user were to open a special ZIP archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3075).\n \n A number of security flaws were found in netrw.vim, the vim plugin\n that provides the ability to read and write files over the network.\n If a user opened a specially crafted file or directory with the netrw\n plugin, it could result in the execution of arbitrary code as the\n user running vim (CVE-2008-3076).\n \n A number of input validation flaws were found in vim's keyword and\n tag handling. If vim looked up a document's maliciously crafted\n tag or keyword, it was possible to execute arbitrary code as the user\n running vim (CVE-2008-4101).\n \n A vulnerability was found in certain versions of netrw.vim where it\n would send FTP credentials stored for an FTP session to subsequent\n FTP sessions to servers on different hosts, exposing FTP credentials\n to remote hosts (CVE-2008-4677).\n \n This update provides vim 7.2 (patchlevel 65) which corrects all of\n these issues and introduces a number of new features and bug fixes.\";\n\ntag_affected = \"vim on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-12/msg00003.php\");\n script_id(830568);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:236\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_name( \"Mandriva Update for vim MDVSA-2008:236 (vim)\");\n\n script_summary(\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:04", "bulletinFamily": "scanner", "description": "Check for the Version of vim", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830451", "id": "OPENVAS:830451", "title": "Mandriva Update for vim MDVSA-2008:236-1 (vim)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for vim MDVSA-2008:236-1 (vim)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were found in the vim editor:\n\n A number of input sanitization flaws were found in various vim\n system functions. If a user were to open a specially crafted file,\n it would be possible to execute arbitrary code as the user running vim\n (CVE-2008-2712).\n \n Ulf H&#xC3;&#xA4;rnhammar of Secunia Research found a format string flaw in\n vim's help tags processor. If a user were tricked into executing the\n helptags command on malicious data, it could result in the execution\n of arbitrary code as the user running vim (CVE-2008-2953).\n \n A flaw was found in how tar.vim handled TAR archive browsing. If a\n user were to open a special TAR archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3074).\n \n A flaw was found in how zip.vim handled ZIP archive browsing. If a\n user were to open a special ZIP archive using the plugin, it could\n result in the execution of arbitrary code as the user running vim\n (CVE-2008-3075).\n \n A number of security flaws were found in netrw.vim, the vim plugin\n that provides the ability to read and write files over the network.\n If a user opened a specially crafted file or directory with the netrw\n plugin, it could result in the execution of arbitrary code as the\n user running vim (CVE-2008-3076).\n \n A number of input validation flaws were found in vim's keyword and\n tag handling. If vim looked up a document's maliciously crafted\n tag or keyword, it was possible to execute arbitrary code as the user\n running vim (CVE-2008-4101).\n \n A vulnerability was found in certain versions of netrw.vim where it\n would send FTP credentials stored for an FTP session to subsequent\n FTP sessions to servers on different hosts, exposing FTP credentials\n to remote hosts (CVE-2008-4677).\n \n This update provides vim 7.2 (patchlevel 65) which corrects all of\n these issues and introduces a number of new features and bug fixes.\n \n Update:\n \n The previous vim update incorrectly introduced a requirement on\n libruby and also conflicted with a file from the git-core package\n (in contribs). These issues have been corrected with these updated\n packages.\";\n\ntag_affected = \"vim on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-12/msg00010.php\");\n script_id(830451);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:236-1\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-2953\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_name( \"Mandriva Update for vim MDVSA-2008:236-1 (vim)\");\n\n script_summary(\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.2.065~9.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:24", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2008-0580", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122541", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122541", "title": "Oracle Linux Local Check: ELSA-2008-0580", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0580.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122541\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:47:36 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0580\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0580 - vim security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0580\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0580.html\");\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-4101\", \"CVE-2008-6235\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.0.109~4.el5_2.4z\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.0.109~4.el5_2.4z\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.0.109~4.el5_2.4z\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.0.109~4.el5_2.4z\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:39:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update to vim\nannounced via advisory DSA 1733-1.", "modified": "2018-04-06T00:00:00", "published": "2009-03-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063500", "id": "OPENVAS:136141256231063500", "type": "openvas", "title": "Debian Security Advisory DSA 1733-1 (vim)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1733_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1733-1 (vim)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2008-2712\n\nJan Minar discovered that vim did not properly sanitise inputs\nbefore invoking the execute or system functions inside vim\nscripts. This could lead to the execution of arbitrary code.\n\nCVE-2008-3074\n\nJan Minar discovered that the tar plugin of vim did not properly\nsanitise the filenames in the tar archive or the name of the\narchive file itself, making it prone to arbitrary code execution.\n\nCVE-2008-3075\n\nJan Minar discovered that the zip plugin of vim did not properly\nsanitise the filenames in the zip archive or the name of the\narchive file itself, making it prone to arbitrary code execution.\n\nCVE-2008-3076\n\nJan Minar discovered that the netrw plugin of vim did not properly\nsanitise the filenames or directory names it is given. This could\nlead to the execution of arbitrary code.\n\nCVE-2008-4101\n\nBen Schmidt discovered that vim did not properly escape characters\nwhen performing keyword or tag lookups. This could lead to the\nexecution of arbitrary code.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1:7.1.314-3+lenny1, which was already included in the lenny\nrelease.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 1:7.0-122+1etch4.\n\nFor the testing distribution (squeeze), these problems have been fixed\nin version 1:7.1.314-3+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:7.2.010-1.\";\ntag_summary = \"The remote host is missing an update to vim\nannounced via advisory DSA 1733-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201733-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63500\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-07 21:47:03 +0100 (Sat, 07 Mar 2009)\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4104\", \"CVE-2008-4101\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1733-1 (vim)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"vim-gui-common\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-runtime\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-full\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-lesstif\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tiny\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:45", "bulletinFamily": "scanner", "description": "The remote host is missing an update to vim\nannounced via advisory DSA 1733-1.", "modified": "2017-07-07T00:00:00", "published": "2009-03-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63500", "id": "OPENVAS:63500", "title": "Debian Security Advisory DSA 1733-1 (vim)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1733_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1733-1 (vim)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2008-2712\n\nJan Minar discovered that vim did not properly sanitise inputs\nbefore invoking the execute or system functions inside vim\nscripts. This could lead to the execution of arbitrary code.\n\nCVE-2008-3074\n\nJan Minar discovered that the tar plugin of vim did not properly\nsanitise the filenames in the tar archive or the name of the\narchive file itself, making it prone to arbitrary code execution.\n\nCVE-2008-3075\n\nJan Minar discovered that the zip plugin of vim did not properly\nsanitise the filenames in the zip archive or the name of the\narchive file itself, making it prone to arbitrary code execution.\n\nCVE-2008-3076\n\nJan Minar discovered that the netrw plugin of vim did not properly\nsanitise the filenames or directory names it is given. This could\nlead to the execution of arbitrary code.\n\nCVE-2008-4101\n\nBen Schmidt discovered that vim did not properly escape characters\nwhen performing keyword or tag lookups. This could lead to the\nexecution of arbitrary code.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1:7.1.314-3+lenny1, which was already included in the lenny\nrelease.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 1:7.0-122+1etch4.\n\nFor the testing distribution (squeeze), these problems have been fixed\nin version 1:7.1.314-3+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:7.2.010-1.\";\ntag_summary = \"The remote host is missing an update to vim\nannounced via advisory DSA 1733-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201733-1\";\n\n\nif(description)\n{\n script_id(63500);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-07 21:47:03 +0100 (Sat, 07 Mar 2009)\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4104\", \"CVE-2008-4101\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1733-1 (vim)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"vim-gui-common\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-runtime\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-full\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-lesstif\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tiny\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"7.0-122+1etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:22", "bulletinFamily": "scanner", "description": "This host is installed with Vim and is prone to Command Injection\n Vulnerability.", "modified": "2017-02-20T00:00:00", "published": "2008-12-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=900411", "id": "OPENVAS:900411", "title": "Vim Shell Command Injection Vulnerability (Windows)", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_vim_shell_cmd_injection_vuln_win_900411.nasl 5370 2017-02-20 15:24:26Z cfi $\n# Description: Vim Shell Command Injection Vulnerability (Windows)\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker execute arbitrary shell commands\n to compromise the system.\n Impact Level: Application\";\ntag_affected = \"Vim version prior to 7.2 on Windows.\";\ntag_insight = \"This error is due to the 'filetype.vim', 'tar.vim', 'zip.vim', 'xpm.vim',\n 'xpm2.vim', 'gzip.vim', and 'netrw.vim' scripts which are insufficiently\n filtering escape characters.\";\ntag_solution = \"Upgrade to version 7.2\n http://www.vim.org/download.php\";\ntag_summary = \"This host is installed with Vim and is prone to Command Injection\n Vulnerability.\";\n\nif(description)\n{\n script_id(900411);\n script_version(\"$Revision: 5370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 16:24:26 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-02 11:52:55 +0100 (Tue, 02 Dec 2008)\");\n script_bugtraq_id(32462);\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"General\");\n script_name(\"Vim Shell Command Injection Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/30731/\");\n script_xref(name : \"URL\" , value : \"http://www.rdancer.org/vulnerablevim-shellescape.html\");\n\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\";\nif(!registry_key_exists(key:key)) {\n exit(0);\n}\n\nentries = registry_enum_keys(key:key);\nif(entries == NULL){\n exit(0);\n}\n\nforeach item (entries)\n{\n ver = registry_get_sz(key:key + item, item:\"DisplayName\");\n if(\"Vim\" >< ver)\n {\n #Grep or versions Vim version prior to 7.2\n if(egrep(pattern:\"Vim ([0-6](\\..*)?|7\\.[01](\\..*)?)\", string:ver)){\n security_message(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:13", "bulletinFamily": "unix", "description": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2017-09-08T12:06:57", "published": "2008-11-25T05:00:00", "id": "RHSA-2008:0580", "href": "https://access.redhat.com/errata/RHSA-2008:0580", "type": "redhat", "title": "(RHSA-2008:0580) Moderate: vim security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:37", "bulletinFamily": "unix", "description": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file name\npatterns with shell wildcards. An attacker could create a specially-crafted\nfile or directory name that, when opened by Vim, caused the application to\ncrash or, possibly, execute arbitrary code. (CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2017-09-08T11:47:42", "published": "2008-11-25T05:00:00", "id": "RHSA-2008:0617", "href": "https://access.redhat.com/errata/RHSA-2008:0617", "type": "redhat", "title": "(RHSA-2008:0617) Moderate: vim security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:47", "bulletinFamily": "unix", "description": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2018-03-14T19:25:39", "published": "2008-11-25T05:00:00", "id": "RHSA-2008:0618", "href": "https://access.redhat.com/errata/RHSA-2008:0618", "type": "redhat", "title": "(RHSA-2008:0618) Moderate: vim security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:11:31", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-2712 Jan Minar discovered that vim did not properly sanitise inputs before invoking the execute or system functions inside vim scripts. This could lead to the execution of arbitrary code.\n\n - CVE-2008-3074 Jan Minar discovered that the tar plugin of vim did not properly sanitise the filenames in the tar archive or the name of the archive file itself, making it prone to arbitrary code execution.\n\n - CVE-2008-3075 Jan Minar discovered that the zip plugin of vim did not properly sanitise the filenames in the zip archive or the name of the archive file itself, making it prone to arbitrary code execution.\n\n - CVE-2008-3076 Jan Minar discovered that the netrw plugin of vim did not properly sanitise the filenames or directory names it is given. This could lead to the execution of arbitrary code.\n\n - CVE-2008-4101 Ben Schmidt discovered that vim did not properly escape characters when performing keyword or tag lookups. This could lead to the execution of arbitrary code.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-1733.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35764", "published": "2009-03-04T00:00:00", "title": "Debian DSA-1733-1 : vim - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1733. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35764);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\");\n script_xref(name:\"DSA\", value:\"1733\");\n\n script_name(english:\"Debian DSA-1733-1 : vim - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2008-2712\n Jan Minar discovered that vim did not properly sanitise\n inputs before invoking the execute or system functions\n inside vim scripts. This could lead to the execution of\n arbitrary code.\n\n - CVE-2008-3074\n Jan Minar discovered that the tar plugin of vim did not\n properly sanitise the filenames in the tar archive or\n the name of the archive file itself, making it prone to\n arbitrary code execution.\n\n - CVE-2008-3075\n Jan Minar discovered that the zip plugin of vim did not\n properly sanitise the filenames in the zip archive or\n the name of the archive file itself, making it prone to\n arbitrary code execution.\n\n - CVE-2008-3076\n Jan Minar discovered that the netrw plugin of vim did\n not properly sanitise the filenames or directory names\n it is given. This could lead to the execution of\n arbitrary code.\n\n - CVE-2008-4101\n Ben Schmidt discovered that vim did not properly escape\n characters when performing keyword or tag lookups. This\n could lead to the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1733\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the oldstable distribution (etch), these problems have been fixed\nin version 1:7.0-122+1etch5.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1:7.1.314-3+lenny1, which was already included in the lenny\nrelease.