{"lastseen": "2017-07-02T21:10:23", "references": [], "pluginID": "58823", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "reporter": "Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: vim, vim-lite, vim-ruby, vim6, vim6-ruby", "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2017-07-02T21:10:23", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2953"]}, {"type": "freebsd", "idList": ["1ED03222-3C65-11DC-B3D3-0016179B2DD5"]}, {"type": "ubuntu", "idList": ["USN-505-1"]}, {"type": "nessus", "idList": ["SUSE_GVIM-4092.NASL", "REDHAT-RHSA-2008-0617.NASL", "FREEBSD_PKG_1ED032223C6511DCB3D30016179B2DD5.NASL", "MANDRAKE_MDKSA-2007-168.NASL", "DEBIAN_DSA-1364.NASL", "UBUNTU_USN-505-1.NASL", "SUSE9_11722.NASL", "CENTOS_RHSA-2008-0617.NASL", "SUSE_GVIM-4095.NASL", "ORACLELINUX_ELSA-2008-0617.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231065303", "OPENVAS:65303", "OPENVAS:1361412562310830035", "OPENVAS:840173", "OPENVAS:870059", "OPENVAS:830035", "OPENVAS:1361412562310880081", "OPENVAS:58584", "OPENVAS:880081", "OPENVAS:58613"]}, {"type": "osvdb", "idList": ["OSVDB:38674"]}, {"type": "seebug", "idList": ["SSV:2059"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1364-2:30E6F", "DEBIAN:DSA-1364-1:A03BE"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0617", "ELSA-2008-0580"]}, {"type": "centos", "idList": ["CESA-2008:0580", "CESA-2008:0617"]}, {"type": "redhat", "idList": ["RHSA-2008:0580", "RHSA-2008:0617"]}, {"type": "vmware", "idList": ["VMSA-2009-0004"]}], "modified": "2017-07-02T21:10:23", "rev": 2}, "vulnersScore": 5.9}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953"], "modified": "2016-10-04T00:00:00", "id": "OPENVAS:58823", "href": "http://plugins.openvas.org/nasl.php?oid=58823", "viewCount": 0, "sourceData": "#\n#VID 1ed03222-3c65-11dc-b3d3-0016179b2dd5\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n vim\n vim-lite\n vim-ruby\n vim6\n vim6-ruby\n\n=====\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/25941/\nhttp://www.vuxml.org/freebsd/1ed03222-3c65-11dc-b3d3-0016179b2dd5.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(58823);\n script_version(\"$Revision: 4203 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-04 07:30:30 +0200 (Tue, 04 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-2953\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: vim, vim-lite, vim-ruby, vim6, vim6-ruby\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"vim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.1.39\")<0) {\n txt += 'Package vim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"vim-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.1.39\")<0) {\n txt += 'Package vim-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"vim-ruby\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.1.39\")<0) {\n txt += 'Package vim-ruby version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"vim6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.1.39\")<0) {\n txt += 'Package vim6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"vim6-ruby\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.1.39\")<0) {\n txt += 'Package vim6-ruby version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}

{"cve": [{"lastseen": "2020-10-03T11:45:51", "description": "Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.", "edition": 3, "cvss3": {}, "published": "2007-07-31T10:17:00", "title": "CVE-2007-2953", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2007-2953"], "modified": "2018-10-16T16:46:00", "cpe": ["cpe:/a:vim_development_group:vim:7.1.38", "cpe:/a:vim_development_group:vim:7.0", "cpe:/a:vim_development_group:vim:7.1", "cpe:/a:vim_development_group:vim:6.4"], "id": "CVE-2007-2953", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2953", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:vim_development_group:vim:6.4:*:*:*:*:*:*:*", "cpe:2.3:a:vim_development_group:vim:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:vim_development_group:vim:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:vim_development_group:vim:7.1.38:*:*:*:*:*:*:*"]}], "freebsd": [{"lastseen": "2019-05-29T18:34:34", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2953"], "description": "\nA Secunia Advisory reports:\n\nA format string error in the \"helptags_one()\" function in\n\t src/ex_cmds.c when running the \"helptags\" command can be exploited\n\t to execute arbitrary code via specially crafted help files.\n\n", "edition": 5, "modified": "2007-07-27T00:00:00", "published": "2007-07-27T00:00:00", "id": "1ED03222-3C65-11DC-B3D3-0016179B2DD5", "href": "https://vuxml.freebsd.org/freebsd/1ed03222-3c65-11dc-b3d3-0016179b2dd5.html", "title": "vim -- Command Format String Vulnerability", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:29:12", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2953"], "description": "Ulf Harnhammar discovered that vim does not properly sanitise the \n\"helptags_one()\" function when running the \"helptags\" command. \nBy tricking a user into running a crafted help file, a remote attacker \ncould execute arbitrary code with the user's privileges.", "edition": 5, "modified": "2007-08-28T00:00:00", "published": "2007-08-28T00:00:00", "id": "USN-505-1", "href": "https://ubuntu.com/security/notices/USN-505-1", "title": "vim vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-10-01T00:37:08", "description": "A format string vulnerability in the helptags support in vim allows\nuser-assisted remote attackers to execute arbitrary code via format\nstring specifiers in a help-tags tag in a help file.\n\nUpdated packages have been patched to prevent this issue.", "edition": 20, "published": "2007-08-28T00:00:00", "title": "Mandrake Linux Security Advisory : vim (MDKSA-2007:168)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953"], "modified": "2020-10-02T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:vim-minimal", "p-cpe:/a:mandriva:linux:vim-common", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:vim-X11", "p-cpe:/a:mandriva:linux:vim-enhanced"], "id": "MANDRAKE_MDKSA-2007-168.NASL", "href": "https://www.tenable.com/plugins/nessus/25945", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:168. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25945);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:49\");\n\n script_cve_id(\"CVE-2007-2953\");\n script_bugtraq_id(25095);\n script_xref(name:\"MDKSA\", value:\"2007:168\");\n\n script_name(english:\"Mandrake Linux Security Advisory : vim (MDKSA-2007:168)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A format string vulnerability in the helptags support in vim allows\nuser-assisted remote attackers to execute arbitrary code via format\nstring specifiers in a help-tags tag in a help file.\n\nUpdated packages have been patched to prevent this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/08/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"vim-X11-7.0-16.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"vim-common-7.0-16.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"vim-enhanced-7.0-16.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"vim-minimal-7.0-16.2mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", reference:\"vim-X11-7.0-16.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"vim-common-7.0-16.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"vim-enhanced-7.0-16.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"vim-minimal-7.0-16.2mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-01T03:44:35", "description": "Ulf Harnhammar discovered that vim does not properly sanitise the\n'helptags_one()' function when running the 'helptags' command. By\ntricking a user into running a crafted help file, a remote attacker\ncould execute arbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2007-11-10T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 : vim vulnerability (USN-505-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953"], "modified": "2020-10-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:vim-doc", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:vim-common", "p-cpe:/a:canonical:ubuntu_linux:vim-python", "p-cpe:/a:canonical:ubuntu_linux:vim-gui-common", "p-cpe:/a:canonical:ubuntu_linux:vim-ruby", "p-cpe:/a:canonical:ubuntu_linux:vim", "p-cpe:/a:canonical:ubuntu_linux:vim-gnome", "p-cpe:/a:canonical:ubuntu_linux:vim-tcl", "p-cpe:/a:canonical:ubuntu_linux:vim-tiny", "p-cpe:/a:canonical:ubuntu_linux:vim-full", "p-cpe:/a:canonical:ubuntu_linux:vim-perl", "cpe:/o:canonical:ubuntu_linux:7.04", "p-cpe:/a:canonical:ubuntu_linux:vim-gtk", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "p-cpe:/a:canonical:ubuntu_linux:vim-runtime"], "id": "UBUNTU_USN-505-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28109", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-505-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28109);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:33:01\");\n\n script_cve_id(\"CVE-2007-2953\");\n script_bugtraq_id(25095);\n script_xref(name:\"USN\", value:\"505-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 : vim vulnerability (USN-505-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar discovered that vim does not properly sanitise the\n'helptags_one()' function when running the 'helptags' command. By\ntricking a user into running a crafted help file, a remote attacker\ncould execute arbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/505-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-full\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-gui-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-tiny\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim\", pkgver:\"1:6.4-006+2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-common\", pkgver:\"6.4-006+2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-doc\", pkgver:\"6.4-006+2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-gnome\", pkgver:\"6.4-006+2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-gtk\", pkgver:\"6.4-006+2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-gui-common\", pkgver:\"6.4-006+2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-perl\", pkgver:\"6.4-006+2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-python\", pkgver:\"6.4-006+2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-ruby\", pkgver:\"6.4-006+2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-runtime\", pkgver:\"6.4-006+2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-tcl\", pkgver:\"6.4-006+2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-tiny\", pkgver:\"6.4-006+2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vim\", pkgver:\"1:7.0-035+1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vim-common\", pkgver:\"7.0-035+1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vim-doc\", pkgver:\"7.0-035+1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vim-full\", pkgver:\"7.0-035+1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vim-gnome\", pkgver:\"7.0-035+1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vim-gtk\", pkgver:\"7.0-035+1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vim-gui-common\", pkgver:\"7.0-035+1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vim-perl\", pkgver:\"7.0-035+1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vim-python\", pkgver:\"7.0-035+1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vim-ruby\", pkgver:\"7.0-035+1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vim-runtime\", pkgver:\"7.0-035+1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vim-tcl\", pkgver:\"7.0-035+1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vim-tiny\", pkgver:\"7.0-035+1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vim\", pkgver:\"1:7.0-164+1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vim-common\", pkgver:\"7.0-164+1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vim-doc\", pkgver:\"7.0-164+1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vim-full\", pkgver:\"7.0-164+1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vim-gnome\", pkgver:\"7.0-164+1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vim-gtk\", pkgver:\"7.0-164+1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vim-gui-common\", pkgver:\"7.0-164+1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vim-perl\", pkgver:\"7.0-164+1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vim-python\", pkgver:\"7.0-164+1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vim-ruby\", pkgver:\"7.0-164+1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vim-runtime\", pkgver:\"7.0-164+1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vim-tcl\", pkgver:\"7.0-164+1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vim-tiny\", pkgver:\"7.0-164+1ubuntu7.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim / vim-common / vim-doc / vim-full / vim-gnome / vim-gtk / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-01T02:45:42", "description": "This update of Vim addresses a format-string bug in 'helptags'. This\nbug can be exploited to execute code with the privileges of the user\nrunning Vim. (CVE-2007-2953)", "edition": 20, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : vim and gvim (YOU Patch Number 11722)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953"], "modified": "2020-10-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_11722.NASL", "href": "https://www.tenable.com/plugins/nessus/41148", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41148);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:29\");\n\n script_cve_id(\"CVE-2007-2953\");\n\n script_name(english:\"SuSE9 Security Update : vim and gvim (YOU Patch Number 11722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of Vim addresses a format-string bug in 'helptags'. This\nbug can be exploited to execute code with the privileges of the user\nrunning Vim. (CVE-2007-2953)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2953.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 11722.