RedHatRHSA-2002:302(RHSA-2002:302) vim security update
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
23.3%
VIM (VIsual editor iMproved) is a version of the vi editor.
VIM allows a user to set the modeline differently for each edited text
file by placing special comments in the files. Georgi Guninski found that
these comments can be carefully crafted in order to call external programs.
This could allow an attacker to create a text file such that when it is
opened arbitrary commands are executed.
Users of VIM are advised to upgrade to these errata packages which have
been patched to disable the usage of dangerous funtions in modelines.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | ia64 | vim-common | < 6.0-7.15 | vim-common-6.0-7.15.ia64.rpm |
| RedHat | any | i386 | vim-x11 | < 6.0-7.15 | vim-X11-6.0-7.15.i386.rpm |
| RedHat | any | i386 | vim-common | < 6.0-7.15 | vim-common-6.0-7.15.i386.rpm |
| RedHat | any | ia64 | vim-x11 | < 6.0-7.15 | vim-X11-6.0-7.15.ia64.rpm |
| RedHat | any | i386 | vim-minimal | < 6.0-7.15 | vim-minimal-6.0-7.15.i386.rpm |
| RedHat | any | i386 | vim-enhanced | < 6.0-7.15 | vim-enhanced-6.0-7.15.i386.rpm |
| RedHat | any | ia64 | vim-enhanced | < 6.0-7.15 | vim-enhanced-6.0-7.15.ia64.rpm |
| RedHat | any | ia64 | vim-minimal | < 6.0-7.15 | vim-minimal-6.0-7.15.ia64.rpm |
Related
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
23.3%