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 78, 94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"vim\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-common\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-doc\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-full\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-gnome\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-gtk\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-gui-common\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-lesstif\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-perl\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-python\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-ruby\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-runtime\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-tcl\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-tiny\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"vim\", reference:\"1:7.1.314-3+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:18", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0580 :\n\nUpdated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the vi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2008-0580.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67722", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : vim (ELSA-2008-0580)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0580 and \n# Oracle Linux Security Advisory ELSA-2008-0580 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67722);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-6235\");\n script_bugtraq_id(25095);\n script_xref(name:\"RHSA\", value:\"2008:0580\");\n\n script_name(english:\"Oracle Linux 5 : vim (ELSA-2008-0580)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0580 :\n\nUpdated vim packages that fix security issues are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in\nproviding file reading and writing over the network. If a user opened\na specially crafted file or directory with the netrw plug-in, it could\nresult in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim\nplug-in, it could result in arbitrary code execution as the user\nrunning Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles\nTAR archive browsing. If a user opened a TAR archive using the tar.vim\nplug-in, it could result in arbitrary code execution as the user\nrunnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-November/000812.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 78, 94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"vim-X11-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"vim-common-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"vim-enhanced-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"vim-minimal-7.0.109-4.el5_2.4z\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim-X11 / vim-common / vim-enhanced / vim-minimal\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:21", "bulletinFamily": "scanner", "description": "Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the vi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "modified": "2018-11-27T00:00:00", "id": "REDHAT-RHSA-2008-0580.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34953", "published": "2008-11-25T00:00:00", "title": "RHEL 5 : vim (RHSA-2008:0580)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0580. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34953);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-6235\");\n script_bugtraq_id(25095);\n script_xref(name:\"RHSA\", value:\"2008:0580\");\n\n script_name(english:\"RHEL 5 : vim (RHSA-2008:0580)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vim packages that fix security issues are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in\nproviding file reading and writing over the network. If a user opened\na specially crafted file or directory with the netrw plug-in, it could\nresult in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim\nplug-in, it could result in arbitrary code execution as the user\nrunning Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles\nTAR archive browsing. If a user opened a TAR archive using the tar.vim\nplug-in, it could result in arbitrary code execution as the user\nrunnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-6235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0580\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 78, 94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0580\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"vim-X11-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"vim-X11-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"vim-X11-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"vim-common-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"vim-common-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"vim-common-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"vim-enhanced-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"vim-enhanced-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"vim-enhanced-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"vim-minimal-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"vim-minimal-7.0.109-4.el5_2.4z\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"vim-minimal-7.0.109-4.el5_2.4z\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim-X11 / vim-common / vim-enhanced / vim-minimal\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:07", "bulletinFamily": "scanner", "description": "Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)\n\nSL3 and SL4 Only: A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432)\n\nSL5 Only: Multiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nSL5 Only: A security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075)\n\nSL5 Only: A security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H&auml;rnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953)", "modified": "2019-01-07T00:00:00", "id": "SL_20081125_VIM_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60500", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : vim on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60500);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/01/07 9:52:18\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-3432\", \"CVE-2008-4101\");\n\n script_name(english:\"Scientific Linux Security Update : vim on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nSL3 and SL4 Only: A heap-based overflow flaw was discovered in Vim's\nexpansion of file name patterns with shell wildcards. An attacker\ncould create a specially crafted file or directory name that, when\nopened by Vim, caused the application to crash or, possibly, execute\narbitrary code. (CVE-2008-3432)\n\nSL5 Only: Multiple security flaws were found in netrw.vim, the Vim\nplug-in providing file reading and writing over the network. If a user\nopened a specially crafted file or directory with the netrw plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nSL5 Only: A security flaw was found in zip.vim, the Vim plug-in that\nhandles ZIP archive browsing. If a user opened a ZIP archive using the\nzip.vim plug-in, it could result in arbitrary code execution as the\nuser running Vim. (CVE-2008-3075)\n\nSL5 Only: A security flaw was found in tar.vim, the Vim plug-in which\nhandles TAR archive browsing. If a user opened a TAR archive using the\ntar.vim plug-in, it could result in arbitrary code execution as the\nuser runnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H&auml;rnhammar, of Secunia Research, discovered a format string\nflaw in Vim's help tag processor. If a user was tricked into executing\nthe 'helptags' command on malicious data, arbitrary code could be\nexecuted with the permissions of the user running Vim. (CVE-2007-2953)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0811&L=scientific-linux-errata&T=0&P=1936\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ee91c3b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 78, 94, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"vim-X11-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"vim-common-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"vim-enhanced-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"vim-minimal-6.3.046-0.30E.11\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"vim-X11-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"vim-common-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"vim-enhanced-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"vim-minimal-6.3.046-1.el4_7.5z\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"vim-X11-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"vim-common-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"vim-enhanced-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"vim-minimal-7.0.109-4.el5_2.4z\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:53", "bulletinFamily": "scanner", "description": "Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the vi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2008-0580.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43697", "published": "2010-01-06T00:00:00", "title": "CentOS 5 : vim (CESA-2008:0580)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0580 and \n# CentOS Errata and Security Advisory 2008:0580 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43697);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\", \"CVE-2008-6235\");\n script_bugtraq_id(25095);\n script_xref(name:\"RHSA\", value:\"2008:0580\");\n\n script_name(english:\"CentOS 5 : vim (CESA-2008:0580)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vim packages that fix security issues are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in\nproviding file reading and writing over the network. If a user opened\na specially crafted file or directory with the netrw plug-in, it could\nresult in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim\nplug-in, it could result in arbitrary code execution as the user\nrunning Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles\nTAR archive browsing. If a user opened a TAR archive using the tar.vim\nplug-in, it could result in arbitrary code execution as the user\nrunnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015453.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab334c2c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015454.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?928c4900\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 78, 94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"vim-X11-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"vim-common-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"vim-enhanced-7.0.109-4.el5_2.4z\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"vim-minimal-7.0.109-4.el5_2.4z\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:26", "bulletinFamily": "scanner", "description": "The VI Improved editor (vim) received bugfixes for some code execution problems.\n\n - Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed. (CVE-2008-2712)\n\n - Arbitrary code execution when pressing K, ctrl-] or g] depending on the text under the cursor. (CVE-2008-4101)\n\n - The netrw plugin sent credentials to all servers.\n (CVE-2008-4677)", "modified": "2018-11-15T00:00:00", "id": "SUSE9_12360.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41283", "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : ViM (YOU Patch Number 12360)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41283);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n\n script_name(english:\"SuSE9 Security Update : ViM (YOU Patch Number 12360)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The VI Improved editor (vim) received bugfixes for some code execution\nproblems.\n\n - Arbitrary code execution in vim helper plugins\n filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw\n were fixed. (CVE-2008-2712)\n\n - Arbitrary code execution when pressing K, ctrl-] or g]\n depending on the text under the cursor. (CVE-2008-4101)\n\n - The netrw plugin sent credentials to all servers.\n (CVE-2008-4677)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2712.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2008-4677/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12360.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"gvim-6.2-235.8\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"vim-6.2-235.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:32", "bulletinFamily": "scanner", "description": "The VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin", "modified": "2016-12-22T00:00:00", "id": "SUSE_GVIM-6023.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35921", "published": "2009-03-13T00:00:00", "title": "openSUSE 10 Security Update : gvim (gvim-6023)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gvim-6023.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35921);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:46 $\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4677\", \"CVE-2008-6235\", \"CVE-2009-0316\");\n\n script_name(english:\"openSUSE 10 Security Update : gvim (gvim-6023)\");\n script_summary(english:\"Check for the gvim-6023 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The VI Improved editor (vim) was updated to version 7.2.108 to fix\nvarious security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the\ncurrent directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins\nfiletype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code\ninjection CVE-2008-3076: several netrw bugs, code injection\nCVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gvim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gvim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"gvim-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"vim-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"vim-base-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"vim-data-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"vim-enhanced-7.2-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:10", "bulletinFamily": "scanner", "description": "The VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin", "modified": "2016-12-21T00:00:00", "id": "SUSE_11_1_GVIM-090225.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40230", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : gvim (gvim-561)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gvim-561.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40230);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:51 $\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4677\", \"CVE-2008-6235\", \"CVE-2009-0316\");\n\n script_name(english:\"openSUSE Security Update : gvim (gvim-561)\");\n script_summary(english:\"Check for the gvim-561 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The VI Improved editor (vim) was updated to version 7.2.108 to fix\nvarious security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the\ncurrent directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins\nfiletype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code\ninjection CVE-2008-3076: several netrw bugs, code injection\nCVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=406693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=436755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=439148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=457098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=465255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=470100\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gvim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gvim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"gvim-7.2-7.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"vim-7.2-7.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"vim-base-7.2-7.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"vim-data-7.2-7.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"vim-enhanced-7.2-7.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:05", "bulletinFamily": "scanner", "description": "The VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin", "modified": "2016-12-21T00:00:00", "id": "SUSE_11_0_GVIM-090225.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39980", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : gvim (gvim-561)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gvim-561.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39980);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:49 $\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4677\", \"CVE-2008-6235\", \"CVE-2009-0316\");\n\n script_name(english:\"openSUSE Security Update : gvim (gvim-561)\");\n script_summary(english:\"Check for the gvim-561 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The VI Improved editor (vim) was updated to version 7.2.108 to fix\nvarious security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the\ncurrent directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins\nfiletype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code\ninjection CVE-2008-3076: several netrw bugs, code injection\nCVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=406693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=436755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=439148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=457098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=465255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=470100\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gvim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 78, 94, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gvim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"gvim-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"vim-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"vim-base-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"vim-data-7.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"vim-enhanced-7.2-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:21", "bulletinFamily": "scanner", "description": "Updated vim packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the vi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "modified": "2018-11-27T00:00:00", "id": "REDHAT-RHSA-2008-0617.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34954", "published": "2008-11-25T00:00:00", "title": "RHEL 3 / 4 : vim (RHSA-2008:0617)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0617. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34954);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3432\", \"CVE-2008-4101\");\n script_xref(name:\"RHSA\", value:\"2008:0617\");\n\n script_name(english:\"RHEL 3 / 4 : vim (RHSA-2008:0617)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0617\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0617\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"vim-X11-6.3.046-0.30E.11\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"vim-common-6.3.046-0.30E.11\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"vim-enhanced-6.3.046-0.30E.11\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"vim-minimal-6.3.046-0.30E.11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-X11-6.3.046-1.el4_7.5z\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-common-6.3.046-1.el4_7.5z\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-enhanced-6.3.046-1.el4_7.5z\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-minimal-6.3.046-1.el4_7.5z\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim-X11 / vim-common / vim-enhanced / vim-minimal\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2019-05-29T18:09:28", "bulletinFamily": "NVD", "description": "autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating \"I'm assuming that they're using the same id and password on that unchanged hostname, deliberately.\"", "modified": "2017-08-08T01:32:00", "id": "CVE-2008-4677", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4677", "published": "2008-10-22T18:00:00", "title": "CVE-2008-4677", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:09:00", "bulletinFamily": "NVD", "description": "Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.", "modified": "2018-10-16T16:46:00", "id": "CVE-2007-2953", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2953", "published": "2007-07-31T10:17:00", "title": "CVE-2007-2953", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:09:27", "bulletinFamily": "NVD", "description": "Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via \"partial file list requests\" that trigger a NULL pointer dereference.", "modified": "2017-08-08T01:31:00", "id": "CVE-2008-2953", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2953", "published": "2008-07-01T22:41:00", "title": "CVE-2008-2953", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:09:26", "bulletinFamily": "NVD", "description": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.", "modified": "2018-11-01T15:07:00", "id": "CVE-2008-2712", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2712", "published": "2008-06-16T21:41:00", "title": "CVE-2008-2712", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:09:28", "bulletinFamily": "NVD", "description": "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.\nMust have a valid e-mail address to access the patch on the \"google groups\" link.", "modified": "2018-10-11T20:50:00", "id": "CVE-2008-4101", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4101", "published": "2008-09-18T17:59:00", "title": "CVE-2008-4101", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:09:27", "bulletinFamily": "NVD", "description": "The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.", "modified": "2017-08-08T01:31:00", "id": "CVE-2008-3076", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3076", "published": "2009-02-21T22:30:00", "title": "CVE-2008-3076", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:09:27", "bulletinFamily": "NVD", "description": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.", "modified": "2017-09-29T01:31:00", "id": "CVE-2008-3074", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3074", "published": "2009-02-21T22:30:00", "title": "CVE-2008-3074", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:09:27", "bulletinFamily": "NVD", "description": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.", "modified": "2017-09-29T01:31:00", "id": "CVE-2008-3075", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3075", "published": "2009-02-21T22:30:00", "title": "CVE-2008-3075", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:00", "bulletinFamily": "unix", "description": "[7.0.109-4.4z]\n- fix netrw\n[7.0.109-4.3z]\n- fixes CVE-2008-3074 (tar plugin)\n- fixes CVE-2008-3075 (zip plugin)\n- fixes CVE-2008-3076 (netrw plugin)\n- fixes CVE-2008-4101 (keyword and tag lookup)\n[7.0.109-4.2z]\n- fix some issues with netrw and remote file editing caused by\n the CVE-2008-2712 patch\n[7.0.109-4.1z]\n- more fixes for CVE-2008-2712\n[7.0.109-4.z]\n- fix release\n[7.0.109-3.1z]\n- rebuild for z stream\n[7.0.109-3.6]\n- re-enable debuginfo\n[7.0.109-3.5]\n- update netrw files for CVE-2008-2712\n[7.0.109-3.4]\n- add fixes for CVE-2007-2953 and CVE-2008-2712", "modified": "2008-11-25T00:00:00", "published": "2008-11-25T00:00:00", "id": "ELSA-2008-0580", "href": "http://linux.oracle.com/errata/ELSA-2008-0580.html", "title": "vim security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:38", "bulletinFamily": "unix", "description": "[6.3.046-1.el4_7.5z ]\n- remove duplicate vimtutor manpage\n[6.3.046-1.el4_7.4z ]\n- fix netrw\n[6.3.046-1.el4_7.3z ]\n- add fix for CVE-2008-4101\n[6.3.046-1.el4_6.2z]\n- don't add empty line when editing files with netrw\n[6.3.046-1.el4_6.1z]\n- fix erroneous quoting in CVE-2008-2712 patch\n[6.3.046-1.el4_6.z]\n- add fix for CVE-2007-2953\n- add fixes for CVE-2008-2712\n- add fix for incorrect computation of memory requirements for buffer", "modified": "2008-11-25T00:00:00", "published": "2008-11-25T00:00:00", "id": "ELSA-2008-0617", "href": "http://linux.oracle.com/errata/ELSA-2008-0617.html", "title": "vim security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:21:51", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1733 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nMarch 03, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : vim\nVulnerability : several vulnerabilities\nProblem type : local (remote)\nDebian-specific: no\nCVE Ids : CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-3076\n CVE-2008-4104\nDebian Bugs : 486502 506919\n\nSeveral vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2008-2712\n\n Jan Minar discovered that vim did not properly sanitise inputs\n before invoking the execute or system functions inside vim\n scripts. This could lead to the execution of arbitrary code.\n\nCVE-2008-3074\n\n Jan Minar discovered that the tar plugin of vim did not properly\n sanitise the filenames in the tar archive or the name of the\n archive file itself, making it prone to arbitrary code execution.\n\nCVE-2008-3075\n\n Jan Minar discovered that the zip plugin of vim did not properly\n sanitise the filenames in the zip archive or the name of the\n archive file itself, making it prone to arbitrary code execution.\n\nCVE-2008-3076\n\n Jan Minar discovered that the netrw plugin of vim did not properly\n sanitise the filenames or directory names it is given. This could\n lead to the execution of arbitrary code.\n\nCVE-2008-4101\n\n Ben Schmidt discovered that vim did not properly escape characters\n when performing keyword or tag lookups. This could lead to the\n execution of arbitrary code.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1:7.1.314-3+lenny1, which was already included in the lenny\nrelease.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 1:7.0-122+1etch4.\n\nFor the testing distribution (squeeze), these problems have been fixed\nin version 1:7.1.314-3+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:7.2.010-1.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0.orig.tar.gz\n Size/MD5 checksum: 8457888 9ba05680b0719462f653e82720599f32\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.diff.gz\n Size/MD5 checksum: 309257 3fb68c04086cf384e9a0be519a0faa6d\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.dsc\n Size/MD5 checksum: 1445 f49da047b6b5836abfe2d7d93d30d11d\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/v/vim/vim-gui-common_7.0-122+1etch5_all.deb\n Size/MD5 checksum: 166080 77259d158e96c1406dba1f1b4b47a2d2\n http://security.debian.org/pool/updates/main/v/vim/vim-runtime_7.0-122+1etch5_all.deb\n Size/MD5 checksum: 6436142 3e7fee588474fbc9ad1110ae78cdffb5\n http://security.debian.org/pool/updates/main/v/vim/vim-doc_7.0-122+1etch5_all.deb\n Size/MD5 checksum: 2048224 d5005e3efc24d3d7bd3d6a9c7b01cc42\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1072856 8193230db603c1254188fc2013288c55\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1158448 6ceb30fd5932d2945b962dee13d4f4cf\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 925404 23d8b9608aaf47fe3a651aedd3b3c3ce\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 205362 0c7fb486c98a609ac9185c2a794c4ef8\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1065236 90a42e55852d6450cbd79b10a2dd9582\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1080626 973d5e77cf259e3025fb73d9e5734e51\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1124104 59ef34ed09e3f8e1d2d01c7a419dd15f\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 681132 4dd97b0d70f400ce31e75a7c005103fc\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1069628 9a8757df139e529a7f04edaa015c0db4\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1118000 5553bc93d68daa7010bd2b439603a805\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1129778 7c68287a63f92c85bbe7c451e0cd79db\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 970296 adb9326145046a8517f29430d9185356\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 1024798 474fc78e7e8d1baefbfbbb3b803c4593\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 615478 70ac9e55bb99b0e1b5d22f105e099ce0\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 1019868 97ecb9505f3497309aeff9c821da7451\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 1029122 0b446946ede11c6bd0acca6c701f7043\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 961786 6d0d2f78b0111b1b996fabec5b697230\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 835050 3cfcc7270baad54009293a3aacb1587a\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 972692 71f4f5e25b0962058740ba4d718b7ee0\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 203924 5c46591877f80de331011eb2fc8922e2\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 1055448 750e596ed6bf61bd0c369834577d0760\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 977848 70898b3a8793165593e2279df412847d\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 880468 e49632c4a2368c7caf5321e1d501f5d2\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 959492 8f06863583aa9d8de9e0bae69bdb22ec\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 194216 9f1a19f592d16ee5984e70309fd3046e\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 936934 a32d6e6c4c655469db40537d5e67ed46\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 925570 7ec6e1bd4de8d545fdd452b630ef4200\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 875960 d40a82f95a046771e12158c715394b44\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 548658 b65534d4f507d17343338b209fb4a7ef\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 930386 db9786b5c368e0f7d0c85137720ac265\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 885960 f0a44d7da770bc2c28dd18ac48fcc5f0\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 878132 8afa2754690619255e62c685ecbd7384\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 756278 7d66f29205b21154a9ef1a4cd544b2f1\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 918284 2dbb674af6d8fb2906bd7ed6fec1dd95\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 215990 07fc4b6106d1316c92338aa5c5645a2f\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 540652 9c15ac5b85c605011d1b0ab4b13b0269\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 947842 cd7147610def6f6aebfc8ddd14a1f7ed\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 914094 0273374e2bba8706ac12ee449c1835e3\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 866124 00dd2547963789615b71b0f0fb291eb9\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 868326 3f04461e4f0414368fe60e0f4085d28c\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 873570 dae9ebb6f4e2cd0c3d82e5e547dd1957\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 860292 467ce64f0171f10ac4149e5716f651da\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 745560 ade89928c860c4990ec6e202a294f0c8\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 924858 1942cedccbe124303b4ad0f7c650f0c6\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1591938 aaa5a72cfdacb3c3d2574390902bcfa2\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1523258 08f9a82ec68f452e1701f11b9c20d0e3\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1530006 9b77cd0ec49c8519d0c1af0914092260\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1538210 3dbde934956291182e5bf61157a80b44\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1575130 e328ca048ee883dba500128a2a06fc88\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1525510 e3736c90e105fa354c691546bec3922b\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1325622 693a3412efd63e8ac0d975b4fcae3ac5\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1627904 90ca86e74caf9c0367c20b32eb9d42b3\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 970874 2dccfb8e2287cd9e6285545e43dac87a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1585804 06a43c2668bf468ffe521880cc497518\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 184650 516d8eddce4e6628e8b6ee32f55ce2aa\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1061694 a2e9b2bc8f31cf878805dbc1babd4074\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1027336 d86f7c3fab9143c1c93d82b3762f8c0d\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 215734 c23239c8579e53a4277325a048567e75\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1021942 d75231c3c7950785df8f52680e28c956\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1029478 e74670d4918287fb3d05436419b7f5a9\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1037498 ac41c65a077d84f0f5405356d0b52ef1\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 654740 994339f109e5db97079633b5249bd8d2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1034390 2c4337c763ea13a11e13b711c25313b5\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1033336 eb70a508dd3a9f30f31a87c4a2266959\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1024984 8d99fbb2712f791c3a0989929cf3f0a4\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 884306 7aeb2418d5366493e09306cb0dff0080\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 884962 b58372db99660ff0e4f547b3c66335e2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1034202 0622c0fac8ee51c7dd403a2d3a709f1f\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1024616 fa6a91224476aadab8e9086031c93843\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 655488 9ecdf0e56665da0aff429e23e9c0cb85\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1061362 accba14e8f0043ef3a0b9be85ae481cd\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 181736 5ba79db87623562481162cbac53ec2b6\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1037954 28979a474d512ec1abfb33a598b524c7\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1026874 5c10e35e281ec28eecc36b8fa80ef0d7\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1032800 75be0356398f5a88e836eafccdf11154\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1029056 0a13b0913667d03e2d3875611498c54c\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1022658 18d03119dc62eaca237a2513cba2c0ca\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 996154 f3c3d5660dd3e5e7fdb325a1f9ee80f3\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 1019842 f626233054124e014d335722e6b7b1f5\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 592366 e4bd0cbf615c36476bff4979d0987393\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 936024 be64d238a9cbf4d938999472026fde89\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 808854 7dfff56d11567d2dabafa290618b5e18\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 990262 6114d3fcd53521a8c2cd317d586b6fcd\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 933488 503e433ae6fd737f2b3ae48698e8e671\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 985094 28babdde5091f90ae7b64f6e33c6c50f\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 943596 3beb1be6cde901814742b33ee4973142\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 181648 b71e88d76eacbfa861c24c6c21881f66\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 938174 3a729f2922d8e84b222947a18bc6ace3\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1023236 1ee38cca410e5bd069a72a325fd8147e\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1019258 e1f6cae1e293d3cb212ff17dd7beb264\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1049408 4b1f42bb092f9dd62d7324e430a1a88e\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 825560 2b8b69171c45094c184e357b1a6a7336\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 955228 ceea2d07ea609414724aeedae57a3a0a\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 965878 824e5bfdcc9a8ed7ee54e4553c9461f8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 971822 194d010d7aea2f2c47075b6f205de0c1\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 963294 a7636d870a3bc1de7fc8248d35c74cf3\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 610092 6762beafb4e7376087c4f8962d1521f6\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 181488 00d25451b3c22213bf5eb807a6d4a75f\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1013748 598ccccd6f90df0ca7bedd5ec1d136c7\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 881430 