Lucene search

[email protected]NVD:CVE-2008-6235

HistoryFeb 21, 2009 - 11:30 p.m.

CVE-2008-6235

2009-02-2123:30:00

CWE-78

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.003

Percentile

67.9%

JSON

The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) “D” (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.

Affected configurations

Nvd

Node

vimvimMatch7.0

vimvimMatch7.1

VendorProductVersionCPE
vimvim7.0cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*
vimvim7.1cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vim	vim	7.0	cpe:2.3:a:vim:vim:7.0:::::::*
vim	vim	7.1	cpe:2.3:a:vim:vim:7.1:::::::*

References

lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

secunia.com/advisories/34418

www.openwall.com/lists/oss-security/2008/10/16/2

www.openwall.com/lists/oss-security/2008/10/20/2

www.rdancer.org/vulnerablevim-netrw.html

www.rdancer.org/vulnerablevim-netrw.v2.html

www.rdancer.org/vulnerablevim-netrw.v5.html

www.redhat.com/support/errata/RHSA-2008-0580.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11247

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.003

Percentile

67.9%

JSON

Related for NVD:CVE-2008-6235

debiancve1 cve1 cvelist1 ubuntucve1 prion1 nessus6 oraclelinux1 redhat1 openvas3 centos1