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"gvim-6.2-235.4\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"vim-6.2-235.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-01T03:19:58", "description": "This update of Vim addresses a format-string bug in 'helptags'. This\nbug can be exploited to execute code with the privileges of the user\nrunning Vim. (CVE-2007-2953)", "edition": 20, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : vim and gvim (ZYPP Patch Number 4095)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953"], "modified": "2020-10-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GVIM-4095.NASL", "href": "https://www.tenable.com/plugins/nessus/29456", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29456);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/10/25 13:36:30\");\n\n script_cve_id(\"CVE-2007-2953\");\n\n script_name(english:\"SuSE 10 Security Update : vim and gvim (ZYPP Patch Number 4095)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of Vim addresses a format-string bug in 'helptags'. This\nbug can be exploited to execute code with the privileges of the user\nrunning Vim. (CVE-2007-2953)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2953.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4095.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"vim-6.4.6-19.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"gvim-6.4.6-19.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"vim-6.4.6-19.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-01T03:19:58", "description": "This update of Vim addresses a format-string bug in 'helptags'. This\nbug can be exploited to execute code with the privileges of the user\nrunning Vim. (CVE-2007-2953)", "edition": 21, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : gvim (gvim-4092)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953"], "modified": "2020-10-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gvim", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:vim-enhanced", "p-cpe:/a:novell:opensuse:vim", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_GVIM-4092.NASL", "href": "https://www.tenable.com/plugins/nessus/27258", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gvim-4092.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27258);\n script_version (\"1.12\");\n script_cvs_date(\"Date: 2019/10/25 13:36:30\");\n\n script_cve_id(\"CVE-2007-2953\");\n\n script_name(english:\"openSUSE 10 Security Update : gvim (gvim-4092)\");\n script_summary(english:\"Check for the gvim-4092 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of Vim addresses a format-string bug in 'helptags'. This\nbug can be exploited to execute code with the privileges of the user\nrunning Vim. (CVE-2007-2953)\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gvim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gvim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"gvim-6.4.6-19.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"vim-6.4.6-19.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"gvim-7.0-38\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"vim-7.0-38\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"vim-enhanced-7.0-38\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-01T06:30:30", "description": "A Secunia Advisory reports :\n\nA format string error in the 'helptags_one()' function in\nsrc/ex_cmds.c when running the 'helptags' command can be exploited to\nexecute arbitrary code via specially crafted help files.", "edition": 22, "published": "2007-07-30T00:00:00", "title": "FreeBSD : vim -- Command Format String Vulnerability (1ed03222-3c65-11dc-b3d3-0016179b2dd5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953"], "modified": "2020-10-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:vim-console", "p-cpe:/a:freebsd:freebsd:vim6-ruby", "p-cpe:/a:freebsd:freebsd:vim6", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:vim-lite", "p-cpe:/a:freebsd:freebsd:vim-ruby", "p-cpe:/a:freebsd:freebsd:vim"], "id": "FREEBSD_PKG_1ED032223C6511DCB3D30016179B2DD5.NASL", "href": "https://www.tenable.com/plugins/nessus/25802", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25802);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:38\");\n\n script_cve_id(\"CVE-2007-2953\");\n script_xref(name:\"Secunia\", value:\"25941\");\n\n script_name(english:\"FreeBSD : vim -- Command Format String Vulnerability (1ed03222-3c65-11dc-b3d3-0016179b2dd5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Secunia Advisory reports :\n\nA format string error in the 'helptags_one()' function in\nsrc/ex_cmds.c when running the 'helptags' command can be exploited to\nexecute arbitrary code via specially crafted help files.\"\n );\n # https://vuxml.freebsd.org/freebsd/1ed03222-3c65-11dc-b3d3-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?168fc9f9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vim-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vim-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vim-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vim6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vim6-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"vim<7.1.39\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim-console<7.1.39\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim-lite<7.1.39\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim-ruby<7.1.39\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim6<7.1.39\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim6-ruby<7.1.39\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-01T05:31:01", "description": "Several vulnerabilities have been discovered in the vim editor. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2007-2953\n Ulf Harnhammar discovered that a format string flaw in\n helptags_one() from src/ex_cmds.c (triggered through the\n 'helptags' command) can lead to the execution of\n arbitrary code.\n\n - CVE-2007-2438\n Editors often provide a way to embed editor\n configuration commands (aka modelines) which are\n executed once a file is opened. Harmful commands are\n filtered by a sandbox mechanism. It was discovered that\n function calls to writefile(), feedkeys() and system()\n were not filtered, allowing shell command execution with\n a carefully crafted file opened in vim.\n\nThis updated advisory repairs issues with missing files in the\npackages for the oldstable distribution (sarge) for the alpha, mips,\nand mipsel architectures.", "edition": 24, "published": "2007-09-03T00:00:00", "title": "Debian DSA-1364-2 : vim - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953", "CVE-2007-2438"], "modified": "2020-10-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:vim"], "id": "DEBIAN_DSA-1364.NASL", "href": "https://www.tenable.com/plugins/nessus/25964", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1364. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25964);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2019/08/02 13:32:20\");\n\n script_cve_id(\"CVE-2007-2438\", \"CVE-2007-2953\");\n script_xref(name:\"DSA\", value:\"1364\");\n\n script_name(english:\"Debian DSA-1364-2 : vim - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the vim editor. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2007-2953\n Ulf Harnhammar discovered that a format string flaw in\n helptags_one() from src/ex_cmds.c (triggered through the\n 'helptags' command) can lead to the execution of\n arbitrary code.\n\n - CVE-2007-2438\n Editors often provide a way to embed editor\n configuration commands (aka modelines) which are\n executed once a file is opened. Harmful commands are\n filtered by a sandbox mechanism. It was discovered that\n function calls to writefile(), feedkeys() and system()\n were not filtered, allowing shell command execution with\n a carefully crafted file opened in vim.\n\nThis updated advisory repairs issues with missing files in the\npackages for the oldstable distribution (sarge) for the alpha, mips,\nand mipsel architectures.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-2953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-2438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-2438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1364\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the vim packages.\n\nFor the oldstable distribution (sarge) these problems have been fixed\nin version 6.3-071+1sarge2. Sarge is not affected by CVE-2007-2438.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 7.0-122+1etch3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"vim\", reference:\"6.3-071+1sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"vim-common\", reference:\"6.3-071+1sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"vim-doc\", reference:\"6.3-071+1sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"vim-full\", reference:\"6.3-071+1sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"vim-gnome\", reference:\"6.3-071+1sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"vim-gtk\", reference:\"6.3-071+1sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"vim-lesstif\", reference:\"6.3-071+1sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"vim-perl\", reference:\"6.3-071+1sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"vim-python\", reference:\"6.3-071+1sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"vim-ruby\", reference:\"6.3-071+1sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"vim-tcl\", reference:\"6.3-071+1sarge2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim\", reference:\"7.0-122+1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-common\", reference:\"7.0-122+1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-doc\", reference:\"7.0-122+1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-full\", reference:\"7.0-122+1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-gnome\", reference:\"7.0-122+1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-gtk\", reference:\"7.0-122+1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-gui-common\", reference:\"7.0-122+1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-lesstif\", reference:\"7.0-122+1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-perl\", reference:\"7.0-122+1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-python\", reference:\"7.0-122+1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-ruby\", reference:\"7.0-122+1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-runtime\", reference:\"7.0-122+1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-tcl\", reference:\"7.0-122+1etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-tiny\", reference:\"7.0-122+1etch3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-01T01:34:08", "description": "From Red Hat Security Advisory 2008:0617 :\n\nUpdated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "edition": 22, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : vim (ELSA-2008-0617)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-2712"], "modified": "2020-10-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:vim-enhanced", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:vim-X11", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:vim-minimal", "p-cpe:/a:oracle:linux:vim-common"], "id": "ORACLELINUX_ELSA-2008-0617.NASL", "href": "https://www.tenable.com/plugins/nessus/67732", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0617 and \n# Oracle Linux Security Advisory ELSA-2008-0617 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67732);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/25 13:36:07\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3432\", \"CVE-2008-4101\");\n script_xref(name:\"RHSA\", value:\"2008:0617\");\n\n script_name(english:\"Oracle Linux 3 / 4 : vim (ELSA-2008-0617)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0617 :\n\nUpdated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-November/000814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-November/000815.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"vim-X11-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"vim-X11-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"vim-common-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"vim-common-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"vim-enhanced-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"vim-enhanced-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"vim-minimal-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"vim-minimal-6.3.046-0.30E.11\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"vim-X11-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"vim-common-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"vim-enhanced-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"vim-minimal-6.3.046-1.el4_7.5z\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim-X11 / vim-common / vim-enhanced / vim-minimal\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-01T05:14:54", "description": "Updated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "edition": 24, "published": "2009-04-23T00:00:00", "title": "CentOS 3 / 4 : vim (CESA-2008:0617)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-2712"], "modified": "2020-10-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:vim-common", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:vim-minimal", "p-cpe:/a:centos:centos:vim-enhanced", "p-cpe:/a:centos:centos:vim-X11", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2008-0617.NASL", "href": "https://www.tenable.com/plugins/nessus/37794", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0617 and \n# CentOS Errata and Security Advisory 2008:0617 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37794);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/10/25 13:36:04\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3432\", \"CVE-2008-4101\");\n script_xref(name:\"RHSA\", value:\"2008:0617\");\n\n script_name(english:\"CentOS 3 / 4 : vim (CESA-2008:0617)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015438.