2688537934012af957695fea329b48a1\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 545376 1ea2967048cd369cc870441f5caeb1b1\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 867886 f663757c3929af6b241a91efa07a626a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 928250 9c0199efd36a47c6d05861af5e04ff02\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 874108 4d351161d497905352ac6ef1dcabfc9e\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 934390 2151ef35c9424c90850c579f90effce4\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 874100 c05ccf6f4ffb15037cfd794647848617\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 204512 1e3590447f3f0804e9fe27ea61959b31\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 876370 1782507a950cbb17519d768f5655278a\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 751910 582313f03a36980fab96074ee218c0eb\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 952632 31875cb1a0037cf8923e7eda269ead80\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\nze/MD5 checksum: 970874 2dccfb8e2287cd9e6285545e43dac87a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1585804 06a43c2668bf468ffe521880cc497518\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 184650 516d8eddce4e6628e8b6ee32f55ce2aa\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1061694 a2e9b2bc8f31cf878805dbc1babd4074\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1027336 d86f7c3fab9143c1c93d82b3762f8c0d\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 215734 c23239c8579e53a4277325a048567e75\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1021942 d75231c3c7950785df8f52680e28c956\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1029478 e74670d4918287fb3d05436419b7f5a9\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1037498 ac41c65a077d84f0f5405356d0b52ef1\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 654740 994339f109e5db97079633b5249bd8d2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1034390 2c4337c763ea13a11e13b711c25313b5\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1033336 eb70a508dd3a9f30f31a87c4a2266959\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1024984 8d99fbb2712f791c3a0989929cf3f0a4\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 884306 7aeb2418d5366493e09306cb0dff0080\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 884962 b58372db99660ff0e4f547b3c66335e2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1034202 0622c0fac8ee51c7dd403a2d3a709f1f\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1024616 fa6a91224476aadab8e9086031c93843\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 655488 9ecdf0e56665da0aff429e23e9c0cb85\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1061362 accba14e8f0043ef3a0b9be85ae481cd\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 181736 5ba79db87623562481162cbac53ec2b6\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1037954 28979a474d512ec1abfb33a598b524c7\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1026874 5c10e35e281ec28eecc36b8fa80ef0d7\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1032800 75be0356398f5a88e836eafccdf11154\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1029056 0a13b0913667d03e2d3875611498c54c\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1022658 18d03119dc62eaca237a2513cba2c0ca\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 996154 f3c3d5660dd3e5e7fdb325a1f9ee80f3\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 1019842 f626233054124e014d335722e6b7b1f5\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 592366 e4bd0cbf615c36476bff4979d0987393\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 936024 be64d238a9cbf4d938999472026fde89\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 808854 7dfff56d11567d2dabafa290618b5e18\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 990262 6114d3fcd53521a8c2cd317d586b6fcd\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 933488 503e433ae6fd737f2b3ae48698e8e671\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 985094 28babdde5091f90ae7b64f6e33c6c50f\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 943596 3beb1be6cde901814742b33ee4973142\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 181648 b71e88d76eacbfa861c24c6c21881f66\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 938174 3a729f2922d8e84b222947a18bc6ace3\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1023236 1ee38cca410e5bd069a72a325fd8147e\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1019258 e1f6cae1e293d3cb212ff17dd7beb264\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1049408 4b1f42bb092f9dd62d7324e430a1a88e\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 825560 2b8b69171c45094c184e357b1a6a7336\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 955228 ceea2d07ea609414724aeedae57a3a0a\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 965878 824e5bfdcc9a8ed7ee54e4553c9461f8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 971822 194d010d7aea2f2c47075b6f205de0c1\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 963294 a7636d870a3bc1de7fc8248d35c74cf3\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 610092 6762beafb4e7376087c4f8962d1521f6\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 181488 00d25451b3c22213bf5eb807a6d4a75f\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1013748 598ccccd6f90df0ca7bedd5ec1d136c7\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 881430 2688537934012af957695fea329b48a1\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 545376 1ea2967048cd369cc870441f5caeb1b1\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 867886 f663757c3929af6b241a91efa07a626a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 928250 9c0199efd36a47c6d05861af5e04ff02\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 874108 4d351161d497905352ac6ef1dcabfc9e\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 934390 2151ef35c9424c90850c579f90effce4\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 874100 c05ccf6f4ffb15037cfd794647848617\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 204512 1e3590447f3f0804e9fe27ea61959b31\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 876370 1782507a950cbb17519d768f5655278a\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 751910 582313f03a36980fab96074ee218c0eb\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 952632 31875cb1a0037cf8923e7eda269ead80\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2009-03-03T08:35:17", "published": "2009-03-03T08:35:17", "id": "DEBIAN:DSA-1733-1:0AD7D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00043.html", "title": "[SECURITY] [DSA 1733-1] New vim packages fix multiple vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:48", "bulletinFamily": "unix", "description": "Norbert Tretkowski uploaded new packages for vim which fixed the\nfollowing security problems:\n\nCVE-2008-4101, Debian Bug #500381\n\n Vim 3.0 through 7.x before 7.2.010 does not properly escape\n characters, which allows user-assisted attackers to (1) execute\n arbitrary shell commands by entering a K keystroke on a line that\n contains a &quot;;&quot; (semicolon) followed by a command, or execute arbitrary\n Ex commands by entering an argument after a (2) &quot;Ctrl-]&quot; (control\n close-square-bracket) or (3) &quot;g]&quot; (g close-square-bracket) keystroke\n sequence, a different issue than CVE-2008-2712.\n\nFor the etch-backports distribution the problems have been fixed in\nversion 1:7.1.314-3+lenny2~bpo40+2.\n\nFor the lenny distribution the problems have been fixed in version\n1:7.1.314-3+lenny2.\n\nFor the sid distribution the problems have been fixed in version\n2:7.2.049-1.\n\nUpgrade instructions\n--------------------\n\nIf you don&#x27;t use pinning (see [1]) you have to update the packages\nmanually via &quot;apt-get -t etch-backports install &lt;packagelist&gt;&quot; with the\npackagelist of your installed packages affected by this update.\n[1] &lt;http://backports.org/dokuwiki/doku.php?id=instructions&gt;\n\nWe recommend to pin the backports repository to 200 so that new versions\nof installed backports will be installed automatically:\n\n Package: *\n Pin: release a=etch-backports\n Pin-Priority: 200\n", "modified": "2008-11-29T10:05:18", "published": "2008-11-29T10:05:18", "id": "DEBIAN:39911521BDD8B510D11191B007C5C80B:928A4", "href": "https://lists.debian.org/debian-backports-announce/2008/debian-backports-announce-200811/msg00004.html", "title": "[Backports-security-announce] Security Update for vim", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:46", "bulletinFamily": "unix", "description": "- - --------------------------------------------------------------------------\nDebian Security Advisory DSA 1364-2 security@debian.org\nhttp://www.debian.org/security/ dann frazier\nSeptember 19th, 2007 http://www.debian.org/security/faq\n- - --------------------------------------------------------------------------\n\nPackage : vim\nVulnerability : several\nProblem-Type : local(remote)\nDebian-specific: no\nCVE ID : CVE-2007-2438 CVE-2007-2953\n\nSeveral vulnerabilities have been discovered in the vim editor. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-2953\n\n Ulf Harnhammar discovered that a format string flaw in helptags_one() from\n src/ex_cmds.c (triggered through the &quot;helptags&quot; command) can lead to the\n execution of arbitrary code.\n\nCVE-2007-2438\n\n Editors often provide a way to embed editor configuration commands (aka\n modelines) which are executed once a file is opened. Harmful commands\n are filtered by a sandbox mechanism. It was discovered that function\n calls to writefile(), feedkeys() and system() were not filtered, allowing\n shell command execution with a carefully crafted file opened in vim.\n\nThis updated advisory repairs issues with missing files in the packages\nfor the oldstable distribution (sarge) for the alpha, mips, and mipsel\narchitectures.\n\nFor the oldstable distribution (sarge) these problems have been fixed in\nversion 6.3-071+1sarge2. Sarge is not affected by CVE-2007-2438.\n\nFor the stable distribution (etch) these problems have been fixed\nin version 7.0-122+1etch3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 7.1-056+1.\n\nWe recommend that you upgrade your vim packages.\n\n\nUpgrade Instructions\n- - --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- - --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2.dsc\n Size/MD5 checksum: 1376 a447ab6dba1d93c924841af4234e0f5b\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2.diff.gz\n Size/MD5 checksum: 262331 96005f014eb64ad9e9056daf0f578582\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3.orig.tar.gz\n Size/MD5 checksum: 5624622 de1c964ceedbc13538da87d2d73fd117\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/v/vim/vim-common_6.3-071+1sarge2_all.deb\n Size/MD5 checksum: 3424544 bd11013f7a21dfa3b6ba0c819eec5cc6\n http://security.debian.org/pool/updates/main/v/vim/vim-doc_6.3-071+1sarge2_all.deb\n Size/MD5 checksum: 1649542 d7d8c03c0c8247a253dbb261fa40d983\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 897132 9b1b19c22a65bd4046684a603ea60146\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 987420 0f50e5570e94d0d24544770ffe0cf4f6\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 945902 9a583b7323e9907362cd4a5b5dd9054d\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 942798 70d57f86db028310f41981c4a7b108a1\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 882500 d7a02c364f09a4ae502b3cc9180b83b4\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 959276 4895da0a62b9adf22868d7917bb5974e\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 954374 5e43d44823c54f75d58dd920b84675c5\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 949052 2df101622632733db64ffb1a1be758e3\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 953728 f36fba9f17e9364f87fe3fc9baab286a\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 770114 6f1818ee5504c2b0a5e52ee8d41b1806\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 835450 950d2cc4f3dcbcb68bc9cf4283c33a33\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 797578 b284afa4fbc6deefda4e9e19ec46b1fe\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 795738 42372daac77df050d9d1a74226983972\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 736592 31e8cf65b1b7823641fb52b4de53dcfe\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 811434 3437e18e0dc9937fdec1ef2072895514\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 804926 53dd0076c07ea4bf6364abe1958e2160\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 799562 f9250a0b1256f1128986b41b483a4987\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 803722 f1e30ddf2b099448f8ed5058e0f3bef3\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 709024 a64946a72763ad6b703e446fe6a9ca8d\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 751764 2e1cc6ebdd372b78cda2f45da7344174\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 721944 44eabc81987efaec119cb564666a4b9a\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 719804 faf0821907791bc2558fc219416f445e\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 666224 b253c4fd98096052d07837174b5eae0b\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 731208 eadac82633345310e2556342a3d46a35\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 728042 1f9ed1e8bf41c8ea2c9fc3f4c5f3bc5b\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 723684 b95cd8f5e1c195d0b3c37de83a5a12cf\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 727856 c11561ac9aed6643f3edb973bdb35d87\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 797728 42b4f8c954d175ebef7538898cc18d01\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 862256 a637b52561f6d583f45f872064a1a899\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 824062 9b729c5c15e0b333fb245c543b35e188\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 822512 5139fb4205cc906080b1c78ed182bd31\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 765832 95d9c8e471c933e24de608f247d144fc\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 839224 837367925278355e6b2c6ab630661d97\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 830334 72fddfaecc1a3a621aac0b3d18728a65\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 826156 a832d560505158baa9ba8e2786d5c618\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 829102 948a745fa8344f1abb91f2db29731083\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 707422 bdccbc7d258dd54fda33fb650295e3cb\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 751260 30b45eb2dff9a7e8bfc893c6b5935bd6\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 717218 752630da7e5de6a4f83879038034c389\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 715366 cce7b0daa7da37655daba6ae7dd8994c\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 658294 73a84d3b0ca46499e5f3fc0fc186da18\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 730404 5632f3d97585c49cb6840f50eda67277\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 723092 9cdc1bd22d2c4945b42cfec3b8b3975f\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 718774 6d7099123fa130b800241aebbb9f0caf\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 722640 b5a8120adf8c08dbda532b61f6b21f10\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1091544 23059c89097a6d0549aaf0b896bbacb9\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1218936 420d7b019203c522af5e7fac02043405\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1169110 b03c8a05081d68c8313546a69fd1a5d7\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1166198 6461bde6a2d7f07865511d9af847f01f\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1104294 f6221a32ace9089991ea931b3de8d232\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1186082 144ffe06d52b65dcc9286a8b5c6bf3de\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1179320 1b637742c52df8a3a8a1f13688234f2c\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1172712 07597847bb95660cc8bb958c1ae4a0a3\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1178422 7de3bb540eddf5e9a4c9722970f27219\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 626270 a0214d151ca2d78c1586247ab2b4ce04\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 661418 7f1dd1e45d4ff01c99781c246b26563a\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 632364 b472eca7b2f3fac22af7f1a519a32e70\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 629680 64e0a57a01e16dc786df1798aff77a20\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 569728 d75b6d7f67ba573039537fa5cb1eb648\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 641228 a41b74e330b63c628c5e9a28d203d07f\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 637936 a19e651b3d58c6376bbd1f3f3cff1f02\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 634052 013ee9b71eb4fae12f71273ff07be3a3\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 637240 053b6be9b465e0343caa42421b3e33d9\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 804754 4d8f61ed130b75772482f479a1d9cff9\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 827264 fe92f3eb536322e85e0f452b451b61e8\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 794380 fd72c6c8a88c56c2226f7b941ba8e29d\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 792016 da8e18aff7c3ac23cd18acc520b82f43\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 775734 7bd89d4f1be4032229dd1d2997b78161\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 804340 42a7784506ff0369e4167aac1463d074\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 800954 ed02142c8517259808e506d7934b29cc\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 796498 43dfd14336979f6aef7f0631e9270d9d\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 800322 f076bc2c9bfc18a5f6b066563cfc36ed\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 