Search...

Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim

2008-07-24T00:00:00

ID SECURITYVULNS:DOC:20220
Type securityvulns
Reporter Securityvulns
Modified 2008-07-24T00:00:00

Description

SUMMARY

Product : Vim -- Vi IMproved Version : Tested with Vim 7.2b.10, filetype.vim 2008-07-17 Impact : Arbitrary code execution Wherefrom: Local and remote CVE : CVE-2008-2712 Original : http://www.rdancer.org/vulnerablevim-filetype.vim.updated.html http://www.rdancer.org/vulnerablevim-filetype.vim.updated.patch http://www.rdancer.org/vulnerablevim-latest.tar.bz2

This is an update of a previous advisory[1]. Vim patch 7.1.300 which purported to fix the ``filetype.vim'' vulnerability did not fix the vulnerability.

BACKGROUND

``Vim is an almost compatible version of the UNIX editor Vi. Many new features have been added: multi-level undo, syntax highlighting, command line history, on-line help, spell checking, filename completion, block operations, etc.''

            -- Vim README.txt

``Problem: Value of asmsyntax argument isn't checked for valid characters. Solution: Only accepts letters and digits.''

            -- Vim Patch 7.1.300[2]

VULNERABILITY

This is the ``filetype.vim'' vulnerability, described in the sections 3.4.2.1. and 3.4.2.2. of the original advisory[1]. It can lead to arbitrary code execution upon Vim opening a crafted file. The file can be either local or remote, and the filename must match one of the following glob patterns:

*.asm
*.s
*.S
*.a
*.A
*.mac
*.lst &#40;with the exception of /boot/grub/menu.lst&#41;
*.i

PURPORTED FIX

Quoting the original advisory[1]:

``[A]bsent sanitization on line 190, followed by the execute statements at filetype.vim lines 181 or 1267:

``The code looks in the first five lines [of the file being opened] for a statement of the form ``asmsyntax=FOO'', where FOO can contain any characters except Tab and Space. FOO is then executed, without any sanitization.''

   187        let head = &quot; &quot;.getline&#40;1&#41;.&quot; &quot;.getline&#40;2&#41;.&quot; &quot;.getline&#40;3&#41;.&quot;

".getline(4). 188 \" ".getline(5)." " 189 if head =~ '\sasmsyntax=\S\+\s' 190 let b:asmsyntax = substitute(head, '.\sasmsyntax=$\S\+$\s.','\1', "") [... logical flow of the code then jumps to line 181 ...] 181 exe "setf " . b:asmsyntax [... or line 1267 ...] *1267 exe "setf " . b:asmsyntax

Patch 7.1.300 changed the regular expression in the substitute() call on line 190:

let b:asmsyntax = substitute&#40;head,

'.\sasmsyntax=$[a-zA-Z0-9]\+$\s.','\1', "")

This would work if substitute() were a matching function -- returning a matching string, or an empty string if the pattern failed to match. But substitute() always returns its first argument -- substituting the matching string (if any). If the pattern fails to match, substitute() returns its first argument as-is:

                  | pattern matches | no match
------------------+-----------------+--------------------
substitute&#40;&#41;      | alter match     | return as-is
------------------+-----------------+--------------------
matching function | return match    | return empty string

The previous line of code (line 189) remains unchanged, leaving two different regular expressions. It is easy to create a payload matching the first regular expression, but not the second one. As a matter of fact, the payload in the test suite[3] that accompanied the original advisory did just that.

It may be also worth noting that the failure to sanitize the input may not have been fatal if the ``execute'' statements on lines 181 and 1276 were updated to use the fnameescape() function to sanitize the arguments.

EXPLOIT

The exploit needed a small update in order to work with the current Vim. It produces error messages, and the exploit text is not hidden. Making the exploit fully compatible would be just a matter of spending some more time. The updated exploit is called ``filetype.vim.updated'':

-------------------------------------------
-------- Test results below ---------------
-------------------------------------------
Vim version 7.2b, included patches: 1-10
filetype.vim revision date: 2008 Jul 17
zip.vim version: v21
netrw.vim version: v127
-------------------------------------------
filetype.vim
  strong  : EXPLOIT FAILED
  weak    : EXPLOIT FAILED
filetype.vim.updated

--> strong : VULNERABLE --> weak : VULNERABLE tarplugin : EXPLOIT FAILED tarplugin.updated: EXPLOIT FAILED tarplugin.v2: EXPLOIT FAILED zipplugin : EXPLOIT FAILED zipplugin.v2: EXPLOIT FAILED xpm.vim xpm : EXPLOIT FAILED xpm2 : EXPLOIT FAILED remote : EXPLOIT FAILED gzip_vim : EXPLOIT FAILED netrw : EXPLOIT FAILED netrw.v2 : EXPLOIT FAILED netrw.v3 : EXPLOIT FAILED netrw.v4 : EXPLOIT FAILED netrw.v5 : VULNERABLE shellescape: EXPLOIT FAILED

PATCH

A copy of a patch that fixes this vulnerability can be found at the URL below[4].

REFERENCES

[1] Collection of Vulnerabilities in Fully Patched Vim 7.1 http://www.rdancer.org/vulnerablevim.html [2] Patch 7.1.300 http://groups.google.com/group/vim_dev/msg/5a882ab234f02377 http://ftp.vim.org/pub/vim/patches/7.1/7.1.300 [3] The Vulnerable Vim Test Suite http://www.rdancer.org/vulnerablevim-latest.tar.bz2 [4] Proposed patch http://www.rdancer.org/vulnerablevim-filetype.vim.updated.patch

Copying welcome, under the Creative Commons ``Attribution-Share Alike'' License http://creativecommons.org/licenses/by-sa/2.0/uk/

Code included herein, and accompanying this advisory, may be copied according to the GNU General Public License version 2, or the Vim license. See the subdirectory ``licenses''.

Various portions of the accompanying code were written by various parties. Those parties may hold copyright, and those portions may be copied according to their respective licenses.

HISTORY

2008-07-23 Sent to: <bugs@vim.org>, <vim-dev@vim.org>, <full-disclosure@lists.grok.org.uk>, <bugtraq@securityfocus.com>