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc54fc6a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015439.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?367a1c9a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015440.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fbfb5dee\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015442.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4a2cdf8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015457.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec3f54e1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015458.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22256de6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"vim-X11-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"vim-common-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"vim-enhanced-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"vim-minimal-6.3.046-0.30E.11\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"vim-X11-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"vim-X11-6.3.046-1.c4.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"vim-X11-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"vim-common-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"vim-common-6.3.046-1.c4.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"vim-common-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"vim-enhanced-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"vim-enhanced-6.3.046-1.c4.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"vim-enhanced-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"vim-minimal-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"vim-minimal-6.3.046-1.c4.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"vim-minimal-6.3.046-1.el4_7.5z\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim-X11 / vim-common / vim-enhanced / vim-minimal\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-01T01:53:48", "description": "Updated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "edition": 24, "published": "2008-11-25T00:00:00", "title": "RHEL 3 / 4 : vim (RHSA-2008:0617)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-2712"], "modified": "2020-10-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:vim-X11", "p-cpe:/a:redhat:enterprise_linux:vim-common", "p-cpe:/a:redhat:enterprise_linux:vim-enhanced", "cpe:/o:redhat:enterprise_linux:4.7", "p-cpe:/a:redhat:enterprise_linux:vim-minimal"], "id": "REDHAT-RHSA-2008-0617.NASL", "href": "https://www.tenable.com/plugins/nessus/34954", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0617. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34954);\n script_version (\"1.28\");\n script_cvs_date(\"Date: 2019/10/25 13:36:13\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3432\", \"CVE-2008-4101\");\n script_xref(name:\"RHSA\", value:\"2008:0617\");\n\n script_name(english:\"RHEL 3 / 4 : vim (RHSA-2008:0617)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0617\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0617\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"vim-X11-6.3.046-0.30E.11\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"vim-common-6.3.046-0.30E.11\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"vim-enhanced-6.3.046-0.30E.11\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"vim-minimal-6.3.046-0.30E.11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-X11-6.3.046-1.el4_7.5z\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-common-6.3.046-1.el4_7.5z\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-enhanced-6.3.046-1.el4_7.5z\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-minimal-6.3.046-1.el4_7.5z\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim-X11 / vim-common / vim-enhanced / vim-minimal\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-26T08:55:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n vim\n gvim\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017978 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65303", "href": "http://plugins.openvas.org/nasl.php?oid=65303", "type": "openvas", "title": "SLES9: Security update for vim and gvim", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5017978.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for vim and gvim\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n vim\n gvim\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017978 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65303);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2953\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for vim and gvim\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~6.2~235.4\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953"], "description": "Check for the Version of vim", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830035", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830035", "type": "openvas", "title": "Mandriva Update for vim MDKSA-2007:168 (vim)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for vim MDKSA-2007:168 (vim)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A format string vulnerability in the helptags support in vim allows\n user-assisted remote attackers to execute arbitrary code via format\n string specifiers in a help-tags tag in a help file.\n\n Updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"vim on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-08/msg00012.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830035\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:168\");\n script_cve_id(\"CVE-2007-2953\");\n script_name( \"Mandriva Update for vim MDKSA-2007:168 (vim)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.0~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.0~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.0~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.0~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.0~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.0~16.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.0~16.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.0~16.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.0~16.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.0~16.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:57:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953"], "description": "Check for the Version of vim", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830035", "href": "http://plugins.openvas.org/nasl.php?oid=830035", "type": "openvas", "title": "Mandriva Update for vim MDKSA-2007:168 (vim)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for vim MDKSA-2007:168 (vim)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A format string vulnerability in the helptags support in vim allows\n user-assisted remote attackers to execute arbitrary code via format\n string specifiers in a help-tags tag in a help file.\n\n Updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"vim on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-08/msg00012.php\");\n script_id(830035);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:168\");\n script_cve_id(\"CVE-2007-2953\");\n script_name( \"Mandriva Update for vim MDKSA-2007:168 (vim)\");\n\n script_summary(\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.0~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.0~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.0~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.0~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.0~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~7.0~16.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~7.0~16.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~7.0~16.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~7.0~16.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~7.0~16.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n vim\n gvim\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017978 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065303", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065303", "type": "openvas", "title": "SLES9: Security update for vim and gvim", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5017978.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for vim and gvim\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n vim\n gvim\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5017978 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65303\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2953\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for vim and gvim\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~6.2~235.4\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:28:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-505-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840173", "href": "http://plugins.openvas.org/nasl.php?oid=840173", "type": "openvas", "title": "Ubuntu Update for vim vulnerability USN-505-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_505_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for vim vulnerability USN-505-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ulf Harnhammar discovered that vim does not properly sanitise the\n &quot;helptags_one()&quot; function when running the &quot;helptags&quot; command.\n By tricking a user into running a crafted help file, a remote attacker\n could execute arbitrary code with the user's privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-505-1\";\ntag_affected = \"vim vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-505-1/\");\n script_id(840173);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"505-1\");\n script_cve_id(\"CVE-2007-2953\");\n script_name( \"Ubuntu Update for vim vulnerability USN-505-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"7.0-164+1ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"7.0-164+1ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-tiny\", ver:\"7.0-164+1ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim\", ver:\"7.0-164+1ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-full\", ver:\"7.0-164+1ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"7.0-164+1ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"7.0-164+1ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"7.0-164+1ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"7.0-164+1ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"7.0-164+1ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"7.0-164+1ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-gui-common\", ver:\"7.0-164+1ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-runtime\", ver:\"7.0-164+1ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"6.4-006+2ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"6.4-006+2ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-gui-common\", ver:\"6.4-006+2ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-tiny\", ver:\"6.4-006+2ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim\", ver:\"6.4-006+2ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"6.4-006+2ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"6.4-006+2ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"6.4-006+2ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"6.4-006+2ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"6.4-006+2ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"6.4-006+2ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-runtime\", ver:\"6.4-006+2ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"7.0-035+1ubuntu5.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"7.0-035+1ubuntu5.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-tiny\", ver:\"7.0-035+1ubuntu5.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim\", ver:\"7.0-035+1ubuntu5.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-full\", ver:\"7.0-035+1ubuntu5.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"7.0-035+1ubuntu5.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"7.0-035+1ubuntu5.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"7.0-035+1ubuntu5.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"7.0-035+1ubuntu5.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"7.0-035+1ubuntu5.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"7.0-035+1ubuntu5.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-gui-common\", ver:\"7.0-035+1ubuntu5.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vim-runtime\", ver:\"7.0-035+1ubuntu5.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953", "CVE-2007-2438"], "description": "The remote host is missing an update to vim\nannounced via advisory DSA 1364-2.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:58613", "href": "http://plugins.openvas.org/nasl.php?oid=58613", "type": "openvas", "title": "Debian Security Advisory DSA 1364-2 (vim)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1364_2.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1364-2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the vim editor. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-2953\n\nUlf Harnhammar discovered that a format string flaw in helptags_one() from\nsrc/ex_cmds.c (triggered through the helptags command) can lead to the\nexecution of arbitrary code.\n\nCVE-2007-2438\n\nEditors often provide a way to embed editor configuration commands (aka\nmodelines) which are executed once a file is opened. Harmful commands\nare filtered by a sandbox mechanism. It was discovered that function\ncalls to writefile(), feedkeys() and system() were not filtered, allowing\nshell command execution with a carefully crafted file opened in vim.\n\nThis updated advisory repairs issues with missing files in the packages\nfor the oldstable distribution (sarge) for the alpha, mips, and mipsel\narchitectures.\n\nFor the oldstable distribution (sarge) these problems have been fixed in\nversion 6.3-071+1sarge2. Sarge is not affected by CVE-2007-2438.