Lucene search
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2008-0617.NASLHistoryJul 12, 2013 - 12:00 a.m.
Oracle Linux 3 / 4 : vim (ELSA-2008-0617)
2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
From Red Hat Security Advisory 2008:0617 :
Updated vim packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Vim (Visual editor IMproved) is an updated and improved version of the vi editor.
Several input sanitization flaws were found in Vimβs keyword and tag handling. If Vim looked up a documentβs maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)
A heap-based overflow flaw was discovered in Vimβs expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code.
(CVE-2008-3432)
Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712)
Ulf Harnhammar, of Secunia Research, discovered a format string flaw in Vimβs help tag processor. If a user was tricked into executing the βhelptagsβ command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953)
All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2008:0617 and
# Oracle Linux Security Advisory ELSA-2008-0617 respectively.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(67732);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3432", "CVE-2008-4101");
script_xref(name:"RHSA", value:"2008:0617");
script_name(english:"Oracle Linux 3 / 4 : vim (ELSA-2008-0617)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Oracle Linux host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"From Red Hat Security Advisory 2008:0617 :
Updated vim packages that fix various security issues are now
available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
Vim (Visual editor IMproved) is an updated and improved version of the
vi editor.
Several input sanitization flaws were found in Vim's keyword and tag
handling. If Vim looked up a document's maliciously crafted tag or
keyword, it was possible to execute arbitrary code as the user running
Vim. (CVE-2008-4101)
A heap-based overflow flaw was discovered in Vim's expansion of file
name patterns with shell wildcards. An attacker could create a
specially crafted file or directory name that, when opened by Vim,
caused the application to crash or, possibly, execute arbitrary code.
(CVE-2008-3432)
Several input sanitization flaws were found in various Vim system
functions. If a user opened a specially crafted file, it was possible
to execute arbitrary code as the user running Vim. (CVE-2008-2712)
Ulf Harnhammar, of Secunia Research, discovered a format string flaw
in Vim's help tag processor. If a user was tricked into executing the
'helptags' command on malicious data, arbitrary code could be executed
with the permissions of the user running Vim. (CVE-2007-2953)
All Vim users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2008-November/000814.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2008-November/000815.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected vim packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20, 119);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:vim-X11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:vim-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:vim-enhanced");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:vim-minimal");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/31");
script_set_attribute(attribute:"patch_publication_date", value:"2008/11/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Oracle Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4", "Oracle Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
flag = 0;
if (rpm_check(release:"EL3", cpu:"i386", reference:"vim-X11-6.3.046-0.30E.11")) flag++;
if (rpm_check(release:"EL3", cpu:"x86_64", reference:"vim-X11-6.3.046-0.30E.11")) flag++;
if (rpm_check(release:"EL3", cpu:"i386", reference:"vim-common-6.3.046-0.30E.11")) flag++;