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:20220", "bulletinFamily": "software", "title": "Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim", "description": "1. SUMMARY\r\n\r\nProduct : Vim -- Vi IMproved\r\nVersion : Tested with Vim 7.2b.10, filetype.vim 2008-07-17\r\nImpact : Arbitrary code execution\r\nWherefrom: Local and remote\r\nCVE : CVE-2008-2712\r\nOriginal : http://www.rdancer.org/vulnerablevim-filetype.vim.updated.html\r\n http://www.rdancer.org/vulnerablevim-filetype.vim.updated.patch\r\n http://www.rdancer.org/vulnerablevim-latest.tar.bz2\r\n\r\nThis is an update of a previous advisory[1]. Vim patch 7.1.300 which\r\npurported to fix the ``filetype.vim'' vulnerability did not fix the\r\nvulnerability.\r\n\r\n\r\n2. BACKGROUND\r\n\r\n ``Vim is an almost compatible version of the UNIX editor Vi. Many new\r\n features have been added: multi-level undo, syntax highlighting,\r\n command line history, on-line help, spell checking, filename\r\n completion, block operations, etc.''\r\n\r\n -- Vim README.txt\r\n\r\n ``Problem: Value of asmsyntax argument isn't checked for valid\r\n characters.\r\n Solution: Only accepts letters and digits.''\r\n\r\n -- Vim Patch 7.1.300[2]\r\n\r\n3. VULNERABILITY\r\n\r\nThis is the ``filetype.vim'' vulnerability, described in the sections\r\n3.4.2.1. and 3.4.2.2. of the original advisory[1]. It can lead to\r\narbitrary code execution upon Vim opening a crafted file. The file can\r\nbe either local or remote, and the filename must match one of the\r\nfollowing glob patterns:\r\n\r\n *.asm\r\n *.s\r\n *.S\r\n *.a\r\n *.A\r\n *.mac\r\n *.lst (with the exception of /boot/grub/menu.lst)\r\n *.i\r\n\r\n\r\n4. PURPORTED FIX\r\n\r\nQuoting the original advisory[1]:\r\n\r\n ``[A]bsent sanitization on line 190, followed by the execute\r\n statements at filetype.vim lines 181 or 1267:\r\n\r\n ``The code looks in the first five lines [of the file being opened]\r\n for a statement of the form ``asmsyntax=FOO'', where FOO can contain\r\n any characters except Tab and Space. FOO is then executed, without\r\n any sanitization.''\r\n\r\n 187 let head = " ".getline(1)." ".getline(2)." ".getline(3)."\r\n".getline(4).\r\n 188 \" ".getline(5)." "\r\n 189 if head =~ '\sasmsyntax=\S\+\s'\r\n *190 let b:asmsyntax = substitute(head,\r\n'.*\sasmsyntax=$\S\+$\s.*','\1', "")\r\n [... logical flow of the code then jumps to line 181 ...]\r\n *181 exe "setf " . b:asmsyntax\r\n [... or line 1267 ...]\r\n *1267 exe "setf " . b:asmsyntax\r\n\r\nPatch 7.1.300 changed the regular expression in the substitute() call on\r\nline 190:\r\n\r\n let b:asmsyntax = substitute(head,\r\n'.*\sasmsyntax=$[a-zA-Z0-9]\+$\s.*','\1', "")\r\n\r\nThis would work if substitute() were a matching function -- returning a\r\nmatching string, or an empty string if the pattern failed to match. But\r\nsubstitute() always returns its first argument -- substituting the\r\nmatching string (if any). If the pattern fails to match, substitute()\r\nreturns its first argument as-is:\r\n\r\n | pattern matches | no match\r\n ------------------+-----------------+--------------------\r\n substitute() | alter match | return as-is\r\n ------------------+-----------------+--------------------\r\n matching function | return match | return empty string\r\n\r\nThe previous line of code (line 189) remains unchanged, leaving two\r\ndifferent regular expressions. It is easy to create a payload matching\r\nthe first regular expression, but not the second one. As a matter of\r\nfact, the payload in the test suite[3] that accompanied the original\r\nadvisory did just that.\r\n\r\nIt may be also worth noting that the failure to sanitize the input may\r\nnot have been fatal if the ``execute'' statements on lines 181 and 1276\r\nwere updated to use the fnameescape() function to sanitize the\r\narguments.\r\n\r\n\r\n5. EXPLOIT\r\n\r\nThe exploit needed a small update in order to work with the current Vim.\r\nIt produces error messages, and the exploit text is not hidden. Making\r\nthe exploit fully compatible would be just a matter of spending some\r\nmore time. The updated exploit is called ``filetype.vim.updated'':\r\n\r\n -------------------------------------------\r\n -------- Test results below ---------------\r\n -------------------------------------------\r\n Vim version 7.2b, included patches: 1-10\r\n filetype.vim revision date: 2008 Jul 17\r\n zip.vim version: v21\r\n netrw.vim version: v127\r\n -------------------------------------------\r\n filetype.vim\r\n strong : EXPLOIT FAILED\r\n weak : EXPLOIT FAILED\r\n filetype.vim.updated\r\n--> strong : VULNERABLE\r\n--> weak : VULNERABLE\r\n tarplugin : EXPLOIT FAILED\r\n tarplugin.updated: EXPLOIT FAILED\r\n tarplugin.v2: EXPLOIT FAILED\r\n zipplugin : EXPLOIT FAILED\r\n zipplugin.v2: EXPLOIT FAILED\r\n xpm.vim\r\n xpm : EXPLOIT FAILED\r\n xpm2 : EXPLOIT FAILED\r\n remote : EXPLOIT FAILED\r\n gzip_vim : EXPLOIT FAILED\r\n netrw : EXPLOIT FAILED\r\n netrw.v2 : EXPLOIT FAILED\r\n netrw.v3 : EXPLOIT FAILED\r\n netrw.v4 : EXPLOIT FAILED\r\n netrw.v5 : VULNERABLE\r\n shellescape: EXPLOIT FAILED\r\n\r\n\r\n6. PATCH\r\n\r\nA copy of a patch that fixes this vulnerability can be found at the URL\r\nbelow[4].\r\n\r\n\r\n7. REFERENCES\r\n\r\n[1] Collection of Vulnerabilities in Fully Patched Vim 7.1\r\n http://www.rdancer.org/vulnerablevim.html\r\n[2] Patch 7.1.300\r\n http://groups.google.com/group/vim_dev/msg/5a882ab234f02377\r\n http://ftp.vim.org/pub/vim/patches/7.1/7.1.300\r\n[3] The Vulnerable Vim Test Suite\r\n http://www.rdancer.org/vulnerablevim-latest.tar.bz2\r\n[4] Proposed patch\r\n http://www.rdancer.org/vulnerablevim-filetype.vim.updated.patch\r\n\r\n\r\n8. COPYRIGHT\r\n\r\nThis advisory is Copyright 2008 Jan Minar <rdancer@rdancer.org>\r\n\r\nCopying welcome, under the Creative Commons ``Attribution-Share Alike''\r\nLicense http://creativecommons.org/licenses/by-sa/2.0/uk/\r\n\r\nCode included herein, and accompanying this advisory, may be copied\r\naccording to the GNU General Public License version 2, or the Vim\r\nlicense. See the subdirectory ``licenses''.\r\n\r\nVarious portions of the accompanying code were written by various\r\nparties. Those parties may hold copyright, and those portions may be\r\ncopied according to their respective licenses.\r\n\r\n\r\n9. HISTORY\r\n\r\n2008-07-23 Sent to: <bugs@vim.org>, <vim-dev@vim.org>,\r\n <full-disclosure@lists.grok.org.uk>, <bugtraq@securityfocus.com>", "published": "2008-07-24T00:00:00", "modified": "2008-07-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20220", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2008-2712"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:27", "edition": 1, "viewCount": 4, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:10:27", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-2712"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310870052", "OPENVAS:880301", "OPENVAS:136141256231065087", "OPENVAS:1361412562310880301", "OPENVAS:65087", "OPENVAS:61187", "OPENVAS:870052", "OPENVAS:1361412562310870059", "OPENVAS:65807", "OPENVAS:136141256231065807"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9086", "SECURITYVULNS:DOC:20317"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_30866E6C3C6D11DD98C900163E000016.NASL", "DEBIAN_DSA-1733.NASL", "UBUNTU_USN-712-1.NASL", "ORACLELINUX_ELSA-2008-0617.NASL", "SUSE_GVIM-6025.NASL", "REDHAT-RHSA-2008-0617.NASL", "CENTOS_RHSA-2008-0617.NASL", "REDHAT-RHSA-2008-0618.NASL", "SUSE9_12360.NASL", "VMWARE_VMSA-2009-0004_REMOTE.NASL"]}, {"type": "freebsd", "idList": ["30866E6C-3C6D-11DD-98C9-00163E000016"]}, {"type": "exploitdb", "idList": ["EDB-ID:31911"]}, {"type": "redhat", "idList": ["RHSA-2008:0618", "RHSA-2008:0580", "RHSA-2008:0617"]}, {"type": "ubuntu", "idList": ["USN-712-1"]}, {"type": "debian", "idList": ["DEBIAN:39911521BDD8B510D11191B007C5C80B:928A4", "DEBIAN:DSA-1733-1:0AD7D"]}, {"type": "centos", "idList": ["CESA-2008:0618-01", "CESA-2008:0580", "CESA-2008:0617"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0617", "ELSA-2008-0580"]}, {"type": "vmware", "idList": ["VMSA-2009-0004"]}, {"type": "threatpost", "idList": ["THREATPOST:4F867C686B7E31697E158FBD04A5DD35"]}], "modified": "2018-08-31T11:10:27", "rev": 2}, "vulnersScore": 6.8}, "affectedSoftware": []}