\n\nFor the stable distribution (etch) these problems have been fixed\nin version 7.0-122+1etch3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 7.1-056+1.\n\nWe recommend that you upgrade your vim packages.\";\ntag_summary = \"The remote host is missing an update to vim\nannounced via advisory DSA 1364-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201364-2\";\n\nif(description)\n{\n script_id(58613);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:19:52 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-2438\", \"CVE-2007-2953\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1364-2 (vim)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-full\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-lesstif\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gui-common\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-runtime\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-full\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-lesstif\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tiny\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953", "CVE-2007-2438"], "description": "The remote host is missing an update to vim\nannounced via advisory DSA 1364-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:58584", "href": "http://plugins.openvas.org/nasl.php?oid=58584", "type": "openvas", "title": "Debian Security Advisory DSA 1364-1 (vim)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1364_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1364-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the vim editor. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-2953\n\nUlf Harnhammar discovered that a format string flaw in helptags_one() from\nsrc/ex_cmds.c (triggered through the helptags command) can lead to the\nexecution of arbitrary code.\n\nCVE-2007-2438\n\nEditors often provide a way to embed editor configuration commands (aka\nmodelines) which are executed once a file is opened. Harmful commands\nare filtered by a sandbox mechanism. It was discovered that function\ncalls to writefile(), feedkeys() and system() were not filtered, allowing\nshell command execution with a carefully crafted file opened in vim.\n\nFor the oldstable distribution (sarge) these problems have been fixed in\nversion 6.3-071+1sarge2. Sarge is not affected by CVE-2007-2438.\n\nFor the stable distribution (etch) these problems have been fixed\nin version 7.0-122+1etch3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 7.1-056+1.\n\nWe recommend that you upgrade your vim packages.\";\ntag_summary = \"The remote host is missing an update to vim\nannounced via advisory DSA 1364-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201364-1\";\n\nif(description)\n{\n script_id(58584);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:19:52 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-2438\", \"CVE-2007-2953\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1364-1 (vim)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-full\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-lesstif\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"6.3-071+1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gui-common\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-runtime\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-full\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-lesstif\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tiny\", ver:\"7.0-122+1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-2712"], "description": "Check for the Version of vim", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870059", "href": "http://plugins.openvas.org/nasl.php?oid=870059", "type": "openvas", "title": "RedHat Update for vim RHSA-2008:0617-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for vim RHSA-2008:0617-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vim (Visual editor IMproved) is an updated and improved version of the vi\n editor.\n\n Several input sanitization flaws were found in Vim's keyword and tag\n handling. If Vim looked up a document's maliciously crafted tag or keyword,\n it was possible to execute arbitrary code as the user running Vim.\n (CVE-2008-4101)\n \n A heap-based overflow flaw was discovered in Vim's expansion of file name\n patterns with shell wildcards. An attacker could create a specially-crafted\n file or directory name that, when opened by Vim, caused the application to\n crash or, possibly, execute arbitrary code. (CVE-2008-3432)\n \n Several input sanitization flaws were found in various Vim system\n functions. If a user opened a specially crafted file, it was possible to\n execute arbitrary code as the user running Vim. (CVE-2008-2712)\n \n Ulf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\n Vim's help tag processor. If a user was tricked into executing the\n &quot;helptags&quot; command on malicious data, arbitrary code could be executed with\n the permissions of the user running Vim. (CVE-2007-2953)\n \n All Vim users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\";\n\ntag_affected = \"vim on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-November/msg00013.html\");\n script_id(870059);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0617-01\");\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3432\", \"CVE-2008-4101\");\n script_name( \"RedHat Update for vim RHSA-2008:0617-01\");\n\n script_summary(\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~6.3.046~1.el4_7.5z\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~6.3.046~1.el4_7.5z\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-debuginfo\", rpm:\"vim-debuginfo~6.3.046~1.el4_7.5z\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~6.3.046~1.el4_7.5z\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~6.3.046~1.el4_7.5z\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~6.3.046~0.30E.11\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~6.3.046~0.30E.11\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-debuginfo\", rpm:\"vim-debuginfo~6.3.046~0.30E.11\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~6.3.046~0.30E.11\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~6.3.046~0.30E.11\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-2712"], "description": "Check for the Version of vim-common", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880081", "type": "openvas", "title": "CentOS Update for vim-common CESA-2008:0617 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for vim-common CESA-2008:0617 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vim (Visual editor IMproved) is an updated and improved version of the vi\n editor.\n\n Several input sanitization flaws were found in Vim's keyword and tag\n handling. If Vim looked up a document's maliciously crafted tag or keyword,\n it was possible to execute arbitrary code as the user running Vim.\n (CVE-2008-4101)\n \n A heap-based overflow flaw was discovered in Vim's expansion of file name\n patterns with shell wildcards. An attacker could create a specially-crafted\n file or directory name that, when opened by Vim, caused the application to\n crash or, possibly, execute arbitrary code. (CVE-2008-3432)\n \n Several input sanitization flaws were found in various Vim system\n functions. If a user opened a specially crafted file, it was possible to\n execute arbitrary code as the user running Vim. (CVE-2008-2712)\n \n Ulf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\n Vim's help tag processor. If a user was tricked into executing the\n &quot;helptags&quot; command on malicious data, arbitrary code could be executed with\n the permissions of the user running Vim. (CVE-2007-2953)\n \n All Vim users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\";\n\ntag_affected = \"vim-common on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-November/015438.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880081\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0617\");\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3432\", \"CVE-2008-4101\");\n script_name( \"CentOS Update for vim-common CESA-2008:0617 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of vim-common\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~6.3.046~0.30E.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~6.3.046~0.30E.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~6.3.046~0.30E.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~6.3.046~0.30E.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~6.3.046~0.30E.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-2712"], "description": "Check for the Version of vim-common", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880081", "href": "http://plugins.openvas.org/nasl.php?oid=880081", "type": "openvas", "title": "CentOS Update for vim-common CESA-2008:0617 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for vim-common CESA-2008:0617 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vim (Visual editor IMproved) is an updated and improved version of the vi\n editor.\n\n Several input sanitization flaws were found in Vim's keyword and tag\n handling. If Vim looked up a document's maliciously crafted tag or keyword,\n it was possible to execute arbitrary code as the user running Vim.\n (CVE-2008-4101)\n \n A heap-based overflow flaw was discovered in Vim's expansion of file name\n patterns with shell wildcards. An attacker could create a specially-crafted\n file or directory name that, when opened by Vim, caused the application to\n crash or, possibly, execute arbitrary code. (CVE-2008-3432)\n \n Several input sanitization flaws were found in various Vim system\n functions. If a user opened a specially crafted file, it was possible to\n execute arbitrary code as the user running Vim. (CVE-2008-2712)\n \n Ulf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\n Vim's help tag processor. If a user was tricked into executing the\n &quot;helptags&quot; command on malicious data, arbitrary code could be executed with\n the permissions of the user running Vim. (CVE-2007-2953)\n \n All Vim users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\";\n\ntag_affected = \"vim-common on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-November/015438.html\");\n script_id(880081);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0617\");\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3432\", \"CVE-2008-4101\");\n script_name( \"CentOS Update for vim-common CESA-2008:0617 centos3 i386\");\n\n script_summary(\"Check for the Version of vim-common\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~6.3.046~0.30E.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~6.3.046~0.30E.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~6.3.046~0.30E.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~6.3.046~0.30E.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~6.3.046~0.30E.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "cvelist": ["CVE-2007-2953"], "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.vim.org/\n[Secunia Advisory ID:25941](https://secuniaresearch.flexerasoftware.com/advisories/25941/)\n[Secunia Advisory ID:26594](https://secuniaresearch.flexerasoftware.com/advisories/26594/)\n[Secunia Advisory ID:26674](https://secuniaresearch.flexerasoftware.com/advisories/26674/)\n[Secunia Advisory ID:26522](https://secuniaresearch.flexerasoftware.com/advisories/26522/)\n[Secunia Advisory ID:26653](https://secuniaresearch.flexerasoftware.com/advisories/26653/)\n[Secunia Advisory ID:26285](https://secuniaresearch.flexerasoftware.com/advisories/26285/)\n[Secunia Advisory ID:26822](https://secuniaresearch.flexerasoftware.com/advisories/26822/)\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-July/000219.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:168\nOther Advisory URL: http://www.ubuntu.com/usn/usn-505-1\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1364\nOther Advisory URL: http://www.trustix.org/errata/2007/0026/\nOther Advisory URL: http://secunia.com/secunia_research/2007-66/advisory/\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00007.html\nISS X-Force ID: 35655\nFrSIRT Advisory: ADV-2007-2687\n[CVE-2007-2953](https://vulners.com/cve/CVE-2007-2953)\nBugtraq ID: 25095\n", "edition": 1, "modified": "2007-07-27T17:06:32", "published": "2007-07-27T17:06:32", "href": "https://vulners.com/osvdb/OSVDB:38674", "id": "OSVDB:38674", "title": "Vim src/ex_cmds.c helptags_one Function help-tags Command Format String", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T21:59:59", "description": "BUGTRAQ ID: 25095\r\nCVE(CAN) ID: CVE-2007-2953\r\n\r\nVIM\u662f\u4e00\u6b3e\u514d\u8d39\u5f00\u653e\u6e90\u4ee3\u7801\u6587\u672c\u7f16\u8f91\u5668\uff0c\u53ef\u4f7f\u7528\u5728Unix/Linux\u64cd\u4f5c\u7cfb\u7edf\u4e0b\u3002\r\n\r\nVIM\u7684src/ex_cmds.c\u6587\u4ef6\u4e2d\u7684helptags_one()\u51fd\u6570\u5b58\u5728\u683c\u5f0f\u4e32\u5904\u7406\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63d0\u5347\u81ea\u5df1\u7684\u6743\u9650\u3002\r\n\r\n\u5982\u679c\u653b\u51fb\u8005\u53d7\u9a97\u5bf9\u6076\u610f\u6570\u636e\u8fd0\u884c\u4e86helptags\u547d\u4ee4\u7684\u8bdd\uff0c\u653b\u51fb\u8005\u5c31\u53ef\u4ee5\u901a\u8fc7\u7279\u5236\u7684\u5e2e\u52a9\u6587\u4ef6\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\n\nVIM Development Group VIM 7.1\r\nVIM Development Group VIM 6.4\r\n\n \u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039\" target=\"_blank\">ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039</a>", "published": "2007-08-01T00:00:00", "title": "Vim HelpTags\u547d\u4ee4\u8fdc\u7a0b\u683c\u5f0f\u4e32\u5904\u7406\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-2953"], "modified": "2007-08-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2059", "id": "SSV:2059", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "debian": [{"lastseen": "2020-08-12T01:10:33", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2953", "CVE-2007-2438"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1364-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 1st, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : vim\nVulnerability : several\nProblem-Type : local(remote)\nDebian-specific: no\nCVE ID : CVE-2007-2438 CVE-2007-2953\n\nSeveral vulnerabilities have been discovered in the vim editor. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-2953\n\n Ulf Harnhammar discovered that a format string flaw in helptags_one() from\n src/ex_cmds.c (triggered through the &quot;helptags&quot; command) can lead to the\n execution of arbitrary code.\n\nCVE-2007-2438\n\n Editors often provide a way to embed editor configuration commands (aka\n modelines) which are executed once a file is opened. Harmful commands\n are filtered by a sandbox mechanism. It was discovered that function\n calls to writefile(), feedkeys() and system() were not filtered, allowing\n shell command execution with a carefully crafted file opened in vim.\n\nFor the oldstable distribution (sarge) these problems have been fixed in\nversion 6.3-071+1sarge2. Sarge is not affected by CVE-2007-2438.\n\nFor the stable distribution (etch) these problems have been fixed\nin version 7.0-122+1etch3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 7.1-056+1.\n\nWe recommend that you upgrade your vim packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2.dsc\n Size/MD5 checksum: 1376 a447ab6dba1d93c924841af4234e0f5b\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2.diff.gz\n Size/MD5 checksum: 262331 96005f014eb64ad9e9056daf0f578582\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3.orig.tar.gz\n Size/MD5 checksum: 5624622 de1c964ceedbc13538da87d2d73fd117\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/v/vim/vim-common_6.3-071+1sarge2_all.deb\n Size/MD5 checksum: 3424544 bd11013f7a21dfa3b6ba0c819eec5cc6\n http://security.debian.org/pool/updates/main/v/vim/vim-doc_6.3-071+1sarge2_all.deb\n Size/MD5 checksum: 1649542 d7d8c03c0c8247a253dbb261fa40d983\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 1735176 c18c09278385e50ef175d00c38765e3e\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3462 68b1f1e458dd1fb72d3d99c3d2d3280f\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3426 e17d73f7bc00653179c9ca16140ea8ff\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3430 688a1bc167efa9a239a9a891f61b2b85\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3432 1300702e3b2b8d67c675764487d6a48e\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3440 80f3c4d428bc9392eaf9b18f6f1b0972\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3442 b88a1d3527a7fff8fbd4b824086a4b10\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3442 770388cea68a78dafbdf72add2d16521\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_alpha.deb\n Size/MD5 checksum: 3438 de7485b3a293ff3022b324a695c244a5\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 770114 6f1818ee5504c2b0a5e52ee8d41b1806\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 835450 950d2cc4f3dcbcb68bc9cf4283c33a33\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 797578 b284afa4fbc6deefda4e9e19ec46b1fe\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 795738 42372daac77df050d9d1a74226983972\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 736592 31e8cf65b1b7823641fb52b4de53dcfe\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 811434 3437e18e0dc9937fdec1ef2072895514\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 804926 53dd0076c07ea4bf6364abe1958e2160\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 799562 f9250a0b1256f1128986b41b483a4987\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 803722 f1e30ddf2b099448f8ed5058e0f3bef3\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 709024 a64946a72763ad6b703e446fe6a9ca8d\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 751764 2e1cc6ebdd372b78cda2f45da7344174\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 721944 44eabc81987efaec119cb564666a4b9a\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 719804 faf0821907791bc2558fc219416f445e\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 666224 b253c4fd98096052d07837174b5eae0b\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 731208 eadac82633345310e2556342a3d46a35\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 728042 1f9ed1e8bf41c8ea2c9fc3f4c5f3bc5b\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 723684 b95cd8f5e1c195d0b3c37de83a5a12cf\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 727856 c11561ac9aed6643f3edb973bdb35d87\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 797728 42b4f8c954d175ebef7538898cc18d01\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 862256 a637b52561f6d583f45f872064a1a899\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 824062 9b729c5c15e0b333fb245c543b35e188\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 822512 5139fb4205cc906080b1c78ed182bd31\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 765832 95d9c8e471c933e24de608f247d144fc\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 839224 837367925278355e6b2c6ab630661d97\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 830334 72fddfaecc1a3a621aac0b3d18728a65\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 826156 a832d560505158baa9ba8e2786d5c618\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 829102 948a745fa8344f1abb91f2db29731083\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 707422 bdccbc7d258dd54fda33fb650295e3cb\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 751260 30b45eb2dff9a7e8bfc893c6b5935bd6\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 717218 752630da7e5de6a4f83879038034c389\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 715366 cce7b0daa7da37655daba6ae7dd8994c\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 658294 73a84d3b0ca46499e5f3fc0fc186da18\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 730404 5632f3d97585c49cb6840f50eda67277\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 723092 9cdc1bd22d2c4945b42cfec3b8b3975f\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 718774 6d7099123fa130b800241aebbb9f0caf\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 722640 b5a8120adf8c08dbda532b61f6b21f10\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1091544 23059c89097a6d0549aaf0b896bbacb9\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1218936 420d7b019203c522af5e7fac02043405\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1169110 b03c8a05081d68c8313546a69fd1a5d7\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1166198 6461bde6a2d7f07865511d9af847f01f\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1104294 f6221a32ace9089991ea931b3de8d232\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1186082 144ffe06d52b65dcc9286a8b5c6bf3de\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1179320 1b637742c52df8a3a8a1f13688234f2c\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1172712 07597847bb95660cc8bb958c1ae4a0a3\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1178422 7de3bb540eddf5e9a4c9722970f27219\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 626270 a0214d151ca2d78c1586247ab2b4ce04\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 661418 7f1dd1e45d4ff01c99781c246b26563a\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 632364 b472eca7b2f3fac22af7f1a519a32e70\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 629680 64e0a57a01e16dc786df1798aff77a20\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 569728 d75b6d7f67ba573039537fa5cb1eb648\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 641228 a41b74e330b63c628c5e9a28d203d07f\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 637936 a19e651b3d58c6376bbd1f3f3cff1f02\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 634052 013ee9b71eb4fae12f71273ff07be3a3\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 637240 053b6be9b465e0343caa42421b3e33d9\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 1724446 eaa1354acdfe686ae4733c719e3fa324\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3486 bd2ea5c39efc62f3e28a54ee60ba520b\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3452 2db26cd7ff4958a01785ac1418d4855f\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3448 d5484db5e59b9c76d6e6f4a0a36d573d\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3454 e1303dde4ea8977d49dc529a018c267f\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3458 113d5f3577093dee854c4882ad5110b0\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3468 ac9793a461335cfa4433e27c17a40262\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3462 bb6600be7924ac036fec3630a0366858\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_mips.deb\n Size/MD5 checksum: 3456 49aab12417ce2c520c11696266a9adf2\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 1724466 3f90034a00c1f19f5922e150ea75a668\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3492 5622f6d8fca5bcc4a7f917a274d81765\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3458 22ec838e6b22dc2151cb2ac56fee4811\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3454 77a226b22a284b770076464e4012b5e2\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3456 f64c4923723d9ff656e5723518b9e605\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3462 2f564fc9bdd38fc60215ae0aa1988aea\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3468 610a5913c3fb09cea7e985dc53cf1b7b\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3462 dc176e60120348b0de465422b9eecd02\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_mipsel.deb\n Size/MD5 checksum: 3462 5c9ce3c08de7a82468a28f45b96d7885\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 759356 13ed418d17004f655fb909e17b48c01c\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 817014 4cdc2957622d50028cca8cc127477919\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 782218 addb6819008a2acd11b0d910cbf90812\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 779576 e1aa5d5e50514beede939bbf613f9573\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 722836 b253da2ab0fa24b76dfec7289d294489\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 794672 a007815fddaaa33294f4cd3cc684f706\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 788202 b054d92d2a1d28ec742e2578724ff001\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 783176 ed5eff7ae2b07a23aa2d5b4f39d0d8ac\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 787486 f719be5b8a23817e782d8727da069c2f\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 759782 d36357c298b983814c800393e6af36ba\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 823480 4409efbc21f8ce4989277362e07cb487\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 787324 35484fc15941afb5d87af0055600d004\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 785422 b5d30076a6c003394b1b9689815bc9b4\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 725148 b753f1ea8c440415e496eb11f5e6dbf6\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 799122 28fe549b2ce837f8a48cb87b23466fc2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 794392 b3c2143d7683153d0781b8ffa6be17bc\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 789992 922867fa0d00e427825b1b4462c4afdc\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 793446 aeeeaaacb2aac4ec55373bbae9e047ef\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 718092 7b38b9259ae34477316751f0937182ea\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 766730 8ceca9224d7dfdca9063412732f1674b\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 735378 263011dfef7ed30d142ff0815c6c47e0\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 732902 657b675db1010fe25105d879b8bfb055\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 675162 01a0fadd7dec8db2fc0d3c2f3d0fe7dd\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 747706 799f85b95188a79efd08013731e27ba9\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 741948 ed4b89247547949ecaa378491f15a253\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 732910 9522a5105a2df85bbddbd619708d32b8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 741266 a2125f24d77c66d4dc8c996eda034ea3\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3.dsc\n Size/MD5 checksum: 1437 cbe01a52d42f25617a4e3609b91b327f\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3.diff.gz\n Size/MD5 checksum: 285021 acd1e7b91a1ec5e3417118045cd8bb2e\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0.orig.tar.gz\n Size/MD5 checksum: 8457888 9ba05680b0719462f653e82720599f32\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/v/vim/vim-doc_7.0-122+1etch3_all.deb\n Size/MD5 checksum: 2034356 c589a9ec2cd7c3c6f45f48ff58871c5a\n http://security.debian.org/pool/updates/main/v/vim/vim-gui-common_7.0-122+1etch3_all.deb\n Size/MD5 checksum: 142582 64ac83f818c9f9b3bbf40ca56b15b725\n http://security.debian.org/pool/updates/main/v/vim/vim-runtime_7.0-122+1etch3_all.deb\n Size/MD5 checksum: 6362332 b27f042fadc4507f2a4829b10e6949da\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 924554 7c97880188a942dd8004c38574a06abc\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 216888 43779cb2c41a18612ca5605af725dd39\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1157716 a7387c0a9e6d6965a233e5de083ad7fc\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1071764 eb2089973a4fd8bcab834877c5f69ed5\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1069008 f6ab9ab86fc57780c7b0b2955e7a1590\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1064496 d2fe6f9aea8163afdc48560ee79cd509\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1128986 6d8f705a3d633ea963ce9d87e75ead38\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1122926 75aad08a3e2ccc0f5bd721536776ea5a\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1117430 978f562ef76822bf45962e7a5d2153d8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1079936 297a2ebca14da82e03945ac81bd04ded\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 680548 9cdeb4858db17343f31ba9cd17f6459b\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 834328 4cbba20feadfa68377ff67675a4c1065\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 