if (rpm_check(release:"EL3", cpu:"x86_64", reference:"vim-common-6.3.046-0.30E.11")) flag++;
if (rpm_check(release:"EL3", cpu:"i386", reference:"vim-enhanced-6.3.046-0.30E.11")) flag++;
if (rpm_check(release:"EL3", cpu:"x86_64", reference:"vim-enhanced-6.3.046-0.30E.11")) flag++;
if (rpm_check(release:"EL3", cpu:"i386", reference:"vim-minimal-6.3.046-0.30E.11")) flag++;
if (rpm_check(release:"EL3", cpu:"x86_64", reference:"vim-minimal-6.3.046-0.30E.11")) flag++;
if (rpm_check(release:"EL4", reference:"vim-X11-6.3.046-1.el4_7.5z")) flag++;
if (rpm_check(release:"EL4", reference:"vim-common-6.3.046-1.el4_7.5z")) flag++;
if (rpm_check(release:"EL4", reference:"vim-enhanced-6.3.046-1.el4_7.5z")) flag++;
if (rpm_check(release:"EL4", reference:"vim-minimal-6.3.046-1.el4_7.5z")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim-X11 / vim-common / vim-enhanced / vim-minimal");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | linux | vim-x11 | p-cpe:/a:oracle:linux:vim-x11 |
| oracle | linux | vim-common | p-cpe:/a:oracle:linux:vim-common |
| oracle | linux | vim-enhanced | p-cpe:/a:oracle:linux:vim-enhanced |
| oracle | linux | vim-minimal | p-cpe:/a:oracle:linux:vim-minimal |
| oracle | linux | 3 | cpe:/o:oracle:linux:3 |
| oracle | linux | 4 | cpe:/o:oracle:linux:4 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101
oss.oracle.com/pipermail/el-errata/2008-November/000814.html
oss.oracle.com/pipermail/el-errata/2008-November/000815.html
Related
openvas
openvas
CentOS Update for vim-common CESA-2008:0617 centos3 i386
2009-02-27 00:00:00
CentOS Update for vim-common CESA-2008:0617 centos4 x86_64
2009-02-27 00:00:00
CentOS Update for vim-common CESA-2008:0617 centos3 i386
2009-02-27 00:00:00
centos
centos
vim security update
2008-11-25 16:56:47
vim security update
2008-11-25 23:40:39
vim security update
2008-11-26 22:22:41
oraclelinux
oraclelinux
vim security update
2008-11-25 00:00:00
vim security update
2008-11-25 00:00:00
nessus
nessus
RHEL 3 / 4 : vim (RHSA-2008:0617)
2008-11-25 00:00:00
CentOS 3 / 4 : vim (CESA-2008:0617)
2009-04-23 00:00:00
VMware ESX Multiple Vulnerabilities (VMSA-2009-0004) (remote check)
2016-03-03 00:00:00
redhat
redhat
(RHSA-2008:0617) Moderate: vim security update
2008-11-25 00:00:00
(RHSA-2008:0618) Moderate: vim security update
2008-11-25 00:00:00
(RHSA-2008:0580) Moderate: vim security update
2008-11-25 00:00:00
vmware
vmware
ESX Service Console updates for openssl, bind, and vim
2009-03-31 00:00:00
ESX Service Console updates for openssl, bind, and vim
2009-03-31 00:00:00
ubuntu
ubuntu
Vim vulnerabilities
2009-01-27 00:00:00
vim vulnerability
2007-08-28 00:00:00
cve
cve
prion
prion
debian
debian
[Backports-security-announce] Security Update for vim
2008-11-29 10:05:18
[Backports-security-announce] Security Update for vim
2008-11-29 10:05:12
[SECURITY] [DSA 1733-1] New vim packages fix multiple vulnerabilities
2009-03-03 08:35:17
debiancve
debiancve
ubuntucve
ubuntucve
osv
osv
vim - multiple vulnerabilities
2009-03-03 00:00:00
vim - several vulnerabilities
2007-09-19 00:00:00
vim
2007-09-19 00:00:00
seebug
seebug
Vim HelpTagsε½δ»€θΏη¨ζ ΌεΌδΈ²ε€ηζΌζ΄
2007-08-01 00:00:00
securityvulns
securityvulns
Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim
2008-07-24 00:00:00
vim multiple security vulnerabilities
2008-08-25 00:00:00
Vim: Unfixed Vulnerabilities in Tar Plugin Version 20
2008-08-08 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:25:49
Arbitrary Code Execution
2020-04-10 00:25:50
Arbitrary Code Execution
2020-04-10 00:25:49
freebsd
freebsd
vim -- Vim Shell Command Injection Vulnerabilities
2008-06-16 00:00:00
vim -- Command Format String Vulnerability
2007-07-27 00:00:00
vim6 -- heap-based overflow while parsing shell metacharacters
2008-07-31 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44
Related for ORACLELINUX_ELSA-2008-0617.NASL