{"cve": [{"lastseen": "2020-12-09T19:28:23", "description": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.", "edition": 6, "cvss3": {}, "published": "2008-06-16T21:41:00", "title": "CVE-2008-2712", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2712"], "modified": "2018-11-01T15:07:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:6.06", "cpe:/a:vim:vim:7.1.314", "cpe:/a:vim:vim:6.4", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "CVE-2008-2712", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2712", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:vim:vim:7.1.314:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:10:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2712"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-10-04T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:61187", "href": "http://plugins.openvas.org/nasl.php?oid=61187", "type": "openvas", "title": "FreeBSD Ports: vim, vim-lite, vim-ruby, vim6, vim6-ruby", "sourceData": "#\n#VID 30866e6c-3c6d-11dd-98c9-00163e000016\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n vim\n vim-lite\n vim-ruby\n vim6\n vim6-ruby\n\nCVE-2008-2712\nVim 7.1.314, 6.4, and other versions allows user-assisted remote\nattackers to execute arbitrary commands via Vim scripts that do not\nproperly sanitize inputs before invoking the execute or system\nfunctions, as demonstrated using (1) filetype.vim, (2) zipplugin, (3)\nxpm.vim, (4) gzip_vim, and (5) netrw.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.rdancer.org/vulnerablevim.html\nhttp://www.vuxml.org/freebsd/30866e6c-3c6d-11dd-98c9-00163e000016.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(61187);\n script_version(\"$Revision: 4203 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-04 07:30:30 +0200 (Tue, 04 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2008-2712\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: vim, vim-lite, vim-ruby, vim6, vim6-ruby\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"vim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6\")>0 && revcomp(a:bver, b:\"6.4.10\")<=0) {\n txt += 'Package vim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"7\")>0 && revcomp(a:bver, b:\"7.1.315\")<0) {\n txt += 'Package vim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"vim-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6\")>0 && revcomp(a:bver, b:\"6.4.10\")<=0) {\n txt += 'Package vim-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"7\")>0 && revcomp(a:bver, b:\"7.1.315\")<0) {\n txt += 'Package vim-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"vim-ruby\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6\")>0 && revcomp(a:bver, b:\"6.4.10\")<=0) {\n txt += 'Package vim-ruby version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"7\")>0 && revcomp(a:bver, b:\"7.1.315\")<0) {\n txt += 'Package vim-ruby version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"vim6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6\")>0 && revcomp(a:bver, b:\"6.4.10\")<=0) {\n txt += 'Package vim6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"7\")>0 && revcomp(a:bver, b:\"7.1.315\")<0) {\n txt += 'Package vim6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"vim6-ruby\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6\")>0 && revcomp(a:bver, b:\"6.4.10\")<=0) {\n txt += 'Package vim6-ruby version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"7\")>0 && revcomp(a:bver, b:\"7.1.315\")<0) {\n txt += 'Package vim6-ruby version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4101", "CVE-2008-2712"], "description": "Check for the Version of vim", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870052", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870052", "type": "openvas", "title": "RedHat Update for vim RHSA-2008:0618-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for vim RHSA-2008:0618-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vim (Visual editor IMproved) is an updated and improved version of the vi\n editor.\n\n Several input sanitization flaws were found in Vim's keyword and tag\n handling. If Vim looked up a document's maliciously crafted tag or keyword,\n it was possible to execute arbitrary code as the user running Vim.\n (CVE-2008-4101)\n \n Several input sanitization flaws were found in various Vim system\n functions. If a user opened a specially crafted file, it was possible to\n execute arbitrary code as the user running Vim. (CVE-2008-2712)\n \n All Vim users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\";\n\ntag_affected = \"vim on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-November/msg00014.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870052\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0618-01\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\");\n script_name( \"RedHat Update for vim RHSA-2008:0618-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~6.0~7.25\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~6.0~7.25\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~6.0~7.25\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~6.0~7.25\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4101", "CVE-2008-2712"], "description": "Check for the Version of vim", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870052", "href": "http://plugins.openvas.org/nasl.php?oid=870052", "type": "openvas", "title": "RedHat Update for vim RHSA-2008:0618-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for vim RHSA-2008:0618-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vim (Visual editor IMproved) is an updated and improved version of the vi\n editor.\n\n Several input sanitization flaws were found in Vim's keyword and tag\n handling. If Vim looked up a document's maliciously crafted tag or keyword,\n it was possible to execute arbitrary code as the user running Vim.\n (CVE-2008-4101)\n \n Several input sanitization flaws were found in various Vim system\n functions. If a user opened a specially crafted file, it was possible to\n execute arbitrary code as the user running Vim. (CVE-2008-2712)\n \n All Vim users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\";\n\ntag_affected = \"vim on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-November/msg00014.html\");\n script_id(870052);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0618-01\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\");\n script_name( \"RedHat Update for vim RHSA-2008:0618-01\");\n\n script_summary(\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~6.0~7.25\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~6.0~7.25\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~6.0~7.25\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~6.0~7.25\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4101", "CVE-2008-2712"], "description": "Check for the Version of vim", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880301", "href": "http://plugins.openvas.org/nasl.php?oid=880301", "type": "openvas", "title": "CentOS Update for vim CESA-2008:0618-01 centos2 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for vim CESA-2008:0618-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vim (Visual editor IMproved) is an updated and improved version of the vi\n editor.\n\n Several input sanitization flaws were found in Vim's keyword and tag\n handling. If Vim looked up a document's maliciously crafted tag or keyword,\n it was possible to execute arbitrary code as the user running Vim.\n (CVE-2008-4101)\n \n Several input sanitization flaws were found in various Vim system\n functions. If a user opened a specially crafted file, it was possible to\n execute arbitrary code as the user running Vim. (CVE-2008-2712)\n \n All Vim users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\";\n\ntag_affected = \"vim on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-November/015444.html\");\n script_id(880301);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0618-01\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\");\n script_name( \"CentOS Update for vim CESA-2008:0618-01 centos2 i386\");\n\n script_summary(\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~6.0~7.25\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~6.0~7.25\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~6.0~7.25\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~6.0~7.25\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4101", "CVE-2008-2712"], "description": "Check for the Version of vim", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880301", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880301", "type": "openvas", "title": "CentOS Update for vim CESA-2008:0618-01 centos2 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for vim CESA-2008:0618-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vim (Visual editor IMproved) is an updated and improved version of the vi\n editor.\n\n Several input sanitization flaws were found in Vim's keyword and tag\n handling. If Vim looked up a document's maliciously crafted tag or keyword,\n it was possible to execute arbitrary code as the user running Vim.\n (CVE-2008-4101)\n \n Several input sanitization flaws were found in various Vim system\n functions. If a user opened a specially crafted file, it was possible to\n execute arbitrary code as the user running Vim. (CVE-2008-2712)\n \n All Vim users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\";\n\ntag_affected = \"vim on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-November/015444.