804022 7513e0c595dd312b00e3de2037d9c228\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 824768 991a78d34b650939dcd216b63707f7f6\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 792500 8cb1380cadfc7bceaed2e95bbdd18e7a\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 790502 e1aab272cc788a95321d2df1d3c76aaa\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 774260 85f304142778b8df0cea494ca0fcb103\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 803032 072776667880c6e7fb4271a6fe8ab2ae\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 799446 2aa8f6a37b92c38f368acfc87feeb066\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 794366 3aec7268d2c0bcae8ce58f0cc9401053\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 798978 5e6a20215c16873bfa874e997d91192c\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 759356 13ed418d17004f655fb909e17b48c01c\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 817014 4cdc2957622d50028cca8cc127477919\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 782218 addb6819008a2acd11b0d910cbf90812\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 779576 e1aa5d5e50514beede939bbf613f9573\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 722836 b253da2ab0fa24b76dfec7289d294489\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 794672 a007815fddaaa33294f4cd3cc684f706\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 788202 b054d92d2a1d28ec742e2578724ff001\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 783176 ed5eff7ae2b07a23aa2d5b4f39d0d8ac\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 787486 f719be5b8a23817e782d8727da069c2f\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 759782 d36357c298b983814c800393e6af36ba\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 823480 4409efbc21f8ce4989277362e07cb487\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 787324 35484fc15941afb5d87af0055600d004\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 785422 b5d30076a6c003394b1b9689815bc9b4\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 725148 b753f1ea8c440415e496eb11f5e6dbf6\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 799122 28fe549b2ce837f8a48cb87b23466fc2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 794392 b3c2143d7683153d0781b8ffa6be17bc\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 789992 922867fa0d00e427825b1b4462c4afdc\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 793446 aeeeaaacb2aac4ec55373bbae9e047ef\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 718092 7b38b9259ae34477316751f0937182ea\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 766730 8ceca9224d7dfdca9063412732f1674b\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 735378 263011dfef7ed30d142ff0815c6c47e0\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 732902 657b675db1010fe25105d879b8bfb055\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 675162 01a0fadd7dec8db2fc0d3c2f3d0fe7dd\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 747706 799f85b95188a79efd08013731e27ba9\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 741948 ed4b89247547949ecaa378491f15a253\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 732910 9522a5105a2df85bbddbd619708d32b8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 741266 a2125f24d77c66d4dc8c996eda034ea3\n\n\nDebian GNU/Linux 4.0 alias etch\n- - -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3.dsc\n Size/MD5 checksum: 1437 cbe01a52d42f25617a4e3609b91b327f\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3.diff.gz\n Size/MD5 checksum: 285021 acd1e7b91a1ec5e3417118045cd8bb2e\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0.orig.tar.gz\n Size/MD5 checksum: 8457888 9ba05680b0719462f653e82720599f32\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/v/vim/vim-doc_7.0-122+1etch3_all.deb\n Size/MD5 checksum: 2034356 c589a9ec2cd7c3c6f45f48ff58871c5a\n http://security.debian.org/pool/updates/main/v/vim/vim-gui-common_7.0-122+1etch3_all.deb\n Size/MD5 checksum: 142582 64ac83f818c9f9b3bbf40ca56b15b725\n http://security.debian.org/pool/updates/main/v/vim/vim-runtime_7.0-122+1etch3_all.deb\n Size/MD5 checksum: 6362332 b27f042fadc4507f2a4829b10e6949da\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 924554 7c97880188a942dd8004c38574a06abc\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 216888 43779cb2c41a18612ca5605af725dd39\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1157716 a7387c0a9e6d6965a233e5de083ad7fc\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1071764 eb2089973a4fd8bcab834877c5f69ed5\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1069008 f6ab9ab86fc57780c7b0b2955e7a1590\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1064496 d2fe6f9aea8163afdc48560ee79cd509\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1128986 6d8f705a3d633ea963ce9d87e75ead38\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1122926 75aad08a3e2ccc0f5bd721536776ea5a\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1117430 978f562ef76822bf45962e7a5d2153d8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1079936 297a2ebca14da82e03945ac81bd04ded\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 680548 9cdeb4858db17343f31ba9cd17f6459b\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 834328 4cbba20feadfa68377ff67675a4c1065\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 181304 d6f9467f1da363fbf906c9797a67a525\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1054656 9598e8e26449e4e538465be2db5bac1c\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 971766 4f7e30a43e5b681dc23bb200631be3f7\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 969634 7d6fda8144278db9cf45bc65711c97c3\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 960762 b8941221c06bbddab956831455ab82f0\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1028382 53e712db71e1471b409f602a4d7d67c2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1024172 db1d42537f44b67d85dbf39c4961fcd1\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1019020 7650bc71e0e37d438baf786f02ac17b4\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 977120 92f1609f8eac5e92d17cb684f3fc84a5\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 614862 aa69cd9c47ed91ecfcec33405ee04075\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 755728 ad7c9e4b7d273847e58a15c88df98959\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 205688 164775a380d89440340214da7b4a3642\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 958660 4a0aa9b3ec58c73bc4b70ba8afaecffa\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 879778 6e2189fc510512ae97d1a073a77382dd\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 877566 e8b302a17a1491c158a08f4ebee8b29e\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 875392 db68300757e444dba39fd0daf46fab55\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 936280 783c1b43454476ba693f59b866bf674b\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 929836 fcf9df82b675875fafa90067353eafed\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 925066 9df22d5447ac43eb30ad53271948bdc8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 885416 68a61a54144f50e462b077cc8ccac620\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 548004 7c5d5bd8218344e1bf0d800b2c31a368\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 853216 9b478b3e53591f85d1208ddf2dbbcf29\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 182704 c751747f9bd6d8c1472e6d08c6b99c3f\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1077024 5fc43be17710aa110ce0d4d117d97904\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 994026 e9f50b924fe2003a574302ac08a58fc3\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 991846 87ff64ebc51d0c0fd11382b6f5f3ee95\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 986002 a3f9dfadb27675d4e2b8d9dd7a01d320\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1051448 99cf3c6fb70dbb27f9eb5efab8b057db\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1044720 e964da5b5bfc45cfb9c397eb96b769c1\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1038782 30bfe377c9c08210f854f403cbb2f1ee\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 999840 5883ca862650908088dbd430017a5587\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 623636 08f30beec8283b0f2111a970f58f2ddc\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 745158 956ef68561a71a8eed0047175dfff9d5\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 181252 bdd2098b76d4885f28e1f6e3b7376b7d\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 947320 41be0b2741614c054fece73548cec703\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 868016 501208beae0375d1610e3cebfefcf542\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 865592 28876441af29051e315a3c1a8b71bcca\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 859848 20dcd46eb38f1b32e600dddc81b8e328\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 924264 8639573d18e103d6e816f9bacdc844ef\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 917972 8ecf10dd01bb07c53aab5782db738602\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 913800 55929d92c3b2d496ba95cb2e80da1d69\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 872952 eadd254febb55b2a69613ebc8d710774\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 540270 81c890f5348042c2060fea9bb8368279\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1324484 d757418a65efba71dce496c1708a6ab8\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 184408 45a8073e746b4f6499871ed736e343f5\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1626954 8c74de55c6c635fbd0a25b14aea908d8\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1529082 643da71ea312e65dae057d09533b596e\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1524362 b165440c7f2d84aada75d9e6ccc2e9c8\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1521916 1445a0fb6f9a2768abdfd7df4895bfd0\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1591070 daeb22d9e479b71e1a1e1e500a71ad7e\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1584338 d26497d4bc44e12ccfd28ae4384bb49e\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1573836 6285e0273ef86416d4b15f07bf5f0e83\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1537602 bd59c04c78b23ef67fcf384ab3ec663d\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 969944 95bb71ac502b9b58c8e0e03960de3311\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 883588 3df0f600960049ed338f62cf6f3cbb62\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 181526 864396a2dfb69341cd1857b502814bd0\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1060852 d2e4b08238cef29a05e5817b18fe4510\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1026860 bce19b81b7445a917933353ff008d9ed\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1024274 78dd73e157fd4ebad6dbdf877d668a51\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1021074 b3c98f791090296a75027df4e6354041\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1036892 dd8bf59f6dadda928025f332ad4ba027\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1033580 290e4cf32fdc486b4b01d8094a7e235b\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1028744 fb37992a392296b99399f9050b873c2d\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1032674 741f1bc86e6501c9de145e0c09bf98d5\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 653532 89ea1fa4d2b33a473c92ef0c8da0393d\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 884276 c25f8d4754ce5d7b641ae5a1898095aa\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 181514 3d41fda7aa3945744c53046c7f314918\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1060414 153d872da26f354f3e86167f48984332\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1026340 dff80047d15483fe37fc1fa8f8a530f6\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1024098 364a9f050c2d1ced8b1a0b9add3a6276\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1021664 3841e2cd52f06d411d9c643160fee27d\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1037204 c6601427157a10a67bf91ac64fb9b2f3\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1033338 79b104876d2693d5b87979c9c9e93a2a\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1028386 562fcca0c8ee76bfa90c62a7add33333\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1031986 545b3a354eff7b3f2da822a8ad9409f9\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 654614 4606a0c51fb87a0814d6ac3070f08801\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 808516 0e10ba653305ae5f10d86ae43aa5f80a\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 181314 84fcc3b6af9bc6462a656e47b87072ca\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 1019296 6b7fb39773cdbf8e11d2cb657b3e347f\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 937462 f01386aefee1e40ce4d748132adee9e0\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 935408 279ac9bd832844ea9b5f71ab6a3eb4ce\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 932564 8c2beb3fb01952935aee6234cd2f62e5\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 995426 f03e2a19ea866cc3a93da26ac76a601a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 989642 0a7998dddd270e64635017efaa03be21\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 985188 6c49fead180f05bb742f23f899709364\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 942692 cb5b255a881523d01d21e36e5954d3ed\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 591956 b7bdfa80b87fc8638b300af38ccc10a7\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 825020 15317a8f9f8453dc53e6bafad4899775\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 181266 d1e7a6ebe35692f70f92bafdf1591046\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1048830 be2c558e4383d42cc858cb2b051aaaca\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 965144 cbc94962b102a44787650dfcb7d8eb7d\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 962554 265863b58914620dd164e8acf029a0d4\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 955000 21dd78f20eb1cbf29e43fd1c00ad8e84\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1022468 c7d2b1481bdfc80fc295bf0b84b2bfca\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1018798 f60ba4b1aad3ba1dba74c3a497d64964\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1012934 4ad26c9c7edfa1d3845fd8476061761d\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 971092 1dedca57fb661f5b8a05eb9134512758\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 609536 8358946e015c0ccf4ffc55992fd1b618\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 751698 c2b0ab3d9e9e364b3e26ea2ed465c5bb\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 181110 ec41791d727303847230bf3c15252b4a\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 952462 30b356dbb50e471d490c9a026d38317b\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 875678 239f2de1694e9538e652c3fce6d0aeef\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 873396 39182b3b312688388595d3ae77db2c0f\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 867464 acb5e74a5f6d81a734a61c8860b15816\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 933814 958eb9e446e04e7961a1a5d6188e4438\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 927072 a5148241b4fbf79987031bf27ff06786\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 873420 8e90c88be6ec6b15058fb390b13dc668\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 880726 0dc54580e0b4d7845cc3e4f1f45c1f3b\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 545036 7476c13dba30d34f7de41464298bbc8b\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- - ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2007-09-19T00:00:00", "published": "2007-09-19T00:00:00", "id": "DEBIAN:DSA-1364-2:30E6F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00142.html", "title": "[SECURITY] [DSA 1364-2] New vim packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:39", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1364-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 1st, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : vim\nVulnerability : several\nProblem-Type : local(remote)\nDebian-specific: no\nCVE ID : CVE-2007-2438 CVE-2007-2953\n\nSeveral vulnerabilities have been discovered in the vim editor. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-2953\n\n Ulf Harnhammar discovered that a format string flaw in helptags_one() from\n src/ex_cmds.c (triggered through the &quot;helptags&quot; command) can lead to the\n execution of arbitrary code.\n\nCVE-2007-2438\n\n Editors often provide a way to embed editor configuration commands (aka\n modelines) which are executed once a file is opened. Harmful commands\n are filtered by a sandbox mechanism. It was discovered that function\n calls to writefile(), feedkeys() and system() were not filtered, allowing\n shell command execution with a carefully crafted file opened in vim.\n\nFor the oldstable distribution (sarge) these problems have been fixed in\nversion 6.3-071+1sarge2. Sarge is not affected by CVE-2007-2438.\n\nFor the stable distribution (etch) these problems have been fixed\nin version 7.0-122+1etch3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 7.1-056+1.