Lucene search

K

[email protected]NVD:CVE-2007-2438

HistoryMay 02, 2007 - 9:19 p.m.

CVE-2007-2438

2007-05-0221:19:00

[email protected]

web.nvd.nist.gov

7

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7

Confidence

Low

EPSS

0.018

Percentile

88.3%

The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.

Affected configurations

Nvd

Node

foresight_linuxforesight_linuxMatch1.1

AND

vim_development_groupvimMatch7.0

VendorProductVersionCPE
foresight_linuxforesight_linux1.1cpe:2.3:o:foresight_linux:foresight_linux:1.1:*:*:*:*:*:*:*
vim_development_groupvim7.0cpe:2.3:a:vim_development_group:vim:7.0:*:*:*:*:*:*:*

References

attrition.org/pipermail/vim/2007-May/001614.html

marc.info/?l=vim-dev&m=117762581821298&w=2

marc.info/?l=vim-dev&m=117778983714029&w=2

osvdb.org/36250

secunia.com/advisories/25024

secunia.com/advisories/25159

secunia.com/advisories/25182

secunia.com/advisories/25255

secunia.com/advisories/25367

secunia.com/advisories/25432

secunia.com/advisories/26653

tech.groups.yahoo.com/group/vimannounce/message/178

tech.groups.yahoo.com/group/vimdev/message/46627

tech.groups.yahoo.com/group/vimdev/message/46645

tech.groups.yahoo.com/group/vimdev/message/46658

www.attrition.org/pipermail/vim/2007-August/001770.html

www.debian.org/security/2007/dsa-1364

www.mandriva.com/security/advisories?name=MDKSA-2007:101

www.novell.com/linux/security/advisories/2007_12_sr.html

www.redhat.com/support/errata/RHSA-2007-0346.html

www.securityfocus.com/archive/1/467202/100/0/threaded

www.securityfocus.com/bid/23725

www.securitytracker.com/id?1018035

www.trustix.org/errata/2007/0017/

www.ubuntu.com/usn/usn-463-1

www.vim.org/news/news.php

www.vupen.com/english/advisories/2007/1599

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238259

exchange.xforce.ibmcloud.com/vulnerabilities/34012

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9876

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7

Confidence

Low

EPSS

0.018

Percentile

88.3%

Related for NVD:CVE-2007-2438

openvas9 redhat1 cve2 oraclelinux1 nessus7 centos1 prion2 ubuntucve1 cvelist1 securityvulns2 ubuntu1 debiancve1 osv2 debian2 nvd1