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880301\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0618-01\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\");\n script_name( \"CentOS Update for vim CESA-2008:0618-01 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of vim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"vim-common\", rpm:\"vim-common~6.0~7.25\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-enhanced\", rpm:\"vim-enhanced~6.0~7.25\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-minimal\", rpm:\"vim-minimal~6.0~7.25\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vim-X11\", rpm:\"vim-X11~6.0~7.25\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4101", "CVE-2008-2712"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gvim\n vim\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65807", "href": "http://plugins.openvas.org/nasl.php?oid=65807", "type": "openvas", "title": "SLES10: Security update for vim", "sourceData": "#\n#VID slesp2-gvim-6025\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for vim\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gvim\n vim\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65807);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for vim\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gvim\", rpm:\"gvim~6.4.6~19.15\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~6.4.6~19.15\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4101", "CVE-2008-2712"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gvim\n vim\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065807", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065807", "type": "openvas", "title": "SLES10: Security update for vim", "sourceData": "#\n#VID slesp2-gvim-6025\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for vim\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gvim\n vim\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65807\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for vim\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gvim\", rpm:\"gvim~6.4.6~19.15\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vim\", rpm:\"vim~6.4.6~19.15\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4677", "CVE-2008-4101", "CVE-2008-2712"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gvim\n vim\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5044520 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65087", "href": "http://plugins.openvas.org/nasl.php?oid=65087", "type": "openvas", "title": "SLES9: Security update for ViM", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5044520.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for ViM\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gvim\n vim\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5044520 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65087);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for ViM\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gvim\", rpm:\"gvim~6.2~235.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4677", "CVE-2008-4101", "CVE-2008-2712"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gvim\n vim\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5044520 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065087", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065087", "type": "openvas", "title": "SLES9: Security update for ViM", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5044520.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for ViM\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gvim\n vim\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5044520 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65087\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for ViM\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gvim\", rpm:\"gvim~6.2~235.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2008-3074", "CVE-2008-2712"], "description": "This host is installed with Vim and is prone to Command Injection\n Vulnerability.", "modified": "2019-03-17T00:00:00", "published": "2008-12-02T00:00:00", "id": "OPENVAS:1361412562310900412", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900412", "type": "openvas", "title": "Vim Shell Command Injection Vulnerability (Linux)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_vim_shell_cmd_injection_vuln_lin_900412.nasl 14240 2019-03-17 15:50:45Z cfischer $\n# Description: Vim Shell Command Injection Vulnerability (Linux)\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900412\");\n script_version(\"$Revision: 14240 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-17 16:50:45 +0100 (Sun, 17 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-02 11:52:55 +0100 (Tue, 02 Dec 2008)\");\n script_bugtraq_id(32462);\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_name(\"Vim Shell Command Injection Vulnerability (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/30731/\");\n script_xref(name:\"URL\", value:\"http://www.rdancer.org/vulnerablevim-shellescape.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\");\n script_exclude_keys(\"ssh/no_linux_shell\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker execute arbitrary shell commands\n to compromise the system.\");\n\n script_tag(name:\"affected\", value:\"Vim version prior to 7.2 on Linux.\");\n\n script_tag(name:\"insight\", value:\"This error is due to the 'filetype.vim', 'tar.vim', 'zip.vim', 'xpm.vim',\n 'xpm2.vim', 'gzip.vim', and 'netrw.vim' scripts which are insufficiently filtering special characters.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 7.2 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Vim and is prone to Command Injection\n Vulnerability.\");\n\n exit(0);\n}\n\ninclude(\"ssh_func.inc\");\n\nsock = ssh_login_or_reuse_connection();\nif(sock)\n{\n vimVer = ssh_cmd(socket:sock, cmd:\"vim --version\", timeout:120);\n ssh_close_connection();\n if(\"VIM\" >< vimVer){\n pattern = \"Vi IMproved ([0-6](\\..*)?|7\\.[01](\\..*)?)\";\n if(egrep(pattern:pattern, string:vimVer)){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-03T15:46:08", "description": "Vim 7.x Vim Script Multiple Command Execution Vulnerabilities. CVE-2008-2712. Local exploit for linux platform", "published": "2008-06-14T00:00:00", "type": "exploitdb", "title": "Vim 7.x - Vim Script Multiple Command Execution Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2712"], "modified": "2008-06-14T00:00:00", "id": "EDB-ID:31911", "href": "https://www.exploit-db.com/exploits/31911/", "sourceData": "source: http://www.securityfocus.com/bid/29715/info\r\n\r\nVim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.\r\n\r\nSuccessfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.\r\n\r\nVim 7.1.298 is vulnerable; other versions may also be affected.\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31911-1.zip\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31911-2.zip\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31911-3.zip\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/31911/"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:27", "bulletinFamily": "software", "cvelist": ["CVE-2008-2712"], "description": "Vim: Unfixed Vulnerabilities in Tar Plugin Version 20\r\n\r\n1. SUMMARY\r\n\r\nProduct : Vim -- Vi IMproved\r\nVersion : Vim >= 7.0 (possibly older), present in 7.2c.002\r\n autoload/tar.vim >= 9 (possibly older), present in version 20\r\nImpact : Arbitrary code execution\r\nWherefrom: Local, remote\r\nCVE : CVE-2008-2712\r\nOriginal : http://www.rdancer.org/vulnerablevim-tarplugin-update.html\r\n\r\nThe Vim Tar Plugin vulnerabilities published in our previous advisories\r\nhave been addressed, but the changes do not provide fix for all attack\r\nvectors. We analyses some of the vulnerabilities remaining in\r\n``$VIMRUNTIME/autoload/tar.vim''.\r\n\r\n\r\n2. BACKGROUND\r\n\r\n ``Vim is an almost compatible version of the UNIX editor Vi. Many new\r\n features have been added: multi-level undo, syntax highlighting,\r\n command line history, on-line help, spell checking, filename\r\n completion, block operations, etc.''\r\n\r\n -- Vim README.txt\r\n\r\n ``When one edits a *.tar file, this plugin will handle displaying a\r\n contents page. Select a file to edit by moving the cursor atop\r\n the desired file, then hit the <return> key. After editing, one may\r\n also write to the file.''\r\n\r\n -- Tar File Interface (pi_tar.txt)\r\n\r\n\r\n3. ATTEMPTED FIX\r\n\r\nThese are all the ``execute'' and system() calls in the current code\r\n(autoload/tar.vim version 20, 2008-07-30) code. It can be seen that all\r\nthe vulnerable statements have been changed. Unfortunately, not all the\r\nchanges provide a sufficient fix. (We analyse the vulnerabilities in\r\nsection 4 below):\r\n\r\n 133\t let tarfile=substitute(system("cygpath -u\r\n".s:Escape(tarfile,0)),'\n$','','e')\r\n 138\t exe "silent r! gzip -d -c -- ".s:Escape(tarfile,1)." |\r\n".g:tar_cmd." -".g:tar_browseoptions." - "\r\n 141\t exe "silent r! cat -- ".s:Escape(tarfile,1)."|gzip -d -c\r\n-|".g:tar_cmd." -".g:tar_browseoptions." - "\r\n 144\t exe "silent r! bzip2 -d -c -- ".s:Escape(tarfile,1)." |\r\n".g:tar_cmd." -".g:tar_browseoptions." - "\r\n 147\t exe "silent r! ".g:tar_cmd." -".g:tar_browseoptions."\r\n".s:Escape(tarfile,1)\r\n 163\t exe "r ".fnameescape(a:tarfile)\r\n 198\t let tarfile=substitute(system("cygpath -u\r\n".s:Escape(tarfile,0)),'\n$','','e')\r\n 223\t let tarfile=substitute(system("cygpath -u\r\n".s:Escape(tarfile,0)),'\n$','','e')\r\n 244\t exe "silent r! gzip -d -c -- ".s:Escape(tarfile,1)."|\r\n".g:tar_cmd." -".g:tar_readoptions." - ".s:Escape(fname,1).decmp\r\n 247\t exe "silent r! cat -- ".s:Escape(tarfile,1)." | gzip -d -c\r\n- | ".g:tar_cmd." -".g:tar_readoptions." - ".s:Escape(fname,1).decmp\r\n 250\t exe "silent r! bzip2 -d -c -- ".s:Escape(tarfile,1)."|\r\n".g:tar_cmd." -".g:tar_readoptions." - ".s:Escape(fname,1).decmp\r\n 253\t exe "silent r! ".g:tar_cmd." -".g:tar_readoptions."