181304 d6f9467f1da363fbf906c9797a67a525\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1054656 9598e8e26449e4e538465be2db5bac1c\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 971766 4f7e30a43e5b681dc23bb200631be3f7\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 969634 7d6fda8144278db9cf45bc65711c97c3\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 960762 b8941221c06bbddab956831455ab82f0\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1028382 53e712db71e1471b409f602a4d7d67c2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1024172 db1d42537f44b67d85dbf39c4961fcd1\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1019020 7650bc71e0e37d438baf786f02ac17b4\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 977120 92f1609f8eac5e92d17cb684f3fc84a5\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 614862 aa69cd9c47ed91ecfcec33405ee04075\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 755728 ad7c9e4b7d273847e58a15c88df98959\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 205688 164775a380d89440340214da7b4a3642\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 958660 4a0aa9b3ec58c73bc4b70ba8afaecffa\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 879778 6e2189fc510512ae97d1a073a77382dd\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 877566 e8b302a17a1491c158a08f4ebee8b29e\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 875392 db68300757e444dba39fd0daf46fab55\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 936280 783c1b43454476ba693f59b866bf674b\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 929836 fcf9df82b675875fafa90067353eafed\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 925066 9df22d5447ac43eb30ad53271948bdc8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 885416 68a61a54144f50e462b077cc8ccac620\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 548004 7c5d5bd8218344e1bf0d800b2c31a368\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 853216 9b478b3e53591f85d1208ddf2dbbcf29\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 182704 c751747f9bd6d8c1472e6d08c6b99c3f\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1077024 5fc43be17710aa110ce0d4d117d97904\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 994026 e9f50b924fe2003a574302ac08a58fc3\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 991846 87ff64ebc51d0c0fd11382b6f5f3ee95\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 986002 a3f9dfadb27675d4e2b8d9dd7a01d320\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1051448 99cf3c6fb70dbb27f9eb5efab8b057db\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1044720 e964da5b5bfc45cfb9c397eb96b769c1\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1038782 30bfe377c9c08210f854f403cbb2f1ee\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 999840 5883ca862650908088dbd430017a5587\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 623636 08f30beec8283b0f2111a970f58f2ddc\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 745158 956ef68561a71a8eed0047175dfff9d5\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 181252 bdd2098b76d4885f28e1f6e3b7376b7d\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 947320 41be0b2741614c054fece73548cec703\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 868016 501208beae0375d1610e3cebfefcf542\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 865592 28876441af29051e315a3c1a8b71bcca\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 859848 20dcd46eb38f1b32e600dddc81b8e328\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 924264 8639573d18e103d6e816f9bacdc844ef\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 917972 8ecf10dd01bb07c53aab5782db738602\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 913800 55929d92c3b2d496ba95cb2e80da1d69\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 872952 eadd254febb55b2a69613ebc8d710774\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 540270 81c890f5348042c2060fea9bb8368279\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1324484 d757418a65efba71dce496c1708a6ab8\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 184408 45a8073e746b4f6499871ed736e343f5\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1626954 8c74de55c6c635fbd0a25b14aea908d8\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1529082 643da71ea312e65dae057d09533b596e\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1524362 b165440c7f2d84aada75d9e6ccc2e9c8\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1521916 1445a0fb6f9a2768abdfd7df4895bfd0\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1591070 daeb22d9e479b71e1a1e1e500a71ad7e\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1584338 d26497d4bc44e12ccfd28ae4384bb49e\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1573836 6285e0273ef86416d4b15f07bf5f0e83\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1537602 bd59c04c78b23ef67fcf384ab3ec663d\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 969944 95bb71ac502b9b58c8e0e03960de3311\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 883588 3df0f600960049ed338f62cf6f3cbb62\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 181526 864396a2dfb69341cd1857b502814bd0\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1060852 d2e4b08238cef29a05e5817b18fe4510\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1026860 bce19b81b7445a917933353ff008d9ed\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1024274 78dd73e157fd4ebad6dbdf877d668a51\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1021074 b3c98f791090296a75027df4e6354041\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1036892 dd8bf59f6dadda928025f332ad4ba027\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1033580 290e4cf32fdc486b4b01d8094a7e235b\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1028744 fb37992a392296b99399f9050b873c2d\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1032674 741f1bc86e6501c9de145e0c09bf98d5\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 653532 89ea1fa4d2b33a473c92ef0c8da0393d\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 884276 c25f8d4754ce5d7b641ae5a1898095aa\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 181514 3d41fda7aa3945744c53046c7f314918\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1060414 153d872da26f354f3e86167f48984332\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1026340 dff80047d15483fe37fc1fa8f8a530f6\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1024098 364a9f050c2d1ced8b1a0b9add3a6276\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1021664 3841e2cd52f06d411d9c643160fee27d\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1037204 c6601427157a10a67bf91ac64fb9b2f3\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1033338 79b104876d2693d5b87979c9c9e93a2a\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1028386 562fcca0c8ee76bfa90c62a7add33333\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1031986 545b3a354eff7b3f2da822a8ad9409f9\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 654614 4606a0c51fb87a0814d6ac3070f08801\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 808516 0e10ba653305ae5f10d86ae43aa5f80a\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 181314 84fcc3b6af9bc6462a656e47b87072ca\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 1019296 6b7fb39773cdbf8e11d2cb657b3e347f\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 937462 f01386aefee1e40ce4d748132adee9e0\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 935408 279ac9bd832844ea9b5f71ab6a3eb4ce\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 932564 8c2beb3fb01952935aee6234cd2f62e5\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 995426 f03e2a19ea866cc3a93da26ac76a601a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 989642 0a7998dddd270e64635017efaa03be21\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 985188 6c49fead180f05bb742f23f899709364\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 942692 cb5b255a881523d01d21e36e5954d3ed\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 591956 b7bdfa80b87fc8638b300af38ccc10a7\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 825020 15317a8f9f8453dc53e6bafad4899775\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 181266 d1e7a6ebe35692f70f92bafdf1591046\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1048830 be2c558e4383d42cc858cb2b051aaaca\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 965144 cbc94962b102a44787650dfcb7d8eb7d\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 962554 265863b58914620dd164e8acf029a0d4\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 955000 21dd78f20eb1cbf29e43fd1c00ad8e84\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1022468 c7d2b1481bdfc80fc295bf0b84b2bfca\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1018798 f60ba4b1aad3ba1dba74c3a497d64964\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1012934 4ad26c9c7edfa1d3845fd8476061761d\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 971092 1dedca57fb661f5b8a05eb9134512758\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 609536 8358946e015c0ccf4ffc55992fd1b618\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 751698 c2b0ab3d9e9e364b3e26ea2ed465c5bb\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 181110 ec41791d727303847230bf3c15252b4a\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 952462 30b356dbb50e471d490c9a026d38317b\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 875678 239f2de1694e9538e652c3fce6d0aeef\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 873396 39182b3b312688388595d3ae77db2c0f\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 867464 acb5e74a5f6d81a734a61c8860b15816\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 933814 958eb9e446e04e7961a1a5d6188e4438\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 927072 a5148241b4fbf79987031bf27ff06786\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 873420 8e90c88be6ec6b15058fb390b13dc668\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 880726 0dc54580e0b4d7845cc3e4f1f45c1f3b\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 545036 7476c13dba30d34f7de41464298bbc8b\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 6, "modified": "2007-09-01T00:00:00", "published": "2007-09-01T00:00:00", "id": "DEBIAN:DSA-1364-1:A03BE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00126.html", "title": "[SECURITY] [DSA 1364-1] New vim packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T00:51:59", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2953", "CVE-2007-2438"], "description": "- - --------------------------------------------------------------------------\nDebian Security Advisory DSA 1364-2 security@debian.org\nhttp://www.debian.org/security/ dann frazier\nSeptember 19th, 2007 http://www.debian.org/security/faq\n- - --------------------------------------------------------------------------\n\nPackage : vim\nVulnerability : several\nProblem-Type : local(remote)\nDebian-specific: no\nCVE ID : CVE-2007-2438 CVE-2007-2953\n\nSeveral vulnerabilities have been discovered in the vim editor. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-2953\n\n Ulf Harnhammar discovered that a format string flaw in helptags_one() from\n src/ex_cmds.c (triggered through the &quot;helptags&quot; command) can lead to the\n execution of arbitrary code.\n\nCVE-2007-2438\n\n Editors often provide a way to embed editor configuration commands (aka\n modelines) which are executed once a file is opened. Harmful commands\n are filtered by a sandbox mechanism. It was discovered that function\n calls to writefile(), feedkeys() and system() were not filtered, allowing\n shell command execution with a carefully crafted file opened in vim.\n\nThis updated advisory repairs issues with missing files in the packages\nfor the oldstable distribution (sarge) for the alpha, mips, and mipsel\narchitectures.\n\nFor the oldstable distribution (sarge) these problems have been fixed in\nversion 6.3-071+1sarge2. Sarge is not affected by CVE-2007-2438.\n\nFor the stable distribution (etch) these problems have been fixed\nin version 7.0-122+1etch3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 7.1-056+1.\n\nWe recommend that you upgrade your vim packages.