\n\nWe recommend that you upgrade your vim packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2.dsc\n Size/MD5 checksum: 1376 a447ab6dba1d93c924841af4234e0f5b\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2.diff.gz\n Size/MD5 checksum: 262331 96005f014eb64ad9e9056daf0f578582\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3.orig.tar.gz\n Size/MD5 checksum: 5624622 de1c964ceedbc13538da87d2d73fd117\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/v/vim/vim-common_6.3-071+1sarge2_all.deb\n Size/MD5 checksum: 3424544 bd11013f7a21dfa3b6ba0c819eec5cc6\n http://security.debian.org/pool/updates/main/v/vim/vim-doc_6.3-071+1sarge2_all.deb\n Size/MD5 checksum: 1649542 d7d8c03c0c8247a253dbb261fa40d983\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 1735176 c18c09278385e50ef175d00c38765e3e\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3462 68b1f1e458dd1fb72d3d99c3d2d3280f\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3426 e17d73f7bc00653179c9ca16140ea8ff\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3430 688a1bc167efa9a239a9a891f61b2b85\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3432 1300702e3b2b8d67c675764487d6a48e\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3440 80f3c4d428bc9392eaf9b18f6f1b0972\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3442 b88a1d3527a7fff8fbd4b824086a4b10\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3442 770388cea68a78dafbdf72add2d16521\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3438 de7485b3a293ff3022b324a695c244a5\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 770114 6f1818ee5504c2b0a5e52ee8d41b1806\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 835450 950d2cc4f3dcbcb68bc9cf4283c33a33\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 797578 b284afa4fbc6deefda4e9e19ec46b1fe\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 795738 42372daac77df050d9d1a74226983972\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 736592 31e8cf65b1b7823641fb52b4de53dcfe\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 811434 3437e18e0dc9937fdec1ef2072895514\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 804926 53dd0076c07ea4bf6364abe1958e2160\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 799562 f9250a0b1256f1128986b41b483a4987\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 803722 f1e30ddf2b099448f8ed5058e0f3bef3\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 709024 a64946a72763ad6b703e446fe6a9ca8d\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 751764 2e1cc6ebdd372b78cda2f45da7344174\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 721944 44eabc81987efaec119cb564666a4b9a\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 719804 faf0821907791bc2558fc219416f445e\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 666224 b253c4fd98096052d07837174b5eae0b\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 731208 eadac82633345310e2556342a3d46a35\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 728042 1f9ed1e8bf41c8ea2c9fc3f4c5f3bc5b\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 723684 b95cd8f5e1c195d0b3c37de83a5a12cf\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 727856 c11561ac9aed6643f3edb973bdb35d87\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 797728 42b4f8c954d175ebef7538898cc18d01\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 862256 a637b52561f6d583f45f872064a1a899\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 824062 9b729c5c15e0b333fb245c543b35e188\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 822512 5139fb4205cc906080b1c78ed182bd31\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 765832 95d9c8e471c933e24de608f247d144fc\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 839224 837367925278355e6b2c6ab630661d97\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 830334 72fddfaecc1a3a621aac0b3d18728a65\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 826156 a832d560505158baa9ba8e2786d5c618\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 829102 948a745fa8344f1abb91f2db29731083\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 707422 bdccbc7d258dd54fda33fb650295e3cb\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 751260 30b45eb2dff9a7e8bfc893c6b5935bd6\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 717218 752630da7e5de6a4f83879038034c389\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 715366 cce7b0daa7da37655daba6ae7dd8994c\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 658294 73a84d3b0ca46499e5f3fc0fc186da18\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 730404 5632f3d97585c49cb6840f50eda67277\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 723092 9cdc1bd22d2c4945b42cfec3b8b3975f\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 718774 6d7099123fa130b800241aebbb9f0caf\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 722640 b5a8120adf8c08dbda532b61f6b21f10\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1091544 23059c89097a6d0549aaf0b896bbacb9\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1218936 420d7b019203c522af5e7fac02043405\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1169110 b03c8a05081d68c8313546a69fd1a5d7\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1166198 6461bde6a2d7f07865511d9af847f01f\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1104294 f6221a32ace9089991ea931b3de8d232\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1186082 144ffe06d52b65dcc9286a8b5c6bf3de\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1179320 1b637742c52df8a3a8a1f13688234f2c\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1172712 07597847bb95660cc8bb958c1ae4a0a3\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1178422 7de3bb540eddf5e9a4c9722970f27219\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 626270 a0214d151ca2d78c1586247ab2b4ce04\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 661418 7f1dd1e45d4ff01c99781c246b26563a\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 632364 b472eca7b2f3fac22af7f1a519a32e70\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 629680 64e0a57a01e16dc786df1798aff77a20\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 569728 d75b6d7f67ba573039537fa5cb1eb648\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 641228 a41b74e330b63c628c5e9a28d203d07f\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 637936 a19e651b3d58c6376bbd1f3f3cff1f02\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 634052 013ee9b71eb4fae12f71273ff07be3a3\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 637240 053b6be9b465e0343caa42421b3e33d9\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 1724446 eaa1354acdfe686ae4733c719e3fa324\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3486 bd2ea5c39efc62f3e28a54ee60ba520b\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3452 2db26cd7ff4958a01785ac1418d4855f\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3448 d5484db5e59b9c76d6e6f4a0a36d573d\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3454 e1303dde4ea8977d49dc529a018c267f\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3458 113d5f3577093dee854c4882ad5110b0\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3468 ac9793a461335cfa4433e27c17a40262\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3462 bb6600be7924ac036fec3630a0366858\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3456 49aab12417ce2c520c11696266a9adf2\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 1724466 3f90034a00c1f19f5922e150ea75a668\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3492 5622f6d8fca5bcc4a7f917a274d81765\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3458 22ec838e6b22dc2151cb2ac56fee4811\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3454 77a226b22a284b770076464e4012b5e2\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3456 f64c4923723d9ff656e5723518b9e605\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3462 2f564fc9bdd38fc60215ae0aa1988aea\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3468 610a5913c3fb09cea7e985dc53cf1b7b\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3462 dc176e60120348b0de465422b9eecd02\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3462 5c9ce3c08de7a82468a28f45b96d7885\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 759356 13ed418d17004f655fb909e17b48c01c\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 817014 4cdc2957622d50028cca8cc127477919\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 782218 addb6819008a2acd11b0d910cbf90812\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 779576 e1aa5d5e50514beede939bbf613f9573\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 722836 b253da2ab0fa24b76dfec7289d294489\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 794672 a007815fddaaa33294f4cd3cc684f706\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 788202 b054d92d2a1d28ec742e2578724ff001\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 783176 ed5eff7ae2b07a23aa2d5b4f39d0d8ac\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 787486 f719be5b8a23817e782d8727da069c2f\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 759782 d36357c298b983814c800393e6af36ba\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 823480 4409efbc21f8ce4989277362e07cb487\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 787324 35484fc15941afb5d87af0055600d004\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 785422 b5d30076a6c003394b1b9689815bc9b4\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 725148 b753f1ea8c440415e496eb11f5e6dbf6\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 799122 28fe549b2ce837f8a48cb87b23466fc2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 794392 b3c2143d7683153d0781b8ffa6be17bc\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 789992 922867fa0d00e427825b1b4462c4afdc\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 793446 aeeeaaacb2aac4ec55373bbae9e047ef\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 718092 7b38b9259ae34477316751f0937182ea\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 766730 8ceca9224d7dfdca9063412732f1674b\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 735378 263011dfef7ed30d142ff0815c6c47e0\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 732902 657b675db1010fe25105d879b8bfb055\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 675162 01a0fadd7dec8db2fc0d3c2f3d0fe7dd\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 747706 799f85b95188a79efd08013731e27ba9\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 741948 ed4b89247547949ecaa378491f15a253\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 732910 9522a5105a2df85bbddbd619708d32b8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 741266 a2125f24d77c66d4dc8c996eda034ea3\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3.dsc\n Size/MD5 checksum: 1437 cbe01a52d42f25617a4e3609b91b327f\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3.diff.gz\n Size/MD5 checksum: 285021 acd1e7b91a1ec5e3417118045cd8bb2e\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0.orig.tar.gz\n Size/MD5 checksum: 8457888 9ba05680b0719462f653e82720599f32\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/v/vim/vim-doc_7.0-122+1etch3_all.deb\n Size/MD5 checksum: 2034356 c589a9ec2cd7c3c6f45f48ff58871c5a\n http://security.debian.org/pool/updates/main/v/vim/vim-gui-common_7.0-122+1etch3_all.deb\n Size/MD5 checksum: 142582 64ac83f818c9f9b3bbf40ca56b15b725\n http://security.debian.org/pool/updates/main/v/vim/vim-runtime_7.0-122+1etch3_all.deb\n Size/MD5 checksum: 6362332 b27f042fadc4507f2a4829b10e6949da\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 924554 7c97880188a942dd8004c38574a06abc\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 216888 43779cb2c41a18612ca5605af725dd39\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1157716 a7387c0a9e6d6965a233e5de083ad7fc\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1071764 eb2089973a4fd8bcab834877c5f69ed5\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1069008 f6ab9ab86fc57780c7b0b2955e7a1590\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1064496 d2fe6f9aea8163afdc48560ee79cd509\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1128986 6d8f705a3d633ea963ce9d87e75ead38\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1122926 75aad08a3e2ccc0f5bd721536776ea5a\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1117430 978f562ef76822bf45962e7a5d2153d8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1079936 297a2ebca14da82e03945ac81bd04ded\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 680548 9cdeb4858db17343f31ba9cd17f6459b\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 834328 4cbba20feadfa68377ff67675a4c1065\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 181304 d6f9467f1da363fbf906c9797a67a525\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1054656 9598e8e26449e4e538465be2db5bac1c\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 971766 4f7e30a43e5b681dc23bb200631be3f7\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 969634 7d6fda8144278db9cf45bc65711c97c3\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 960762 b8941221c06bbddab956831455ab82f0\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1028382 53e712db71e1471b409f602a4d7d67c2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1024172 db1d42537f44b67d85dbf39c4961fcd1\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1019020 7650bc71e0e37d438baf786f02ac17b4\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 977120 92f1609f8eac5e92d17cb684f3fc84a5\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 614862 aa69cd9c47ed91ecfcec33405ee04075\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 755728 ad7c9e4b7d273847e58a15c88df98959\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 205688 164775a380d89440340214da7b4a3642\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 958660 4a0aa9b3ec58c73bc4b70ba8afaecffa\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 879778 6e2189fc510512ae97d1a073a77382dd\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 877566 e8b302a17a1491c158a08f4ebee8b29e\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 875392 db68300757e444dba39fd0daf46fab55\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 936280 783c1b43454476ba693f59b866bf674b\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 929836 fcf9df82b675875fafa90067353eafed\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 925066 9df22d5447ac43eb30ad53271948bdc8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 885416 68a61a54144f50e462b077cc8ccac620\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 548004 7c5d5bd8218344e1bf0d800b2c31a368\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 853216 9b478b3e53591f85d1208ddf2dbbcf29\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 182704 c751747f9bd6d8c1472e6d08c6b99c3f\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1077024 5fc43be17710aa110ce0d4d117d97904\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 994026 e9f50b924fe2003a574302ac08a58fc3\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 991846 87ff64ebc51d0c0fd11382b6f5f3ee95\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 986002 a3f9dfadb27675d4e2b8d9dd7a01d320\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1051448 99cf3c6fb70dbb27f9eb5efab8b057db\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1044720 e964da5b5bfc45cfb9c397eb96b769c1\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1038782 30bfe377c9c08210f854f403cbb2f1ee\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 999840 5883ca862650908088dbd430017a5587\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 623636 08f30beec8283b0f2111a970f58f2ddc\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 745158 956ef68561a71a8eed0047175dfff9d5\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 181252 bdd2098b76d4885f28e1f6e3b7376b7d\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 947320 41be0b2741614c054fece73548cec703\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 868016 501208beae0375d1610e3cebfefcf542\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 865592 28876441af29051e315a3c1a8b71bcca\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 859848 20dcd46eb38f1b32e600dddc81b8e328\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 924264 8639573d18e103d6e816f9bacdc844ef\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 917972 8ecf10dd01bb07c53aab5782db738602\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 913800 55929d92c3b2d496ba95cb2e80da1d69\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 872952 eadd254febb55b2a69613ebc8d710774\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 540270 81c890f5348042c2060fea9bb8368279\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1324484 d757418a65efba71dce496c1708a6ab8\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 184408 45a8073e746b4f6499871ed736e343f5\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1626954 8c74de55c6c635fbd0a25b14aea908d8\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1529082 643da71ea312e65dae057d09533b596e\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1524362 b165440c7f2d84aada75d9e6ccc2e9c8\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1521916 1445a0fb6f9a2768abdfd7df4895bfd0\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1591070 daeb22d9e479b71e1a1e1e500a71ad7e\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1584338 d26497d4bc44e12ccfd28ae4384bb49e\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1573836 6285e0273ef86416d4b15f07bf5f0e83\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1537602 bd59c04c78b23ef67fcf384ab3ec663d\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 969944 95bb71ac502b9b58c8e0e03960de3311\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 883588 3df0f600960049ed338f62cf6f3cbb62\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 181526 864396a2dfb69341cd1857b502814bd0\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1060852 d2e4b08238cef29a05e5817b18fe4510\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1026860 bce19b81b7445a917933353ff008d9ed\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1024274 78dd73e157fd4ebad6dbdf877d668a51\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1021074 b3c98f791090296a75027df4e6354041\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1036892 dd8bf59f6dadda928025f332ad4ba027\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1033580 