\r\n".s:Escape(tarfile,1)." -- ".s:Escape(fname,1).decmp\r\n 262\t exe "file tarfile::".fnameescape(fname)\r\n 308\t exe "cd ".fnameescape(tmpdir)\r\n 332\t call system("gzip -d -- ".s:Escape(tarfile,0))\r\n 336\t call system("gzip -d -- ".s:Escape(tarfile,0))\r\n 341\t call system("bzip2 -d -- ".s:Escape(tarfile,0))\r\n 359\t let dirpath = substitute(system("cygpath\r\n".s:Escape(dirpath, 0)),'\n','','e')\r\n 368\t exe "w! ".fnameescape(fname)\r\n 370\t let tarfile = substitute(system("cygpath\r\n".s:Escape(tarfile,0)),'\n','','e')\r\n 375\t call system("tar --delete -f ".s:Escape(tarfile,0)." --\r\n".s:Escape(fname,0))\r\n 384\t call system("tar -".g:tar_writeoptions."\r\n".s:Escape(tarfile,0)." -- ".s:Escape(fname,0))\r\n 391\t call system(compress)\r\n 407\t exe "e! ".fnameescape(tarfile)\r\n 419\t exe "cd ".fnameescape(curdir)\r\n 431\t call system("/bin/rm -rf -- ".s:Escape(a:fname,0))\r\n 434\t call system("/bin/rm -rf -- ".s:Escape(a:fname,0))\r\n 436\t call system("del /S ".s:Escape(a:fname,0))\r\n\r\nThis is the listing from section ``3.4.2.3.1.'' of the original\r\nadvisory[1], for reference:\r\n\r\n 99\t exe "$put ='".'\"'." Browsing tarfile ".a:tarfile."'"\r\n 107\t let tarfile=substitute(system("cygpath -u ".tarfile),'\n$','','e')\r\n 112\t exe "silent r! gzip -d -c ".g:tar_shq.tarfile.g:tar_shq."|\r\n".g:tar_cmd." -".g:tar_browseoptions." - "\r\n 115\t exe "silent r! bzip2 -d -c ".g:tar_shq.tarfile.g:tar_shq."|\r\n".g:tar_cmd." -".g:tar_browseoptions." - "\r\n 118\t exe "silent r! ".g:tar_cmd." -".g:tar_browseoptions."\r\n".g:tar_shq.tarfile.g:tar_shq\r\n 134\t exe "r ".a:tarfile\r\n 169\t let tarfile=substitute(system("cygpath -u ".tarfile),'\n$','','e')\r\n 192\t let tarfile=substitute(system("cygpath -u ".tarfile),'\n$','','e')\r\n 199\t exe "silent r! gzip -d -c ".g:tar_shq.tarfile.g:tar_shq."|\r\n".g:tar_cmd." -".g:tar_readoptions." - '".fname."'"\r\n 202\t exe "silent r! bzip2 -d -c ".g:tar_shq.tarfile.g:tar_shq."|\r\n".g:tar_cmd." -".g:tar_readoptions." - '".fname."'"\r\n 205\t exe "silent r! ".g:tar_cmd." -".g:tar_readoptions."\r\n".g:tar_shq.tarfile.g:tar_shq." ".g:tar_shq.fname.g:tar_shq\r\n 208\t exe "file tarfile:".fname\r\n 278\t call system("gzip -d ".tarfile)\r\n 282\t call system("gzip -d ".tarfile)\r\n 287\t call system("bzip2 -d ".tarfile)\r\n 303\t let dirpath = substitute(system("cygpath ".dirpath),'\n','','e')\r\n 312\t exe "w! ".fname\r\n 314\t let tarfile = substitute(system("cygpath ".tarfile),'\n','','e')\r\n 319\t call system("tar --delete -f '".tarfile."' '".fname."'")\r\n 335\t call system(compress)\r\n 351\t exe "e! ".tarfile\r\n\r\n\r\n4. VULNERABILITIES\r\n\r\n4.1. Untrusted File Names Interpreted as Optional Argument\r\n\r\n4.1.1. POSIX Systems\r\n\r\nThe POSIX end-of-options double-dash (--) is missing from some of the\r\ncommands invoked by system() -- line 244 a.o.:\r\n\r\n 244\t exe "silent r! gzip -d -c -- ".s:Escape(tarfile,1)."|\r\n".g:tar_cmd." -".g:tar_readoptions." - ".s:Escape(fname,1).decmp\r\n\r\nThe resulting command looks like this:\r\n\r\n gzip -d -c -- TARBALL | tar -OPxf - MEMBER\r\n\r\nMEMBER can be interpreted by tar(1) as a command line option. This can\r\nbe still used to execute arbitrary shell commands (cf. e.g. the\r\n``--compress-program'' option of tar(1)).\r\n\r\n\r\n4.1.2. Other Systems\r\n\r\nWith implementations of tar(1) (and other programs) that do not\r\nunderstand the double-dash convention, another mechanism must be used to\r\nprevent the file name from being interpreted as command line options.\r\nAt the same time, the current code may confuse such programs.\r\n\r\nIt is not possible for Vim to know the invocation syntax of external\r\nprograms. As the double-dash security measure may not be present in any\r\ngiven external command, the security of commands that pass untrusted\r\ninput to these external commands is not be guaranteed.\r\n\r\n\r\n4.2 Unspecified Behaviour of system() and ``!''\r\n\r\n4.2.1. The system() Function\r\n\r\nsystem(), does not invoke /bin/sh to run the commands, as does the C\r\nStandard Library function of the same name. Rather, it uses the program\r\nspecified in the Vim internal option 'shell'. The full details of how\r\nsystem() works can be found in the Vim Manual:\r\n\r\n ``system({expr} [, {input}]) *system()* *E677*\r\n [...]\r\n The command executed is constructed using several options:\r\n 'shell' 'shellcmdflag' 'shellxquote' {expr} 'shellredir' {tmp} 'shellxquote'\r\n ({tmp} is an automatically generated file name). For Unix and OS/2\r\n braces are put around {expr} to allow for concatenated commands.''\r\n\r\n -- Vim Reference Manual (``eval.txt'')\r\n\r\nAs the particularities of how this program interprets the command can\r\nnot be known, it is inherently impossible to say anything meaningful as\r\nto whether there are security issues. In fact, it is not possible to\r\nsay anything about how the command will be interpreted, or if it will be\r\ninterpreted at all. In the absence of a baseline specification, the\r\nbehaviour of system() as implemented by Vim can only be described as\r\n"unspecified".\r\n\r\nBy setting the respective options to known values, it may be possible to\r\nreach the C Standard Library system() functionality. There will still\r\nbe problems on systems without /bin/sh, and on systems where /bin/sh is\r\nnot POSIX-conformant.\r\n\r\n\r\n4.2.2. The ``!'' Command\r\n\r\nThe same applies to the ``!'' command, as used e.g. on line 138:\r\n\r\n 138\t exe "silent r! gzip -d -c -- ".s:Escape(tarfile,1)." |\r\n".g:tar_cmd." -".g:tar_browseoptions." - "\r\n\r\nThe ``r!'' means the ``read'' command reads the output of the ``!''\r\ncommand, which in turn executes shell commands, in a way similar to\r\nsystem().\r\n\r\n\r\n5. EXPLOIT\r\n\r\nNo exploit code is provided.\r\n\r\n\r\n6. REFERENCES\r\n\r\n[1] Collection of Vulnerabilities in Fully Patched Vim 7.1\r\n http://www.rdancer.org/vulnerablevim.html\r\n\r\n\r\n7. COPYRIGHT\r\n\r\nThis advisory is Copyright 2008 Jan Minar <rdancer@rdancer.org>\r\n\r\nCopying welcome, under the Creative Commons ``Attribution-Share Alike''\r\nLicense http://creativecommons.org/licenses/by-sa/2.0/uk/\r\n\r\nCode included herein, and accompanying this advisory, may be copied\r\naccording to the GNU General Public License version 2, or the Vim\r\nlicense. See the subdirectory ``licenses''.\r\n\r\nVarious portions of the accompanying code were written by various\r\nparties. Those parties may hold copyright, and those portions may be\r\ncopied according to their respective licenses.\r\n\r\n\r\n8. HISTORY\r\n\r\n2008-08-08 Sent to: <bugs@vim.org>, <vim-dev@vim.org>,\r\n <full-disclosure@lists.grok.org.uk>,\r\n <bugtraq@securityfocus.com>,\r\n Charles E Campbell, Jr (Vim Tar Plugin Maintainer)\r\n <drchip@campbellfamily.biz>", "edition": 1, "modified": "2008-08-08T00:00:00", "published": "2008-08-08T00:00:00", "id": "SECURITYVULNS:DOC:20317", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20317", "title": "Vim: Unfixed Vulnerabilities in Tar Plugin Version 20", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:30", "bulletinFamily": "software", "cvelist": ["CVE-2008-2712"], "description": "Code execution on file open.", "edition": 1, "modified": "2008-08-25T00:00:00", "published": "2008-08-25T00:00:00", "id": "SECURITYVULNS:VULN:9086", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9086", "title": "vim multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:25", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2712"], "description": "\nRdancer.org reports:\n\nImproper quoting in some parts of Vim written in the Vim Script\n\t can lead to arbitrary code execution upon opening a crafted\n\t file.\n\n", "edition": 5, "modified": "2008-06-16T00:00:00", "published": "2008-06-16T00:00:00", "id": "30866E6C-3C6D-11DD-98C9-00163E000016", "href": "https://vuxml.freebsd.org/freebsd/30866e6c-3c6d-11dd-98c9-00163e000016.html", "title": "vim -- Vim Shell Command Injection Vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-07T10:41:03", "description": "Rdancer.org reports :\n\nImproper quoting in some parts of Vim written in the Vim Script can\nlead to arbitrary code execution upon opening a crafted file.", "edition": 26, "published": "2008-06-24T00:00:00", "title": "FreeBSD : vim -- Vim Shell Command Injection Vulnerabilities (30866e6c-3c6d-11dd-98c9-00163e000016)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2712"], "modified": "2008-06-24T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:vim-console", "p-cpe:/a:freebsd:freebsd:vim6-ruby", "p-cpe:/a:freebsd:freebsd:vim6", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:vim-lite", "p-cpe:/a:freebsd:freebsd:vim-ruby", "p-cpe:/a:freebsd:freebsd:vim"], "id": "FREEBSD_PKG_30866E6C3C6D11DD98C900163E000016.NASL", "href": "https://www.tenable.com/plugins/nessus/33240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33240);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2712\");\n\n script_name(english:\"FreeBSD : vim -- Vim Shell Command Injection Vulnerabilities (30866e6c-3c6d-11dd-98c9-00163e000016)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rdancer.org reports :\n\nImproper quoting in some parts of Vim written in the Vim Script can\nlead to arbitrary code execution upon opening a crafted file.\"\n );\n # http://www.rdancer.org/vulnerablevim.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.rdancer.org/vulnerablevim.html\"\n );\n # https://vuxml.freebsd.org/freebsd/30866e6c-3c6d-11dd-98c9-00163e000016.