\n\n\nUpgrade Instructions\n- - --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- - --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2.dsc\n Size/MD5 checksum: 1376 a447ab6dba1d93c924841af4234e0f5b\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2.diff.gz\n Size/MD5 checksum: 262331 96005f014eb64ad9e9056daf0f578582\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3.orig.tar.gz\n Size/MD5 checksum: 5624622 de1c964ceedbc13538da87d2d73fd117\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/v/vim/vim-common_6.3-071+1sarge2_all.deb\n Size/MD5 checksum: 3424544 bd11013f7a21dfa3b6ba0c819eec5cc6\n http://security.debian.org/pool/updates/main/v/vim/vim-doc_6.3-071+1sarge2_all.deb\n Size/MD5 checksum: 1649542 d7d8c03c0c8247a253dbb261fa40d983\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 897132 9b1b19c22a65bd4046684a603ea60146\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 987420 0f50e5570e94d0d24544770ffe0cf4f6\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 945902 9a583b7323e9907362cd4a5b5dd9054d\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 942798 70d57f86db028310f41981c4a7b108a1\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 882500 d7a02c364f09a4ae502b3cc9180b83b4\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 959276 4895da0a62b9adf22868d7917bb5974e\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 954374 5e43d44823c54f75d58dd920b84675c5\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 949052 2df101622632733db64ffb1a1be758e3\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2+b1_alpha.deb\n Size/MD5 checksum: 953728 f36fba9f17e9364f87fe3fc9baab286a\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 770114 6f1818ee5504c2b0a5e52ee8d41b1806\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 835450 950d2cc4f3dcbcb68bc9cf4283c33a33\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 797578 b284afa4fbc6deefda4e9e19ec46b1fe\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 795738 42372daac77df050d9d1a74226983972\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 736592 31e8cf65b1b7823641fb52b4de53dcfe\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 811434 3437e18e0dc9937fdec1ef2072895514\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 804926 53dd0076c07ea4bf6364abe1958e2160\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 799562 f9250a0b1256f1128986b41b483a4987\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_amd64.deb\n Size/MD5 checksum: 803722 f1e30ddf2b099448f8ed5058e0f3bef3\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 709024 a64946a72763ad6b703e446fe6a9ca8d\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 751764 2e1cc6ebdd372b78cda2f45da7344174\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 721944 44eabc81987efaec119cb564666a4b9a\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 719804 faf0821907791bc2558fc219416f445e\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 666224 b253c4fd98096052d07837174b5eae0b\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 731208 eadac82633345310e2556342a3d46a35\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 728042 1f9ed1e8bf41c8ea2c9fc3f4c5f3bc5b\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 723684 b95cd8f5e1c195d0b3c37de83a5a12cf\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_arm.deb\n Size/MD5 checksum: 727856 c11561ac9aed6643f3edb973bdb35d87\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 797728 42b4f8c954d175ebef7538898cc18d01\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 862256 a637b52561f6d583f45f872064a1a899\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 824062 9b729c5c15e0b333fb245c543b35e188\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 822512 5139fb4205cc906080b1c78ed182bd31\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 765832 95d9c8e471c933e24de608f247d144fc\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 839224 837367925278355e6b2c6ab630661d97\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 830334 72fddfaecc1a3a621aac0b3d18728a65\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 826156 a832d560505158baa9ba8e2786d5c618\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_hppa.deb\n Size/MD5 checksum: 829102 948a745fa8344f1abb91f2db29731083\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 707422 bdccbc7d258dd54fda33fb650295e3cb\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 751260 30b45eb2dff9a7e8bfc893c6b5935bd6\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 717218 752630da7e5de6a4f83879038034c389\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 715366 cce7b0daa7da37655daba6ae7dd8994c\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 658294 73a84d3b0ca46499e5f3fc0fc186da18\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 730404 5632f3d97585c49cb6840f50eda67277\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 723092 9cdc1bd22d2c4945b42cfec3b8b3975f\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 718774 6d7099123fa130b800241aebbb9f0caf\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_i386.deb\n Size/MD5 checksum: 722640 b5a8120adf8c08dbda532b61f6b21f10\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1091544 23059c89097a6d0549aaf0b896bbacb9\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1218936 420d7b019203c522af5e7fac02043405\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1169110 b03c8a05081d68c8313546a69fd1a5d7\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1166198 6461bde6a2d7f07865511d9af847f01f\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1104294 f6221a32ace9089991ea931b3de8d232\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1186082 144ffe06d52b65dcc9286a8b5c6bf3de\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1179320 1b637742c52df8a3a8a1f13688234f2c\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1172712 07597847bb95660cc8bb958c1ae4a0a3\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_ia64.deb\n Size/MD5 checksum: 1178422 7de3bb540eddf5e9a4c9722970f27219\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 626270 a0214d151ca2d78c1586247ab2b4ce04\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 661418 7f1dd1e45d4ff01c99781c246b26563a\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 632364 b472eca7b2f3fac22af7f1a519a32e70\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 629680 64e0a57a01e16dc786df1798aff77a20\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 569728 d75b6d7f67ba573039537fa5cb1eb648\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 641228 a41b74e330b63c628c5e9a28d203d07f\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 637936 a19e651b3d58c6376bbd1f3f3cff1f02\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 634052 013ee9b71eb4fae12f71273ff07be3a3\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_m68k.deb\n Size/MD5 checksum: 637240 053b6be9b465e0343caa42421b3e33d9\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 804754 4d8f61ed130b75772482f479a1d9cff9\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 827264 fe92f3eb536322e85e0f452b451b61e8\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 794380 fd72c6c8a88c56c2226f7b941ba8e29d\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 792016 da8e18aff7c3ac23cd18acc520b82f43\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 775734 7bd89d4f1be4032229dd1d2997b78161\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 804340 42a7784506ff0369e4167aac1463d074\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 800954 ed02142c8517259808e506d7934b29cc\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 796498 43dfd14336979f6aef7f0631e9270d9d\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2+b1_mips.deb\n Size/MD5 checksum: 800322 f076bc2c9bfc18a5f6b066563cfc36ed\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 804022 7513e0c595dd312b00e3de2037d9c228\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 824768 991a78d34b650939dcd216b63707f7f6\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 792500 8cb1380cadfc7bceaed2e95bbdd18e7a\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 790502 e1aab272cc788a95321d2df1d3c76aaa\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 774260 85f304142778b8df0cea494ca0fcb103\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 803032 072776667880c6e7fb4271a6fe8ab2ae\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 799446 2aa8f6a37b92c38f368acfc87feeb066\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 794366 3aec7268d2c0bcae8ce58f0cc9401053\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2+b1_mipsel.deb\n Size/MD5 checksum: 798978 5e6a20215c16873bfa874e997d91192c\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 759356 13ed418d17004f655fb909e17b48c01c\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 817014 4cdc2957622d50028cca8cc127477919\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 782218 addb6819008a2acd11b0d910cbf90812\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 779576 e1aa5d5e50514beede939bbf613f9573\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 722836 b253da2ab0fa24b76dfec7289d294489\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 794672 a007815fddaaa33294f4cd3cc684f706\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 788202 b054d92d2a1d28ec742e2578724ff001\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 783176 ed5eff7ae2b07a23aa2d5b4f39d0d8ac\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_powerpc.deb\n Size/MD5 checksum: 787486 f719be5b8a23817e782d8727da069c2f\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 759782 d36357c298b983814c800393e6af36ba\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 823480 4409efbc21f8ce4989277362e07cb487\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 787324 35484fc15941afb5d87af0055600d004\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 785422 b5d30076a6c003394b1b9689815bc9b4\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 725148 b753f1ea8c440415e496eb11f5e6dbf6\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 799122 28fe549b2ce837f8a48cb87b23466fc2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 794392 b3c2143d7683153d0781b8ffa6be17bc\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 789992 922867fa0d00e427825b1b4462c4afdc\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_s390.deb\n Size/MD5 checksum: 793446 aeeeaaacb2aac4ec55373bbae9e047ef\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 718092 7b38b9259ae34477316751f0937182ea\n http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 766730 8ceca9224d7dfdca9063412732f1674b\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 735378 263011dfef7ed30d142ff0815c6c47e0\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 732902 657b675db1010fe25105d879b8bfb055\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 675162 01a0fadd7dec8db2fc0d3c2f3d0fe7dd\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 747706 799f85b95188a79efd08013731e27ba9\n http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 741948 ed4b89247547949ecaa378491f15a253\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 732910 9522a5105a2df85bbddbd619708d32b8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_sparc.deb\n Size/MD5 checksum: 741266 a2125f24d77c66d4dc8c996eda034ea3\n\n\nDebian GNU/Linux 4.0 alias etch\n- - -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3.dsc\n Size/MD5 checksum: 1437 cbe01a52d42f25617a4e3609b91b327f\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3.diff.gz\n Size/MD5 checksum: 285021 acd1e7b91a1ec5e3417118045cd8bb2e\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0.orig.tar.gz\n Size/MD5 checksum: 8457888 9ba05680b0719462f653e82720599f32\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/v/vim/vim-doc_7.0-122+1etch3_all.deb\n Size/MD5 checksum: 2034356 c589a9ec2cd7c3c6f45f48ff58871c5a\n http://security.debian.org/pool/updates/main/v/vim/vim-gui-common_7.0-122+1etch3_all.deb\n Size/MD5 checksum: 142582 64ac83f818c9f9b3bbf40ca56b15b725\n http://security.debian.org/pool/updates/main/v/vim/vim-runtime_7.0-122+1etch3_all.deb\n Size/MD5 checksum: 6362332 b27f042fadc4507f2a4829b10e6949da\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 924554 7c97880188a942dd8004c38574a06abc\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 216888 43779cb2c41a18612ca5605af725dd39\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1157716 a7387c0a9e6d6965a233e5de083ad7fc\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1071764 eb2089973a4fd8bcab834877c5f69ed5\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1069008 f6ab9ab86fc57780c7b0b2955e7a1590\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1064496 d2fe6f9aea8163afdc48560ee79cd509\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1128986 6d8f705a3d633ea963ce9d87e75ead38\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1122926 75aad08a3e2ccc0f5bd721536776ea5a\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1117430 978f562ef76822bf45962e7a5d2153d8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 1079936 297a2ebca14da82e03945ac81bd04ded\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_alpha.deb\n Size/MD5 checksum: 680548 9cdeb4858db17343f31ba9cd17f6459b\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 834328 4cbba20feadfa68377ff67675a4c1065\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 181304 d6f9467f1da363fbf906c9797a67a525\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1054656 9598e8e26449e4e538465be2db5bac1c\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 971766 4f7e30a43e5b681dc23bb200631be3f7\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 969634 7d6fda8144278db9cf45bc65711c97c3\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 960762 b8941221c06bbddab956831455ab82f0\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1028382 53e712db71e1471b409f602a4d7d67c2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1024172 db1d42537f44b67d85dbf39c4961fcd1\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 1019020 7650bc71e0e37d438baf786f02ac17b4\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 977120 92f1609f8eac5e92d17cb684f3fc84a5\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_amd64.deb\n Size/MD5 checksum: 614862 aa69cd9c47ed91ecfcec33405ee04075\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 755728 ad7c9e4b7d273847e58a15c88df98959\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 205688 164775a380d89440340214da7b4a3642\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 958660 4a0aa9b3ec58c73bc4b70ba8afaecffa\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 879778 6e2189fc510512ae97d1a073a77382dd\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 877566 e8b302a17a1491c158a08f4ebee8b29e\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 875392 db68300757e444dba39fd0daf46fab55\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 936280 783c1b43454476ba693f59b866bf674b\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 929836 fcf9df82b675875fafa90067353eafed\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 925066 9df22d5447ac43eb30ad53271948bdc8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 885416 68a61a54144f50e462b077cc8ccac620\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_arm.deb\n Size/MD5 checksum: 548004 7c5d5bd8218344e1bf0d800b2c31a368\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 853216 9b478b3e53591f85d1208ddf2dbbcf29\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 182704 c751747f9bd6d8c1472e6d08c6b99c3f\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1077024 5fc43be17710aa110ce0d4d117d97904\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 994026 e9f50b924fe2003a574302ac08a58fc3\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 991846 87ff64ebc51d0c0fd11382b6f5f3ee95\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 