MiracleLinux 3 : vim-7.0.109-4.4z.1AXS3 (AXSA:2008-498:01)

🗓️ 14 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 3 Vim package vim-7.0.109-4.4z.1AXS3 has multiple remote execution flaws.

Reporter	Title	Published	Views	Family All 190
FreeBSD	vim -- multiple vulnerabilities in the netrw module	16 Oct 200800:00	–	freebsd
FreeBSD	vim -- Command Format String Vulnerability	27 Jul 200700:00	–	freebsd
FreeBSD	vim -- Vim Shell Command Injection Vulnerabilities	16 Jun 200800:00	–	freebsd
Tenable Nessus	CentOS 5 : vim (CESA-2008:0580)	6 Jan 201000:00	–	nessus
Tenable Nessus	CentOS 3 / 4 : vim (CESA-2008:0617)	23 Apr 200900:00	–	nessus
Tenable Nessus	Debian DSA-1364-2 : vim - several vulnerabilities	3 Sep 200700:00	–	nessus
Tenable Nessus	Debian DSA-1733-1 : vim - several vulnerabilities	4 Mar 200900:00	–	nessus
Tenable Nessus	FreeBSD : vim -- multiple vulnerabilities in the netrw module (0e1e3789-d87f-11dd-8ecd-00163e000016)	2 Jan 200900:00	–	nessus
Tenable Nessus	FreeBSD : vim -- Command Format String Vulnerability (1ed03222-3c65-11dc-b3d3-0016179b2dd5)	30 Jul 200700:00	–	nessus
Tenable Nessus	FreeBSD : vim -- Vim Shell Command Injection Vulnerabilities (30866e6c-3c6d-11dd-98c9-00163e000016)	24 Jun 200800:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/594
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2008-498:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(284215);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");

  script_cve_id(
    "CVE-2007-2953",
    "CVE-2008-2712",
    "CVE-2008-3074",
    "CVE-2008-3075",
    "CVE-2008-3076",
    "CVE-2008-4101"
  );

  script_name(english:"MiracleLinux 3 : vim-7.0.109-4.4z.1AXS3 (AXSA:2008-498:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2008-498:01 advisory.

    VIM (VIsual editor iMproved) is an updated and improved version of the vi editor.  Vi was the first real
    screen-based editor for UNIX, and is still very popular.  VIM improves on vi by adding new features:
    multiple windows, multi-level undo, block highlighting and more.  The vim-enhanced package contains a
    version of VIM with extra, recently introduced features like Python and Perl interpreters.
    Bugs fixed:
    CVE-2007-2953
    Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x
    up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in
    a help-tags tag in a help file, related to the helptags command.
    CVE-2008-2712
    Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands
    via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as
    demonstrated using (1) filetype.vim, (2) zipplugin, (3) xpm.vim, (4) gzip_vim, and (5) netrw.
    CVE-2008-3074
    Description not available at time of writing, see CVE links below.
    CVE-2008-3075
    Description not available at time of writing, see CVE links below.
    CVE-2008-3076
    Description not available at time of writing, see CVE links below.
    CVE-2008-4101
    Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted
    attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ;
    (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2)
    Ctrl-] (control close-square-bracket) or (3) g] (g close-square-bracket) keystroke sequence, a different
    issue than CVE-2008-2712.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/594");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-4101");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2008-3075");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/12/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:vim-X11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:vim-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:vim-enhanced");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:vim-minimal");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'vim-common-7.0.109-4.4z.1AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'vim-enhanced-7.0.109-4.4z.1AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'vim-minimal-7.0.109-4.4z.1AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'vim-X11-7.0.109-4.4z.1AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'vim-X11 / vim-common / vim-enhanced / vim-minimal');
}

14 Jan 2026 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 29.3

EPSS0.16974