290e4cf32fdc486b4b01d8094a7e235b\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1028744 fb37992a392296b99399f9050b873c2d\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1032674 741f1bc86e6501c9de145e0c09bf98d5\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 653532 89ea1fa4d2b33a473c92ef0c8da0393d\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 884276 c25f8d4754ce5d7b641ae5a1898095aa\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 181514 3d41fda7aa3945744c53046c7f314918\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1060414 153d872da26f354f3e86167f48984332\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1026340 dff80047d15483fe37fc1fa8f8a530f6\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1024098 364a9f050c2d1ced8b1a0b9add3a6276\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1021664 3841e2cd52f06d411d9c643160fee27d\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1037204 c6601427157a10a67bf91ac64fb9b2f3\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1033338 79b104876d2693d5b87979c9c9e93a2a\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1028386 562fcca0c8ee76bfa90c62a7add33333\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1031986 545b3a354eff7b3f2da822a8ad9409f9\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 654614 4606a0c51fb87a0814d6ac3070f08801\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 808516 0e10ba653305ae5f10d86ae43aa5f80a\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 181314 84fcc3b6af9bc6462a656e47b87072ca\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 1019296 6b7fb39773cdbf8e11d2cb657b3e347f\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 937462 f01386aefee1e40ce4d748132adee9e0\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 935408 279ac9bd832844ea9b5f71ab6a3eb4ce\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 932564 8c2beb3fb01952935aee6234cd2f62e5\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 995426 f03e2a19ea866cc3a93da26ac76a601a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 989642 0a7998dddd270e64635017efaa03be21\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 985188 6c49fead180f05bb742f23f899709364\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 942692 cb5b255a881523d01d21e36e5954d3ed\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 591956 b7bdfa80b87fc8638b300af38ccc10a7\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 825020 15317a8f9f8453dc53e6bafad4899775\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 181266 d1e7a6ebe35692f70f92bafdf1591046\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1048830 be2c558e4383d42cc858cb2b051aaaca\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 965144 cbc94962b102a44787650dfcb7d8eb7d\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 962554 265863b58914620dd164e8acf029a0d4\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 955000 21dd78f20eb1cbf29e43fd1c00ad8e84\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1022468 c7d2b1481bdfc80fc295bf0b84b2bfca\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1018798 f60ba4b1aad3ba1dba74c3a497d64964\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1012934 4ad26c9c7edfa1d3845fd8476061761d\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 971092 1dedca57fb661f5b8a05eb9134512758\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 609536 8358946e015c0ccf4ffc55992fd1b618\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 751698 c2b0ab3d9e9e364b3e26ea2ed465c5bb\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 181110 ec41791d727303847230bf3c15252b4a\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 952462 30b356dbb50e471d490c9a026d38317b\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 875678 239f2de1694e9538e652c3fce6d0aeef\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 873396 39182b3b312688388595d3ae77db2c0f\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 867464 acb5e74a5f6d81a734a61c8860b15816\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 933814 958eb9e446e04e7961a1a5d6188e4438\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 927072 a5148241b4fbf79987031bf27ff06786\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 873420 8e90c88be6ec6b15058fb390b13dc668\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 880726 0dc54580e0b4d7845cc3e4f1f45c1f3b\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 545036 7476c13dba30d34f7de41464298bbc8b\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "modified": "2007-09-01T00:00:00", "published": "2007-09-01T00:00:00", "id": "DEBIAN:DSA-1364-1:A03BE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00126.html", "title": "[SECURITY] [DSA 1364-1] New vim packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:21", "bulletinFamily": "unix", "description": "Jan Minar discovered that Vim did not properly sanitize inputs before invoking the execute or system functions inside Vim scripts. If a user were tricked into running Vim scripts with a specially crafted input, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2712)\n\nBen Schmidt discovered that Vim did not properly escape characters when performing keyword or tag lookups. If a user were tricked into running specially crafted commands, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4101)", "modified": "2009-01-27T00:00:00", "published": "2009-01-27T00:00:00", "id": "USN-712-1", "href": "https://usn.ubuntu.com/712-1/", "title": "Vim vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:21:58", "bulletinFamily": "unix", "description": "Ulf Harnhammar discovered that vim does not properly sanitise the \u201chelptags_one()\u201d function when running the \u201chelptags\u201d command. By tricking a user into running a crafted help file, a remote attacker could execute arbitrary code with the user\u2019s privileges.", "modified": "2007-08-28T00:00:00", "published": "2007-08-28T00:00:00", "id": "USN-505-1", "href": "https://usn.ubuntu.com/505-1/", "title": "vim vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "vmware": [{"lastseen": "2018-09-02T02:40:40", "bulletinFamily": "unix", "description": "a. Updated OpenSSL package for the Service Console fixes a security issue. \nOpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue. \nThe following table lists what action remediates the vulnerability (column 4) if a solution is available. \n\n", "modified": "2010-01-06T00:00:00", "published": "2009-03-31T00:00:00", "id": "VMSA-2009-0004", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0004.html", "title": "ESX Service Console updates for openssl, bind, and vim", "type": "vmware", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:34", "bulletinFamily": "unix", "description": "\nA Secunia Advisory reports:\n\nA format string error in the \"helptags_one()\" function in\n\t src/ex_cmds.c when running the \"helptags\" command can be exploited\n\t to execute arbitrary code via specially crafted help files.\n\n", "modified": "2007-07-27T00:00:00", "published": "2007-07-27T00:00:00", "id": "1ED03222-3C65-11DC-B3D3-0016179B2DD5", "href": "https://vuxml.freebsd.org/freebsd/1ed03222-3c65-11dc-b3d3-0016179b2dd5.html", "title": "vim -- Command Format String Vulnerability", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:25", "bulletinFamily": "unix", "description": "\nRdancer.org reports:\n\nImproper quoting in some parts of Vim written in the Vim Script\n\t can lead to arbitrary code execution upon opening a crafted\n\t file.\n\n", "modified": "2008-06-16T00:00:00", "published": "2008-06-16T00:00:00", "id": "30866E6C-3C6D-11DD-98C9-00163E000016", "href": "https://vuxml.freebsd.org/freebsd/30866e6c-3c6d-11dd-98c9-00163e000016.html", "title": "vim -- Vim Shell Command Injection Vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:19", "bulletinFamily": "unix", "description": "\nJan Minar reports:\n\nApplying the ``D'' to a file with a crafted file name,\n\t or inside a directory with a crafted directory name, can\n\t lead to arbitrary code execution.\n\n\nLack of sanitization throughout Netrw can lead to arbitrary\n\t code execution upon opening a directory with a crafted\n\t name.\n\n\nThe Vim Netrw Plugin shares the FTP user name and password\n\t across all FTP sessions. Every time Vim makes a new FTP\n\t connection, it sends the user name and password of the\n\t previous FTP session to the FTP server.\n\n", "modified": "2008-10-16T00:00:00", "published": "2008-10-16T00:00:00", "id": "0E1E3789-D87F-11DD-8ECD-00163E000016", "href": "https://vuxml.freebsd.org/freebsd/0e1e3789-d87f-11dd-8ecd-00163e000016.html", "title": "vim -- multiple vulnerabilities in the netrw module", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-03T16:38:15", "bulletinFamily": "exploit", "description": "Vim 7.1.314 Insufficient Shell Escaping Multiple Command Execution Vulnerabilities. CVE-2008-4101 . Remote exploit for linux platform", "modified": "2008-08-19T00:00:00", "published": "2008-08-19T00:00:00", "id": "EDB-ID:32289", "href": "https://www.exploit-db.com/exploits/32289/", "type": "exploitdb", "title": "Vim <= 7.1.314 - Insufficient Shell Escaping Multiple Command Execution Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/30795/info\r\n\r\nVim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.\r\n\r\nSuccessfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.\r\n\r\nVersions prior to Vim 7.2.010 are vulnerable. \r\n\r\nCopy-and-paste these examples into separate files:\r\n\r\n;xclock\r\nvim: set iskeyword=;,@\r\n\r\nPlace your cursor on ``xclock'', and press K. xclock appears.\r\n\r\n;date>>pwned\r\nvim: set iskeyword=1-255\r\n\r\nPlace your cursor on ``date'' and press K. File ``pwned'' is created in\r\nthe current working directory.\r\n\r\nPlease note: If modeline processing is disabled, set the 'iskeyword'\r\noption manually. ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/32289/"}, {"lastseen": "2016-02-03T15:46:08", "bulletinFamily": "exploit", "description": "Vim 7.x Vim Script Multiple Command Execution Vulnerabilities. CVE-2008-2712. Local exploit for linux platform", "modified": "2008-06-14T00:00:00", "published": "2008-06-14T00:00:00", "id": "EDB-ID:31911", "href": "https://www.exploit-db.com/exploits/31911/", "type": "exploitdb", "title": "Vim 7.x - Vim Script Multiple Command Execution Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/29715/info\r\n\r\nVim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.\r\n\r\nSuccessfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.\r\n\r\nVim 7.1.298 is vulnerable; other versions may also be affected.\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31911-1.zip\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31911-2.zip\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31911-3.zip\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/31911/"}, {"lastseen": "2016-02-03T15:58:46", "bulletinFamily": "exploit", "description": "Netrw 125 Vim Script Multiple Command Execution Vulnerabilities. CVE-2008-3076. Remote exploit for linux platform", "modified": "2008-07-07T00:00:00", "published": "2008-07-07T00:00:00", "id": "EDB-ID:32012", "href": "https://www.exploit-db.com/exploits/32012/", "type": "exploitdb", "title": "Netrw 125 Vim Script Multiple Command Execution Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/30115/info\r\n\r\nNetrw is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.\r\n\r\nSuccessfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.\r\n\r\nNetrw 125 is vulnerable; other versions may also be affected.\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/32012.tar.bz2", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/32012/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.vim.org/\n[Secunia Advisory ID:25941](https://secuniaresearch.flexerasoftware.com/advisories/25941/)\n[Secunia Advisory ID:26594](https://secuniaresearch.flexerasoftware.com/advisories/26594/)\n[Secunia Advisory ID:26674](https://secuniaresearch.flexerasoftware.com/advisories/26674/)\n[Secunia Advisory ID:26522](https://secuniaresearch.flexerasoftware.com/advisories/26522/)\n[Secunia Advisory ID:26653](https://secuniaresearch.flexerasoftware.com/advisories/26653/)\n[Secunia Advisory ID:26285](https://secuniaresearch.flexerasoftware.com/advisories/26285/)\n[Secunia Advisory ID:26822](https://secuniaresearch.flexerasoftware.com/advisories/26822/)\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-July/000219.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:168\nOther Advisory URL: http://www.ubuntu.com/usn/usn-505-1\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1364\nOther Advisory URL: http://www.trustix.org/errata/2007/0026/\nOther Advisory URL: http://secunia.com/secunia_research/2007-66/advisory/\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00007.html\nISS X-Force ID: 35655\nFrSIRT Advisory: ADV-2007-2687\n[CVE-2007-2953](https://vulners.com/cve/CVE-2007-2953)\nBugtraq ID: 25095\n", "modified": "2007-07-27T17:06:32", "published": "2007-07-27T17:06:32", "href": "https://vulners.com/osvdb/OSVDB:38674", "id": "OSVDB:38674", "title": "Vim src/ex_cmds.c helptags_one Function help-tags Command Format String", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T21:59:59", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 25095\r\nCVE(CAN) ID: CVE-2007-2953\r\n\r\nVIM\u662f\u4e00\u6b3e\u514d\u8d39\u5f00\u653e\u6e90\u4ee3\u7801\u6587\u672c\u7f16\u8f91\u5668\uff0c\u53ef\u4f7f\u7528\u5728Unix/Linux\u64cd\u4f5c\u7cfb\u7edf\u4e0b\u3002\r\n\r\nVIM\u7684src/ex_cmds.c\u6587\u4ef6\u4e2d\u7684helptags_one()\u51fd\u6570\u5b58\u5728\u683c\u5f0f\u4e32\u5904\u7406\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63d0\u5347\u81ea\u5df1\u7684\u6743\u9650\u3002\r\n\r\n\u5982\u679c\u653b\u51fb\u8005\u53d7\u9a97\u5bf9\u6076\u610f\u6570\u636e\u8fd0\u884c\u4e86helptags\u547d\u4ee4\u7684\u8bdd\uff0c\u653b\u51fb\u8005\u5c31\u53ef\u4ee5\u901a\u8fc7\u7279\u5236\u7684\u5e2e\u52a9\u6587\u4ef6\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\n\nVIM Development Group VIM 7.1\r\nVIM Development Group VIM 6.4\r\n\n \u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039\" target=\"_blank\">ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039</a>", "modified": "2007-08-01T00:00:00", "published": "2007-08-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2059", "id": "SSV:2059", "title": "Vim HelpTags\u547d\u4ee4\u8fdc\u7a0b\u683c\u5f0f\u4e32\u5904\u7406\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T21:20:55", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 32462,32463\r\nCVE(CAN) ID: CVE-2008-3074,CVE-2008-3074\r\n\r\nVIM\u662f\u4e00\u6b3e\u514d\u8d39\u5f00\u653e\u6e90\u4ee3\u7801\u6587\u672c\u7f16\u8f91\u5668\uff0c\u53ef\u4f7f\u7528\u5728Unix/Linux\u64cd\u4f5c\u7cfb\u7edf\u4e0b\u3002\r\n\r\nVIM\u7684tar.vim\u548czip.vim\u63d2\u4ef6\u4e2dshellescape()\u51fd\u6570\u6ca1\u6709\u6b63\u786e\u5730\u8f6c\u4e49\u6240\u6709\u9879\uff08\u201c!\u201d\u5b57\u7b26\uff09\u3002\u5982\u679c\u7528\u6237\u4f7f\u7528tar.vim\u63d2\u4ef6\u6253\u5f00\u4e86TAR\u6587\u6863\u7684\u8bdd\uff0c\u5c31\u4f1a\u5bfc\u81f4\u4ee5\u8fd0\u884cVim\u7528\u6237\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\n\nVIM Development Group VIM 7.1\r\nVIM Development Group VIM 7.0\n RedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:0580-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:0580-01\uff1aModerate: vim security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-0580.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0580.html</a>", "modified": "2008-11-28T00:00:00", "published": "2008-11-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4501", "id": "SSV:4501", "title": "Vim\u591a\u4e2a\u63d2\u4ef6\u5b57\u7b26\u8f6c\u4e49\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "securityvulns": [{"lastseen": "2018-08-31T11:09:30", "bulletinFamily": "software", "description": "Code execution on file open.", "modified": "2008-08-25T00:00:00", "published": "2008-08-25T00:00:00", "id": "SECURITYVULNS:VULN:9086", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9086", "title": "vim multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:27", "bulletinFamily": "software", "description": "1. SUMMARY\r\n\r\nProduct : Vim -- Vi IMproved\r\nVersion : Tested with Vim 7.2b.10, filetype.vim 2008-07-17\r\nImpact : Arbitrary code execution\r\nWherefrom: Local and remote\r\nCVE : CVE-2008-2712\r\nOriginal : http://www.rdancer.org/vulnerablevim-filetype.vim.updated.html\r\n http://www.rdancer.org/vulnerablevim-filetype.vim.updated.patch\r\n http://www.rdancer.org/vulnerablevim-latest.tar.bz2\r\n\r\nThis is an update of a previous advisory[1]. Vim patch 7.1.300 which\r\npurported to fix the &#96;&#96;filetype.vim&#39;&#39; vulnerability did not fix the\r\nvulnerability.\r\n\r\n\r\n2. BACKGROUND\r\n\r\n &#96;&#96;Vim is an almost compatible version of the UNIX editor Vi. Many new\r\n features have been added: multi-level undo, syntax highlighting,\r\n command line history, on-line help, spell checking, filename\r\n completion, block operations, etc.&#39;&#39;\r\n\r\n -- Vim README.txt\r\n\r\n &#96;&#96;Problem: Value of asmsyntax argument isn&#39;t checked for valid\r\n characters.\r\n Solution: Only accepts letters and digits.&#39;&#39;\r\n\r\n -- Vim Patch 7.1.300[2]\r\n\r\n3. VULNERABILITY\r\n\r\nThis is the &#96;&#96;filetype.vim&#39;&#39; vulnerability, described in the sections\r\n3.4.2.1. and 3.4.2.2. of the original advisory[1]. It can lead to\r\narbitrary code execution upon Vim opening a crafted file. The file can\r\nbe either local or remote, and the filename must match one of the\r\nfollowing glob patterns:\r\n\r\n *.asm\r\n *.s\r\n *.S\r\n *.a\r\n *.A\r\n *.mac\r\n *.lst &#40;with the exception of /boot/grub/menu.lst&#41;\r\n *.i\r\n\r\n\r\n4. PURPORTED FIX\r\n\r\nQuoting the original advisory[1]:\r\n\r\n &#96;&#96;[A]bsent sanitization on line 190, followed by the execute\r\n statements at filetype.vim lines 181 or 1267:\r\n\r\n &#96;&#96;The code looks in the first five lines [of the file being opened]\r\n for a statement of the form &#96;&#96;asmsyntax=FOO&#39;&#39;, where FOO can contain\r\n any characters except Tab and Space. FOO is then executed, without\r\n any sanitization.