986002 a3f9dfadb27675d4e2b8d9dd7a01d320\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1051448 99cf3c6fb70dbb27f9eb5efab8b057db\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1044720 e964da5b5bfc45cfb9c397eb96b769c1\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 1038782 30bfe377c9c08210f854f403cbb2f1ee\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 999840 5883ca862650908088dbd430017a5587\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_hppa.deb\n Size/MD5 checksum: 623636 08f30beec8283b0f2111a970f58f2ddc\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 745158 956ef68561a71a8eed0047175dfff9d5\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 181252 bdd2098b76d4885f28e1f6e3b7376b7d\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 947320 41be0b2741614c054fece73548cec703\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 868016 501208beae0375d1610e3cebfefcf542\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 865592 28876441af29051e315a3c1a8b71bcca\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 859848 20dcd46eb38f1b32e600dddc81b8e328\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 924264 8639573d18e103d6e816f9bacdc844ef\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 917972 8ecf10dd01bb07c53aab5782db738602\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 913800 55929d92c3b2d496ba95cb2e80da1d69\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 872952 eadd254febb55b2a69613ebc8d710774\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_i386.deb\n Size/MD5 checksum: 540270 81c890f5348042c2060fea9bb8368279\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1324484 d757418a65efba71dce496c1708a6ab8\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 184408 45a8073e746b4f6499871ed736e343f5\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1626954 8c74de55c6c635fbd0a25b14aea908d8\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1529082 643da71ea312e65dae057d09533b596e\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1524362 b165440c7f2d84aada75d9e6ccc2e9c8\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1521916 1445a0fb6f9a2768abdfd7df4895bfd0\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1591070 daeb22d9e479b71e1a1e1e500a71ad7e\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1584338 d26497d4bc44e12ccfd28ae4384bb49e\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1573836 6285e0273ef86416d4b15f07bf5f0e83\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 1537602 bd59c04c78b23ef67fcf384ab3ec663d\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_ia64.deb\n Size/MD5 checksum: 969944 95bb71ac502b9b58c8e0e03960de3311\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 883588 3df0f600960049ed338f62cf6f3cbb62\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 181526 864396a2dfb69341cd1857b502814bd0\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1060852 d2e4b08238cef29a05e5817b18fe4510\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1026860 bce19b81b7445a917933353ff008d9ed\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1024274 78dd73e157fd4ebad6dbdf877d668a51\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1021074 b3c98f791090296a75027df4e6354041\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1036892 dd8bf59f6dadda928025f332ad4ba027\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1033580 290e4cf32fdc486b4b01d8094a7e235b\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1028744 fb37992a392296b99399f9050b873c2d\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 1032674 741f1bc86e6501c9de145e0c09bf98d5\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_mips.deb\n Size/MD5 checksum: 653532 89ea1fa4d2b33a473c92ef0c8da0393d\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 884276 c25f8d4754ce5d7b641ae5a1898095aa\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 181514 3d41fda7aa3945744c53046c7f314918\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1060414 153d872da26f354f3e86167f48984332\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1026340 dff80047d15483fe37fc1fa8f8a530f6\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1024098 364a9f050c2d1ced8b1a0b9add3a6276\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1021664 3841e2cd52f06d411d9c643160fee27d\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1037204 c6601427157a10a67bf91ac64fb9b2f3\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1033338 79b104876d2693d5b87979c9c9e93a2a\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1028386 562fcca0c8ee76bfa90c62a7add33333\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 1031986 545b3a354eff7b3f2da822a8ad9409f9\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_mipsel.deb\n Size/MD5 checksum: 654614 4606a0c51fb87a0814d6ac3070f08801\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 808516 0e10ba653305ae5f10d86ae43aa5f80a\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 181314 84fcc3b6af9bc6462a656e47b87072ca\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 1019296 6b7fb39773cdbf8e11d2cb657b3e347f\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 937462 f01386aefee1e40ce4d748132adee9e0\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 935408 279ac9bd832844ea9b5f71ab6a3eb4ce\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 932564 8c2beb3fb01952935aee6234cd2f62e5\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 995426 f03e2a19ea866cc3a93da26ac76a601a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 989642 0a7998dddd270e64635017efaa03be21\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 985188 6c49fead180f05bb742f23f899709364\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 942692 cb5b255a881523d01d21e36e5954d3ed\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_powerpc.deb\n Size/MD5 checksum: 591956 b7bdfa80b87fc8638b300af38ccc10a7\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 825020 15317a8f9f8453dc53e6bafad4899775\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 181266 d1e7a6ebe35692f70f92bafdf1591046\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1048830 be2c558e4383d42cc858cb2b051aaaca\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 965144 cbc94962b102a44787650dfcb7d8eb7d\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 962554 265863b58914620dd164e8acf029a0d4\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 955000 21dd78f20eb1cbf29e43fd1c00ad8e84\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1022468 c7d2b1481bdfc80fc295bf0b84b2bfca\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1018798 f60ba4b1aad3ba1dba74c3a497d64964\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 1012934 4ad26c9c7edfa1d3845fd8476061761d\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 971092 1dedca57fb661f5b8a05eb9134512758\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_s390.deb\n Size/MD5 checksum: 609536 8358946e015c0ccf4ffc55992fd1b618\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 751698 c2b0ab3d9e9e364b3e26ea2ed465c5bb\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 181110 ec41791d727303847230bf3c15252b4a\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 952462 30b356dbb50e471d490c9a026d38317b\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 875678 239f2de1694e9538e652c3fce6d0aeef\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 873396 39182b3b312688388595d3ae77db2c0f\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 867464 acb5e74a5f6d81a734a61c8860b15816\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 933814 958eb9e446e04e7961a1a5d6188e4438\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 927072 a5148241b4fbf79987031bf27ff06786\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 873420 8e90c88be6ec6b15058fb390b13dc668\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 880726 0dc54580e0b4d7845cc3e4f1f45c1f3b\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_sparc.deb\n Size/MD5 checksum: 545036 7476c13dba30d34f7de41464298bbc8b\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- - ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 8, "modified": "2007-09-19T00:00:00", "published": "2007-09-19T00:00:00", "id": "DEBIAN:DSA-1364-2:30E6F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00142.html", "title": "[SECURITY] [DSA 1364-2] New vim packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:38", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2953", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-2712"], "description": "[6.3.046-1.el4_7.5z ]\n- remove duplicate vimtutor manpage\n[6.3.046-1.el4_7.4z ]\n- fix netrw\n[6.3.046-1.el4_7.3z ]\n- add fix for CVE-2008-4101\n[6.3.046-1.el4_6.2z]\n- don't add empty line when editing files with netrw\n[6.3.046-1.el4_6.1z]\n- fix erroneous quoting in CVE-2008-2712 patch\n[6.3.046-1.el4_6.z]\n- add fix for CVE-2007-2953\n- add fixes for CVE-2008-2712\n- add fix for incorrect computation of memory requirements for buffer", "edition": 4, "modified": "2008-11-25T00:00:00", "published": "2008-11-25T00:00:00", "id": "ELSA-2008-0617", "href": "http://linux.oracle.com/errata/ELSA-2008-0617.html", "title": "vim security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:00", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4101", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712"], "description": "[7.0.109-4.4z]\n- fix netrw\n[7.0.109-4.3z]\n- fixes CVE-2008-3074 (tar plugin)\n- fixes CVE-2008-3075 (zip plugin)\n- fixes CVE-2008-3076 (netrw plugin)\n- fixes CVE-2008-4101 (keyword and tag lookup)\n[7.0.109-4.2z]\n- fix some issues with netrw and remote file editing caused by\n the CVE-2008-2712 patch\n[7.0.109-4.1z]\n- more fixes for CVE-2008-2712\n[7.0.109-4.z]\n- fix release\n[7.0.109-3.1z]\n- rebuild for z stream\n[7.0.109-3.6]\n- re-enable debuginfo\n[7.0.109-3.5]\n- update netrw files for CVE-2008-2712\n[7.0.109-3.4]\n- add fixes for CVE-2007-2953 and CVE-2008-2712", "edition": 4, "modified": "2008-11-25T00:00:00", "published": "2008-11-25T00:00:00", "id": "ELSA-2008-0580", "href": "http://linux.oracle.com/errata/ELSA-2008-0580.html", "title": "vim security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:24:24", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2953", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-2712"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0617\n\n\nVim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file name\npatterns with shell wildcards. An attacker could create a specially-crafted\nfile or directory name that, when opened by Vim, caused the application to\ncrash or, possibly, execute arbitrary code. (CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027476.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027477.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027478.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027479.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027480.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027487.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027495.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027496.html\n\n**Affected packages:**\nvim\nvim-X11\nvim-common\nvim-enhanced\nvim-minimal\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0617.html", "edition": 4, "modified": "2008-11-26T22:58:49", "published": "2008-11-25T16:56:47", "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/027476.html", "id": "CESA-2008:0617", "title": "vim security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:28:43", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4101", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0580\n\n\nVim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027491.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027492.html\n\n**Affected packages:**\nvim\nvim-X11\nvim-common\nvim-enhanced\nvim-minimal\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0580.html", "edition": 5, "modified": "2008-11-26T22:22:42", "published": "2008-11-26T22:22:41", "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/027491.html", "id": "CESA-2008:0580", "title": "vim security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:37", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3432", "CVE-2008-4101"], "description": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file name\npatterns with shell wildcards. An attacker could create a specially-crafted\nfile or directory name that, when opened by Vim, caused the application to\ncrash or, possibly, execute arbitrary code. (CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2017-09-08T11:47:42", "published": "2008-11-25T05:00:00", "id": "RHSA-2008:0617", "href": "https://access.redhat.com/errata/RHSA-2008:0617", "type": "redhat", "title": "(RHSA-2008:0617) Moderate: vim security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:31:50", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4101", "CVE-2008-6235"], "description": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2017-09-08T12:06:57", "published": "2008-11-25T05:00:00", "id": "RHSA-2008:0580", "href": "https://access.redhat.com/errata/RHSA-2008:0580", "type": "redhat", "title": "(RHSA-2008:0580) Moderate: vim security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "vmware": [{"lastseen": "2019-11-06T16:05:50", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2953", "CVE-2008-5077", "CVE-2008-3432", "CVE-2008-4101", "CVE-2009-0025", "CVE-2008-2712"], "description": "a. Updated OpenSSL package for the Service Console fixes a security issue. \nOpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue. \nThe following table lists what action remediates the vulnerability (column 4) if a solution is available. \n\n", "edition": 4, "modified": "2010-01-06T00:00:00", "published": "2009-03-31T00:00:00", "id": "VMSA-2009-0004", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0004.html", "title": "ESX Service Console updates for openssl, bind, and vim", "type": "vmware", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}