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60f4186f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vim-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vim-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vim-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vim6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:vim6-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"vim>6<=6.4.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim>7<7.1.315\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim-console>6<=6.4.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim-console>7<7.1.315\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim-lite>6<=6.4.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim-lite>7<7.1.315\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim-ruby>6<=6.4.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim-ruby>7<7.1.315\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim6>6<=6.4.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim6>7<7.1.315\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim6-ruby>6<=6.4.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"vim6-ruby>7<7.1.315\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:56:23", "description": "Updated vim packages that fix security issues are now available for\nRed Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "edition": 27, "published": "2008-11-25T00:00:00", "title": "RHEL 2.1 : vim (RHSA-2008:0618)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4101", "CVE-2008-2712"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:vim-X11", "p-cpe:/a:redhat:enterprise_linux:vim-common", "p-cpe:/a:redhat:enterprise_linux:vim-enhanced", "p-cpe:/a:redhat:enterprise_linux:vim-minimal"], "id": "REDHAT-RHSA-2008-0618.NASL", "href": "https://www.tenable.com/plugins/nessus/34955", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0618. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34955);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2019/10/25 13:36:13\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\");\n script_xref(name:\"RHSA\", value:\"2008:0618\");\n\n script_name(english:\"RHEL 2.1 : vim (RHSA-2008:0618)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vim packages that fix security issues are now available for\nRed Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0618\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0618\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"vim-X11-6.0-7.25\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"vim-common-6.0-7.25\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"vim-enhanced-6.0-7.25\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"vim-minimal-6.0-7.25\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim-X11 / vim-common / vim-enhanced / vim-minimal\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:56:50", "description": "Jan Minar discovered that Vim did not properly sanitize inputs before\ninvoking the execute or system functions inside Vim scripts. If a user\nwere tricked into running Vim scripts with a specially crafted input,\nan attacker could execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2008-2712)\n\nBen Schmidt discovered that Vim did not properly escape characters\nwhen performing keyword or tag lookups. If a user were tricked into\nrunning specially crafted commands, an attacker could execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2008-4101).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : vim vulnerabilities (USN-712-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4101", "CVE-2008-2712"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "p-cpe:/a:canonical:ubuntu_linux:vim-doc", "p-cpe:/a:canonical:ubuntu_linux:vim-common", "p-cpe:/a:canonical:ubuntu_linux:vim-python", "p-cpe:/a:canonical:ubuntu_linux:vim-gui-common", "p-cpe:/a:canonical:ubuntu_linux:vim-ruby", "p-cpe:/a:canonical:ubuntu_linux:vim", "p-cpe:/a:canonical:ubuntu_linux:vim-gnome", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:vim-tcl", "p-cpe:/a:canonical:ubuntu_linux:vim-tiny", "p-cpe:/a:canonical:ubuntu_linux:vim-dbg", "cpe:/o:canonical:ubuntu_linux:8.10", "p-cpe:/a:canonical:ubuntu_linux:vim-full", "p-cpe:/a:canonical:ubuntu_linux:vim-perl", "p-cpe:/a:canonical:ubuntu_linux:vim-nox", "p-cpe:/a:canonical:ubuntu_linux:vim-gtk", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "p-cpe:/a:canonical:ubuntu_linux:vim-runtime"], "id": "UBUNTU_USN-712-1.NASL", "href": "https://www.tenable.com/plugins/nessus/38044", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-712-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38044);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:33:02\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\");\n script_xref(name:\"USN\", value:\"712-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : vim vulnerabilities (USN-712-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jan Minar discovered that Vim did not properly sanitize inputs before\ninvoking the execute or system functions inside Vim scripts. If a user\nwere tricked into running Vim scripts with a specially crafted input,\nan attacker could execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2008-2712)\n\nBen Schmidt discovered that Vim did not properly escape characters\nwhen performing keyword or tag lookups. If a user were tricked into\nrunning specially crafted commands, an attacker could execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2008-4101).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/712-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-full\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-gui-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vim-tiny\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.10|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.10 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim\", pkgver:\"1:6.4-006+2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-common\", pkgver:\"6.4-006+2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-doc\", pkgver:\"6.4-006+2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-gnome\", pkgver:\"6.4-006+2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-gtk\", pkgver:\"6.4-006+2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-gui-common\", pkgver:\"6.4-006+2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-perl\", pkgver:\"6.4-006+2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-python\", pkgver:\"6.4-006+2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-ruby\", pkgver:\"6.4-006+2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-runtime\", pkgver:\"1:6.4-006+2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-tcl\", pkgver:\"6.4-006+2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"vim-tiny\", pkgver:\"6.4-006+2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"vim\", pkgver:\"1:7.1-056+2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"vim-common\", pkgver:\"7.1-056+2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"vim-doc\", pkgver:\"7.1-056+2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"vim-full\", pkgver:\"7.1-056+2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"vim-gnome\", pkgver:\"7.1-056+2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"vim-gtk\", pkgver:\"7.1-056+2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"vim-gui-common\", pkgver:\"7.1-056+2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"vim-perl\", pkgver:\"7.1-056+2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"vim-python\", pkgver:\"7.1-056+2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"vim-ruby\", pkgver:\"7.1-056+2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"vim-runtime\", pkgver:\"1:7.1-056+2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"vim-tcl\", pkgver:\"7.1-056+2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"vim-tiny\", pkgver:\"7.1-056+2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"vim\", pkgver:\"1:7.1-138+1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"vim-common\", pkgver:\"7.1-138+1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"vim-doc\", pkgver:\"7.1-138+1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"vim-full\", pkgver:\"7.1-138+1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"vim-gnome\", pkgver:\"7.1-138+1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"vim-gtk\", pkgver:\"7.1-138+1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"vim-gui-common\", pkgver:\"7.1-138+1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"vim-nox\", pkgver:\"7.1-138+1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"vim-perl\", pkgver:\"7.1-138+1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"vim-python\", pkgver:\"7.1-138+1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"vim-ruby\", pkgver:\"7.1-138+1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"vim-runtime\", pkgver:\"1:7.1-138+1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"vim-tcl\", pkgver:\"7.1-138+1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"vim-tiny\", pkgver:\"7.1-138+1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim\", pkgver:\"1:7.1.314-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim-common\", pkgver:\"7.1.314-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim-dbg\", pkgver:\"7.1.314-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim-doc\", pkgver:\"7.1.314-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim-full\", pkgver:\"7.1.314-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim-gnome\", pkgver:\"7.1.314-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim-gtk\", pkgver:\"7.1.314-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim-gui-common\", pkgver:\"7.1.314-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim-nox\", pkgver:\"7.1.314-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim-perl\", pkgver:\"7.1.314-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim-python\", pkgver:\"7.1.314-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim-ruby\", pkgver:\"7.1.314-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim-runtime\", pkgver:\"1:7.1.314-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim-tcl\", pkgver:\"7.1.314-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"vim-tiny\", pkgver:\"7.1.314-3ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim / vim-common / vim-dbg / vim-doc / vim-full / vim-gnome / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:30:30", "description": "The VI Improved editor (vim) received bugfixes for some code execution\nproblems.