&#39;&#39;\r\n\r\n 187 let head = &quot; &quot;.getline&#40;1&#41;.&quot; &quot;.getline&#40;2&#41;.&quot; &quot;.getline&#40;3&#41;.&quot;\r\n&quot;.getline&#40;4&#41;.\r\n 188 &#92;&quot; &quot;.getline&#40;5&#41;.&quot; &quot;\r\n 189 if head =~ &#39;&#92;sasmsyntax=&#92;S&#92;+&#92;s&#39;\r\n *190 let b:asmsyntax = substitute&#40;head,\r\n&#39;.*&#92;sasmsyntax=&#92;&#40;&#92;S&#92;+&#92;&#41;&#92;s.*&#39;,&#39;&#92;1&#39;, &quot;&quot;&#41;\r\n [... logical flow of the code then jumps to line 181 ...]\r\n *181 exe &quot;setf &quot; . b:asmsyntax\r\n [... or line 1267 ...]\r\n *1267 exe &quot;setf &quot; . b:asmsyntax\r\n\r\nPatch 7.1.300 changed the regular expression in the substitute&#40;&#41; call on\r\nline 190:\r\n\r\n let b:asmsyntax = substitute&#40;head,\r\n&#39;.*&#92;sasmsyntax=&#92;&#40;[a-zA-Z0-9]&#92;+&#92;&#41;&#92;s.*&#39;,&#39;&#92;1&#39;, &quot;&quot;&#41;\r\n\r\nThis would work if substitute&#40;&#41; were a matching function -- returning a\r\nmatching string, or an empty string if the pattern failed to match. But\r\nsubstitute&#40;&#41; always returns its first argument -- substituting the\r\nmatching string &#40;if any&#41;. If the pattern fails to match, substitute&#40;&#41;\r\nreturns its first argument as-is:\r\n\r\n | pattern matches | no match\r\n ------------------+-----------------+--------------------\r\n substitute&#40;&#41; | alter match | return as-is\r\n ------------------+-----------------+--------------------\r\n matching function | return match | return empty string\r\n\r\nThe previous line of code &#40;line 189&#41; remains unchanged, leaving two\r\ndifferent regular expressions. It is easy to create a payload matching\r\nthe first regular expression, but not the second one. As a matter of\r\nfact, the payload in the test suite[3] that accompanied the original\r\nadvisory did just that.\r\n\r\nIt may be also worth noting that the failure to sanitize the input may\r\nnot have been fatal if the &#96;&#96;execute&#39;&#39; statements on lines 181 and 1276\r\nwere updated to use the fnameescape&#40;&#41; function to sanitize the\r\narguments.\r\n\r\n\r\n5. EXPLOIT\r\n\r\nThe exploit needed a small update in order to work with the current Vim.\r\nIt produces error messages, and the exploit text is not hidden. Making\r\nthe exploit fully compatible would be just a matter of spending some\r\nmore time. The updated exploit is called &#96;&#96;filetype.vim.updated&#39;&#39;:\r\n\r\n -------------------------------------------\r\n -------- Test results below ---------------\r\n -------------------------------------------\r\n Vim version 7.2b, included patches: 1-10\r\n filetype.vim revision date: 2008 Jul 17\r\n zip.vim version: v21\r\n netrw.vim version: v127\r\n -------------------------------------------\r\n filetype.vim\r\n strong : EXPLOIT FAILED\r\n weak : EXPLOIT FAILED\r\n filetype.vim.updated\r\n--&gt; strong : VULNERABLE\r\n--&gt; weak : VULNERABLE\r\n tarplugin : EXPLOIT FAILED\r\n tarplugin.updated: EXPLOIT FAILED\r\n tarplugin.v2: EXPLOIT FAILED\r\n zipplugin : EXPLOIT FAILED\r\n zipplugin.v2: EXPLOIT FAILED\r\n xpm.vim\r\n xpm : EXPLOIT FAILED\r\n xpm2 : EXPLOIT FAILED\r\n remote : EXPLOIT FAILED\r\n gzip_vim : EXPLOIT FAILED\r\n netrw : EXPLOIT FAILED\r\n netrw.v2 : EXPLOIT FAILED\r\n netrw.v3 : EXPLOIT FAILED\r\n netrw.v4 : EXPLOIT FAILED\r\n netrw.v5 : VULNERABLE\r\n shellescape: EXPLOIT FAILED\r\n\r\n\r\n6. PATCH\r\n\r\nA copy of a patch that fixes this vulnerability can be found at the URL\r\nbelow[4].\r\n\r\n\r\n7. REFERENCES\r\n\r\n[1] Collection of Vulnerabilities in Fully Patched Vim 7.1\r\n http://www.rdancer.org/vulnerablevim.html\r\n[2] Patch 7.1.300\r\n http://groups.google.com/group/vim_dev/msg/5a882ab234f02377\r\n http://ftp.vim.org/pub/vim/patches/7.1/7.1.300\r\n[3] The Vulnerable Vim Test Suite\r\n http://www.rdancer.org/vulnerablevim-latest.tar.bz2\r\n[4] Proposed patch\r\n http://www.rdancer.org/vulnerablevim-filetype.vim.updated.patch\r\n\r\n\r\n8. COPYRIGHT\r\n\r\nThis advisory is Copyright 2008 Jan Minar &lt;rdancer@rdancer.org&gt;\r\n\r\nCopying welcome, under the Creative Commons &#96;&#96;Attribution-Share Alike&#39;&#39;\r\nLicense http://creativecommons.org/licenses/by-sa/2.0/uk/\r\n\r\nCode included herein, and accompanying this advisory, may be copied\r\naccording to the GNU General Public License version 2, or the Vim\r\nlicense. See the subdirectory &#96;&#96;licenses&#39;&#39;.\r\n\r\nVarious portions of the accompanying code were written by various\r\nparties. Those parties may hold copyright, and those portions may be\r\ncopied according to their respective licenses.\r\n\r\n\r\n9. HISTORY\r\n\r\n2008-07-23 Sent to: &lt;bugs@vim.org&gt;, &lt;vim-dev@vim.org&gt;,\r\n &lt;full-disclosure@lists.grok.org.uk&gt;, &lt;bugtraq@securityfocus.com&gt;", "modified": "2008-07-24T00:00:00", "published": "2008-07-24T00:00:00", "id": "SECURITYVULNS:DOC:20220", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20220", "title": "Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:27", "bulletinFamily": "software", "description": "Vim: Unfixed Vulnerabilities in Tar Plugin Version 20\r\n\r\n1. SUMMARY\r\n\r\nProduct : Vim -- Vi IMproved\r\nVersion : Vim &gt;= 7.0 &#40;possibly older&#41;, present in 7.2c.002\r\n autoload/tar.vim &gt;= 9 &#40;possibly older&#41;, present in version 20\r\nImpact : Arbitrary code execution\r\nWherefrom: Local, remote\r\nCVE : CVE-2008-2712\r\nOriginal : http://www.rdancer.org/vulnerablevim-tarplugin-update.html\r\n\r\nThe Vim Tar Plugin vulnerabilities published in our previous advisories\r\nhave been addressed, but the changes do not provide fix for all attack\r\nvectors. We analyses some of the vulnerabilities remaining in\r\n&#96;&#96;$VIMRUNTIME/autoload/tar.vim&#39;&#39;.\r\n\r\n\r\n2. BACKGROUND\r\n\r\n &#96;&#96;Vim is an almost compatible version of the UNIX editor Vi. Many new\r\n features have been added: multi-level undo, syntax highlighting,\r\n command line history, on-line help, spell checking, filename\r\n completion, block operations, etc.&#39;&#39;\r\n\r\n -- Vim README.txt\r\n\r\n &#96;&#96;When one edits a *.tar file, this plugin will handle displaying a\r\n contents page. Select a file to edit by moving the cursor atop\r\n the desired file, then hit the &lt;return&gt; key. After editing, one may\r\n also write to the file.&#39;&#39;\r\n\r\n -- Tar File Interface &#40;pi_tar.txt&#41;\r\n\r\n\r\n3. ATTEMPTED FIX\r\n\r\nThese are all the &#96;&#96;execute&#39;&#39; and system&#40;&#41; calls in the current code\r\n&#40;autoload/tar.vim version 20, 2008-07-30&#41; code. It can be seen that all\r\nthe vulnerable statements have been changed. Unfortunately, not all the\r\nchanges provide a sufficient fix. &#40;We analyse the vulnerabilities in\r\nsection 4 below&#41;:\r\n\r\n 133\t let tarfile=substitute&#40;system&#40;&quot;cygpath -u\r\n&quot;.s:Escape&#40;tarfile,0&#41;&#41;,&#39;&#92;n$&#39;,&#39;&#39;,&#39;e&#39;&#41;\r\n 138\t exe &quot;silent r! gzip -d -c -- &quot;.s:Escape&#40;tarfile,1&#41;.&quot; |\r\n&quot;.g:tar_cmd.&quot; -&quot;.g:tar_browseoptions.&quot; - &quot;\r\n 141\t exe &quot;silent r! cat -- &quot;.s:Escape&#40;tarfile,1&#41;.&quot;|gzip -d -c\r\n-|&quot;.g:tar_cmd.&quot; -&quot;.g:tar_browseoptions.&quot; - &quot;\r\n 144\t exe &quot;silent r! bzip2 -d -c -- &quot;.s:Escape&#40;tarfile,1&#41;.&quot; |\r\n&quot;.g:tar_cmd.&quot; -&quot;.g:tar_browseoptions.&quot; - &quot;\r\n 147\t exe &quot;silent r! &quot;.g:tar_cmd.&quot; -&quot;.g:tar_browseoptions.&quot;\r\n&quot;.s:Escape&#40;tarfile,1&#41;\r\n 163\t exe &quot;r &quot;.fnameescape&#40;a:tarfile&#41;\r\n 198\t let tarfile=substitute&#40;system&#40;&quot;cygpath -u\r\n&quot;.s:Escape&#40;tarfile,0&#41;&#41;,&#39;&#92;n$&#39;,&#39;&#39;,&#39;e&#39;&#41;\r\n 223\t let tarfile=substitute&#40;system&#40;&quot;cygpath -u\r\n&quot;.s:Escape&#40;tarfile,0&#41;&#41;,&#39;&#92;n$&#39;,&#39;&#39;,&#39;e&#39;&#41;\r\n 244\t exe &quot;silent r! gzip -d -c -- &quot;.s:Escape&#40;tarfile,1&#41;.&quot;|\r\n&quot;.g:tar_cmd.&quot; -&quot;.g:tar_readoptions.&quot; - &quot;.s:Escape&#40;fname,1&#41;.decmp\r\n 247\t exe &quot;silent r! cat -- &quot;.s:Escape&#40;tarfile,1&#41;.&quot; | gzip -d -c\r\n- | &quot;.g:tar_cmd.&quot; -&quot;.g:tar_readoptions.&quot; - &quot;.s:Escape&#40;fname,1&#41;.decmp\r\n 250\t exe &quot;silent r! bzip2 -d -c -- &quot;.s:Escape&#40;tarfile,1&#41;.&quot;|\r\n&quot;.g:tar_cmd.&quot; -&quot;.g:tar_readoptions.&quot; - &quot;.s:Escape&#40;fname,1&#41;.decmp\r\n 253\t exe &quot;silent r! &quot;.g:tar_cmd.&quot; -&quot;.g:tar_readoptions.&quot;\r\n&quot;.s:Escape&#40;tarfile,1&#41;.&quot; -- &quot;.s:Escape&#40;fname,1&#41;.decmp\r\n 262\t exe &quot;file tarfile::&quot;.fnameescape&#40;fname&#41;\r\n 308\t exe &quot;cd &quot;.fnameescape&#40;tmpdir&#41;\r\n 332\t call system&#40;&quot;gzip -d -- &quot;.s:Escape&#40;tarfile,0&#41;&#41;\r\n 336\t call system&#40;&quot;gzip -d -- &quot;.s:Escape&#40;tarfile,0&#41;&#41;\r\n 341\t call system&#40;&quot;bzip2 -d -- &quot;.s:Escape&#40;tarfile,0&#41;&#41;\r\n 359\t let dirpath = substitute&#40;system&#40;&quot;cygpath\r\n&quot;.s:Escape&#40;dirpath, 0&#41;&#41;,&#39;&#92;n&#39;,&#39;&#39;,&#39;e&#39;&#41;\r\n 368\t exe &quot;w! &quot;.fnameescape&#40;fname&#41;\r\n 370\t let tarfile = substitute&#40;system&#40;&quot;cygpath\r\n&quot;.s:Escape&#40;tarfile,0&#41;&#41;,&#39;&#92;n&#39;,&#39;&#39;,&#39;e&#39;&#41;\r\n 375\t call system&#40;&quot;tar --delete -f &quot;.s:Escape&#40;tarfile,0&#41;.&quot; --\r\n&quot;.s:Escape&#40;fname,0&#41;&#41;\r\n 384\t call system&#40;&quot;tar -&quot;.g:tar_writeoptions.&quot;\r\n&quot;.s:Escape&#40;tarfile,0&#41;.&quot; -- &quot;.s:Escape&#40;fname,0&#41;&#41;\r\n 391\t call system&#40;compress&#41;\r\n 407\t exe &quot;e! &quot;.fnameescape&#40;tarfile&#41;\r\n 419\t exe &quot;cd &quot;.fnameescape&#40;curdir&#41;\r\n 431\t call system&#40;&quot;/bin/rm -rf -- &quot;.s:Escape&#40;a:fname,0&#41;&#41;\r\n 434\t call system&#40;&quot;/bin/rm -rf -- &quot;.s:Escape&#40;a:fname,0&#41;&#41;\r\n 436\t call system&#40;&quot;del /S &quot;.s:Escape&#40;a:fname,0&#41;&#41;\r\n\r\nThis is the listing from section &#96;&#96;3.4.2.3.1.&#39;&#39; of the original\r\nadvisory[1], for reference:\r\n\r\n 99\t exe &quot;$put =&#39;&quot;.&#39;&#92;&quot;&#39;.&quot; Browsing tarfile &quot;.a:tarfile.&quot;&#39;&quot;\r\n 107\t let tarfile=substitute&#40;system&#40;&quot;cygpath -u &quot;.tarfile&#41;,&#39;&#92;n$&#39;,&#39;&#39;,&#39;e&#39;&#41;\r\n 112\t exe &quot;silent r! gzip -d -c &quot;.g:tar_shq.tarfile.g:tar_shq.&quot;|\r\n&quot;.g:tar_cmd.&quot; -&quot;.g:tar_browseoptions.&quot; - &quot;\r\n 115\t exe &quot;silent r! bzip2 -d -c &quot;.g:tar_shq.tarfile.g:tar_shq.&quot;|\r\n&quot;.g:tar_cmd.&quot; -&quot;.g:tar_browseoptions.&quot; - &quot;\r\n 118\t exe &quot;silent r! &quot;.g:tar_cmd.&quot; -&quot;.g:tar_browseoptions.&quot;\r\n&quot;.g:tar_shq.tarfile.g:tar_shq\r\n 134\t exe &quot;r &quot;.a:tarfile\r\n 169\t let tarfile=substitute&#40;system&#40;&quot;cygpath -u &quot;.tarfile&#41;,&#39;&#92;n$&#39;,&#39;&#39;,&#39;e&#39;&#41;\r\n 192\t let tarfile=substitute&#40;system&#40;&quot;cygpath -u &quot;.tarfile&#41;,&#39;&#92;n$&#39;,&#39;&#39;,&#39;e&#39;&#41;\r\n 199\t exe &quot;silent r! gzip -d -c &quot;.g:tar_shq.tarfile.g:tar_shq.&quot;|\r\n&quot;.g:tar_cmd.&quot; -&quot;.g:tar_readoptions.&quot; - &#39;&quot;.fname.&quot;&#39;&quot;\r\n 202\t exe &quot;silent r! bzip2 -d -c &quot;.g:tar_shq.tarfile.g:tar_shq.&quot;|\r\n&quot;.g:tar_cmd.&quot; -&quot;.g:tar_readoptions.&quot; - &#39;&quot;.fname.&quot;&#39;&quot;\r\n 205\t exe &quot;silent r! &quot;.g:tar_cmd.&quot; -&quot;.g:tar_readoptions.&quot;\r\n&quot;.g:tar_shq.tarfile.g:tar_shq.&quot; &quot;.g:tar_shq.fname.g:tar_shq\r\n 208\t exe &quot;file tarfile:&quot;.fname\r\n 278\t call system&#40;&quot;gzip -d &quot;.tarfile&#41;\r\n 282\t call system&#40;&quot;gzip -d &quot;.tarfile&#41;\r\n 287\t call system&#40;&quot;bzip2 -d &quot;.tarfile&#41;\r\n 303\t let dirpath = substitute&#40;system&#40;&quot;cygpath &quot;.dirpath&#41;,&#39;&#92;n&#39;,&#39;&#39;,&#39;e&#39;&#41;\r\n 312\t exe &quot;w! &quot;.fname\r\n 314\t let tarfile = substitute&#40;system&#40;&quot;cygpath &quot;.tarfile&#41;,&#39;&#92;n&#39;,&#39;&#39;,&#39;e&#39;&#41;\r\n 319\t call system&#40;&quot;tar --delete -f &#39;&quot;.tarfile.&quot;&#39; &#39;&quot;.fname.&quot;&#39;&quot;&#41;\r\n 335\t call system&#40;compress&#41;\r\n 351\t exe &quot;e! &quot;.tarfile\r\n\r\n\r\n4. VULNERABILITIES\r\n\r\n4.1. Untrusted File Names Interpreted as Optional Argument\r\n\r\n4.1.1. POSIX Systems\r\n\r\nThe POSIX end-of-options double-dash &#40;--&#41; is missing from some of the\r\ncommands invoked by system&#40;&#41; -- line 244 a.o.:\r\n\r\n 244\t exe &quot;silent r! gzip -d -c -- &quot;.s:Escape&#40;tarfile,1&#41;.&quot;|\r\n&quot;.g:tar_cmd.&quot; -&quot;.g:tar_readoptions.&quot; - &quot;.s:Escape&#40;fname,1&#41;.decmp\r\n\r\nThe resulting command looks like this:\r\n\r\n gzip -d -c -- TARBALL | tar -OPxf - MEMBER\r\n\r\nMEMBER can be interpreted by tar&#40;1&#41; as a command line option. This can\r\nbe still used to execute arbitrary shell commands &#40;cf. e.g. the\r\n&#96;&#96;--compress-program&#39;&#39; option of tar&#40;1&#41;&#41;.\r\n\r\n\r\n4.1.2. Other Systems\r\n\r\nWith implementations of tar&#40;1&#41; &#40;and other programs&#41; that do not\r\nunderstand the double-dash convention, another mechanism must be used to\r\nprevent the file name from being interpreted as command line options.\r\nAt the same time, the current code may confuse such programs.\r\n\r\nIt is not possible for Vim to know the invocation syntax of external\r\nprograms. As the double-dash security measure may not be present in any\r\ngiven external command, the security of commands that pass untrusted\r\ninput to these external commands is not be guaranteed.\r\n\r\n\r\n4.2 Unspecified Behaviour of system&#40;&#41; and &#96;&#96;!&#39;&#39;\r\n\r\n4.2.1. The system&#40;&#41; Function\r\n\r\nsystem&#40;&#41;, does not invoke /bin/sh to run the commands, as does the C\r\nStandard Library function of the same name. Rather, it uses the program\r\nspecified in the Vim internal option &#39;shell&#39;. The full details of how\r\nsystem&#40;&#41; works can be found in the Vim Manual:\r\n\r\n &#96;&#96;system&#40;{expr} [, {input}]&#41; *system&#40;&#41;* *E677*\r\n [...]\r\n The command executed is constructed using several options:\r\n &#39;shell&#39; &#39;shellcmdflag&#39; &#39;shellxquote&#39; {expr} &#39;shellredir&#39; {tmp} &#39;shellxquote&#39;\r\n &#40;{tmp} is an automatically generated file name&#41;. For Unix and OS/2\r\n braces are put around {expr} to allow for concatenated commands.&#39;&#39;\r\n\r\n -- Vim Reference Manual &#40;&#96;&#96;eval.txt&#39;&#39;&#41;\r\n\r\nAs the particularities of how this program interprets the command can\r\nnot be known, it is inherently impossible to say anything meaningful as\r\nto whether there are security issues. In fact, it is not possible to\r\nsay anything about how the command will be interpreted, or if it will be\r\ninterpreted at all. In the absence of a baseline specification, the\r\nbehaviour of system&#40;&#41; as implemented by Vim can only be described as\r\n&quot;unspecified&quot;.\r\n\r\nBy setting the respective options to known values, it may be possible to\r\nreach the C Standard Library system&#40;&#41; functionality. There will still\r\nbe problems on systems without /bin/sh, and on systems where /bin/sh is\r\nnot POSIX-conformant.\r\n\r\n\r\n4.2.2. The &#96;&#96;!&#39;&#39; Command\r\n\r\nThe same applies to the &#96;&#96;!&#39;&#39; command, as used e.g. on line 138:\r\n\r\n 138\t exe &quot;silent r! gzip -d -c -- &quot;.s:Escape&#40;tarfile,1&#41;.&quot; |\r\n&quot;.g:tar_cmd.&quot; -&quot;.g:tar_browseoptions.&quot; - &quot;\r\n\r\nThe &#96;&#96;r!&#39;&#39; means the &#96;&#96;read&#39;&#39; command reads the output of the &#96;&#96;!&#39;&#39;\r\ncommand, which in turn executes shell commands, in a way similar to\r\nsystem&#40;&#41;.\r\n\r\n\r\n5. EXPLOIT\r\n\r\nNo exploit code is provided.\r\n\r\n\r\n6. REFERENCES\r\n\r\n[1] Collection of Vulnerabilities in Fully Patched Vim 7.1\r\n http://www.rdancer.org/vulnerablevim.html\r\n\r\n\r\n7. COPYRIGHT\r\n\r\nThis advisory is Copyright 2008 Jan Minar &lt;rdancer@rdancer.org&gt;\r\n\r\nCopying welcome, under the Creative Commons &#96;&#96;Attribution-Share Alike&#39;&#39;\r\nLicense http://creativecommons.org/licenses/by-sa/2.0/uk/\r\n\r\nCode included herein, and accompanying this advisory, may be copied\r\naccording to the GNU General Public License version 2, or the Vim\r\nlicense. See the subdirectory &#96;&#96;licenses&#39;&#39;.\r\n\r\nVarious portions of the accompanying code were written by various\r\nparties. Those parties may hold copyright, and those portions may be\r\ncopied according to their respective licenses.\r\n\r\n\r\n8. HISTORY\r\n\r\n2008-08-08 Sent to: &lt;bugs@vim.org&gt;, &lt;vim-dev@vim.org&gt;,\r\n &lt;full-disclosure@lists.grok.org.uk&gt;,\r\n &lt;bugtraq@securityfocus.com&gt;,\r\n Charles E Campbell, Jr &#40;Vim Tar Plugin Maintainer&#41;\r\n &lt;drchip@campbellfamily.biz&gt;", "modified": "2008-08-08T00:00:00", "published": "2008-08-08T00:00:00", "id": "SECURITYVULNS:DOC:20317", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20317", "title": "Vim: Unfixed Vulnerabilities in Tar Plugin Version 20", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}