\n\n - Arbitrary code execution in vim helper plugins\n filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw\n were fix ed. CVE-2008-4101: Arbitrary code execution\n when pressing K, ctrl-] or g] depending on the text\n under the cursor. (CVE-2008-2712)", "edition": 22, "published": "2009-09-24T00:00:00", "title": "SuSE 10 Security Update : vim (ZYPP Patch Number 6025)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4101", "CVE-2008-2712"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GVIM-6025.NASL", "href": "https://www.tenable.com/plugins/nessus/41519", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41519);\n script_version (\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:36\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\");\n\n script_name(english:\"SuSE 10 Security Update : vim (ZYPP Patch Number 6025)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The VI Improved editor (vim) received bugfixes for some code execution\nproblems.\n\n - Arbitrary code execution in vim helper plugins\n filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw\n were fix ed. CVE-2008-4101: Arbitrary code execution\n when pressing K, ctrl-] or g] depending on the text\n under the cursor. (CVE-2008-2712)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2712.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4101.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6025.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"gvim-6.4.6-19.15\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"vim-6.4.6-19.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"gvim-6.4.6-19.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"vim-6.4.6-19.15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:50:24", "description": "The VI Improved editor (vim) received bugfixes for some code execution\nproblems.\n\n - Arbitrary code execution in vim helper plugins\n filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw\n were fixed. (CVE-2008-2712)\n\n - Arbitrary code execution when pressing K, ctrl-] or g]\n depending on the text under the cursor. (CVE-2008-4101)\n\n - The netrw plugin sent credentials to all servers.\n (CVE-2008-4677)", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : ViM (YOU Patch Number 12360)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4677", "CVE-2008-4101", "CVE-2008-2712"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12360.NASL", "href": "https://www.tenable.com/plugins/nessus/41283", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41283);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:33\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\", \"CVE-2008-4677\");\n\n script_name(english:\"SuSE9 Security Update : ViM (YOU Patch Number 12360)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The VI Improved editor (vim) received bugfixes for some code execution\nproblems.\n\n - Arbitrary code execution in vim helper plugins\n filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw\n were fixed. (CVE-2008-2712)\n\n - Arbitrary code execution when pressing K, ctrl-] or g]\n depending on the text under the cursor. (CVE-2008-4101)\n\n - The netrw plugin sent credentials to all servers.\n (CVE-2008-4677)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2712.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2008-4677/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12360.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"gvim-6.2-235.8\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"vim-6.2-235.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:25:23", "description": "Updated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "edition": 28, "published": "2009-04-23T00:00:00", "title": "CentOS 3 / 4 : vim (CESA-2008:0617)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-2712"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:centos:centos:vim-common", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:vim-minimal", "p-cpe:/a:centos:centos:vim-enhanced", "p-cpe:/a:centos:centos:vim-X11", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2008-0617.NASL", "href": "https://www.tenable.com/plugins/nessus/37794", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0617 and \n# CentOS Errata and Security Advisory 2008:0617 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37794);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3432\", \"CVE-2008-4101\");\n script_xref(name:\"RHSA\", value:\"2008:0617\");\n\n script_name(english:\"CentOS 3 / 4 : vim (CESA-2008:0617)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015438.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc54fc6a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015439.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?367a1c9a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015440.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fbfb5dee\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015442.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4a2cdf8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015457.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec3f54e1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-November/015458.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22256de6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"vim-X11-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"vim-common-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"vim-enhanced-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"vim-minimal-6.3.046-0.30E.11\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"vim-X11-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"vim-X11-6.3.046-1.c4.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"vim-X11-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"vim-common-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"vim-common-6.3.046-1.c4.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"vim-common-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"vim-enhanced-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"vim-enhanced-6.3.046-1.c4.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"vim-enhanced-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"vim-minimal-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"vim-minimal-6.3.046-1.c4.5z\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"vim-minimal-6.3.046-1.el4_7.5z\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim-X11 / vim-common / vim-enhanced / vim-minimal\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:35:32", "description": "From Red Hat Security Advisory 2008:0617 :\n\nUpdated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : vim (ELSA-2008-0617)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-2712"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:vim-enhanced", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:vim-X11", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:vim-minimal", "p-cpe:/a:oracle:linux:vim-common"], "id": "ORACLELINUX_ELSA-2008-0617.NASL", "href": "https://www.tenable.com/plugins/nessus/67732", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0617 and \n# Oracle Linux Security Advisory ELSA-2008-0617 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67732);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/25 13:36:07\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3432\", \"CVE-2008-4101\");\n script_xref(name:\"RHSA\", value:\"2008:0617\");\n\n script_name(english:\"Oracle Linux 3 / 4 : vim (ELSA-2008-0617)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0617 :\n\nUpdated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-November/000814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-November/000815.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"vim-X11-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"vim-X11-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"vim-common-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"vim-common-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"vim-enhanced-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"vim-enhanced-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"vim-minimal-6.3.046-0.30E.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"vim-minimal-6.3.046-0.30E.11\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"vim-X11-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"vim-common-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"vim-enhanced-6.3.046-1.el4_7.5z\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"vim-minimal-6.3.046-1.el4_7.5z\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim-X11 / vim-common / vim-enhanced / vim-minimal\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:56:23", "description": "Updated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "edition": 27, "published": "2008-11-25T00:00:00", "title": "RHEL 3 / 4 : vim (RHSA-2008:0617)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-2712"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:vim-X11", "p-cpe:/a:redhat:enterprise_linux:vim-common", "p-cpe:/a:redhat:enterprise_linux:vim-enhanced", "cpe:/o:redhat:enterprise_linux:4.7", "p-cpe:/a:redhat:enterprise_linux:vim-minimal"], "id": "REDHAT-RHSA-2008-0617.NASL", "href": "https://www.tenable.com/plugins/nessus/34954", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0617. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34954);\n script_version (\"1.28\");\n script_cvs_date(\"Date: 2019/10/25 13:36:13\");\n\n script_cve_id(\"CVE-2007-2953\", \"CVE-2008-2712\", \"CVE-2008-3432\", \"CVE-2008-4101\");\n script_xref(name:\"RHSA\", value:\"2008:0617\");\n\n script_name(english:\"RHEL 3 / 4 : vim (RHSA-2008:0617)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vim packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the\nvi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or\nkeyword, it was possible to execute arbitrary code as the user running\nVim. (CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file\nname patterns with shell wildcards. An attacker could create a\nspecially crafted file or directory name that, when opened by Vim,\ncaused the application to crash or, possibly, execute arbitrary code.\n(CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible\nto execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw\nin Vim's help tag processor. If a user was tricked into executing the\n'helptags' command on malicious data, arbitrary code could be executed\nwith the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0617\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0617\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"vim-X11-6.3.046-0.30E.11\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"vim-common-6.3.046-0.30E.11\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"vim-enhanced-6.3.046-0.30E.11\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"vim-minimal-6.3.046-0.30E.11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-X11-6.3.046-1.el4_7.5z\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-common-6.3.046-1.el4_7.5z\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-enhanced-6.3.046-1.el4_7.5z\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"vim-minimal-6.3.046-1.el4_7.5z\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim-X11 / vim-common / vim-enhanced / vim-minimal\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:45:18", "description": "Several vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2008-2712\n Jan Minar discovered that vim did not properly sanitise\n inputs before invoking the execute or system functions\n inside vim scripts. This could lead to the execution of\n arbitrary code.\n\n - CVE-2008-3074\n Jan Minar discovered that the tar plugin of vim did not\n properly sanitise the filenames in the tar archive or\n the name of the archive file itself, making it prone to\n arbitrary code execution.\n\n - CVE-2008-3075\n Jan Minar discovered that the zip plugin of vim did not\n properly sanitise the filenames in the zip archive or\n the name of the archive file itself, making it prone to\n arbitrary code execution.\n\n - CVE-2008-3076\n Jan Minar discovered that the netrw plugin of vim did\n not properly sanitise the filenames or directory names\n it is given. This could lead to the execution of\n arbitrary code.\n\n - CVE-2008-4101\n Ben Schmidt discovered that vim did not properly escape\n characters when performing keyword or tag lookups. This\n could lead to the execution of arbitrary code.", "edition": 26, "published": "2009-03-04T00:00:00", "title": "Debian DSA-1733-1 : vim - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "modified": "2009-03-04T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:vim"], "id": "DEBIAN_DSA-1733.NASL", "href": "https://www.tenable.com/plugins/nessus/35764", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1733. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35764);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4101\");\n script_xref(name:\"DSA\", value:\"1733\");\n\n script_name(english:\"Debian DSA-1733-1 : vim - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2008-2712\n Jan Minar discovered that vim did not properly sanitise\n inputs before invoking the execute or system functions\n inside vim scripts. This could lead to the execution of\n arbitrary code.\n\n - CVE-2008-3074\n Jan Minar discovered that the tar plugin of vim did not\n properly sanitise the filenames in the tar archive or\n the name of the archive file itself, making it prone to\n arbitrary code execution.\n\n - CVE-2008-3075\n Jan Minar discovered that the zip plugin of vim did not\n properly sanitise the filenames in the zip archive or\n the name of the archive file itself, making it prone to\n arbitrary code execution.\n\n - CVE-2008-3076\n Jan Minar discovered that the netrw plugin of vim did\n not properly sanitise the filenames or directory names\n it is given. This could lead to the execution of\n arbitrary code.\n\n - CVE-2008-4101\n Ben Schmidt discovered that vim did not properly escape\n characters when performing keyword or tag lookups. This\n could lead to the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1733\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the oldstable distribution (etch), these problems have been fixed\nin version 1:7.0-122+1etch5.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1:7.1.314-3+lenny1, which was already included in the lenny\nrelease.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 78, 94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"vim\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-common\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-doc\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-full\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-gnome\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-gtk\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-gui-common\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-lesstif\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-perl\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-python\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-ruby\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-runtime\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-tcl\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"vim-tiny\", reference:\"1:7.0-122+1etch5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"vim\", reference:\"1:7.1.314-3+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T15:19:58", "description": "The remote VMware ESX host is missing a security-related patch. It is,\ntherefore, is affected by multiple vulnerabilities :\n\n - A format string flaw exists in the Vim help tag\n processor in the helptags_one() function that allows a\n remote attacker to execute arbitrary code by tricking a\n user into executing the 'helptags' command on malicious\n help files. (CVE-2007-2953)\n\n - Multiple flaws exist in the Vim system functions due to\n a failure to sanitize user-supplied input. An attacker\n can exploit these to execute arbitrary code by tricking\n a user into opening a crafted file. (CVE-2008-2712)\n\n - A heap-based buffer overflow condition exists in the Vim\n mch_expand_wildcards() function. An attacker can exploit\n this, via shell metacharacters in a crafted file name,\n to execute arbitrary code. (CVE-2008-3432)\n\n - Multiple flaws exist in Vim keyword and tag handling due\n to improper handling of escape characters. An attacker\n can exploit this, via a crafted document, to execute\n arbitrary shell commands or Ex commands. (CVE-2008-4101)\n\n - A security bypass vulnerability exists in OpenSSL due to\n a failure to properly check the return value from the\n EVP_VerifyFinal() function. A remote attacker can\n exploit this, via a malformed SSL/TLS signature for DSA\n and ECDSA keys, to bypass the validation of the\n certificate chain. (CVE-2008-5077)\n\n - A security bypass vulnerability exists in BIND due to a\n failure to properly check the return value from the\n OpenSSL DSA_verify() function. A remote attacker can\n exploit this, via a malformed SSL/TLS signature, to\n bypass the validation of the certificate chain on those\n systems using DNSSEC. (CVE-2009-0025)", "edition": 26, "published": "2016-03-03T00:00:00", "title": "VMware ESX Multiple Vulnerabilities (VMSA-2009-0004) (remote check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2953", "CVE-2008-5077", "CVE-2008-3432", "CVE-2008-4101", "CVE-2009-0025", "CVE-2008-2712"], "modified": "2016-03-03T00:00:00", "cpe": ["cpe:/o:vmware:esx"], "id": "VMWARE_VMSA-2009-0004_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89112", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89112);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2007-2953\",\n \"CVE-2008-2712\",\n \"CVE-2008-3432\",\n \"CVE-2008-4101\",\n \"CVE-2008-5077\",\n \"CVE-2009-0025\"\n );\n script_bugtraq_id(\n 25095,\n 29715,\n 30648,\n 30795,\n 33150,\n 33151\n );\n script_xref(name:\"VMSA\", value:\"2009-0004\");\n\n script_name(english:\"VMware ESX Multiple Vulnerabilities (VMSA-2009-0004) (remote check)\");\n script_summary(english:\"Checks the ESX version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX host is missing a security-related patch. It is,\ntherefore, is affected by multiple vulnerabilities :\n\n - A format string flaw exists in the Vim help tag\n processor in the helptags_one() function that allows a\n remote attacker to execute arbitrary code by tricking a\n user into executing the 'helptags' command on malicious\n help files. (CVE-2007-2953)\n\n - Multiple flaws exist in the Vim system functions due to\n a failure to sanitize user-supplied input. An attacker\n can exploit these to execute arbitrary code by tricking\n a user into opening a crafted file. (CVE-2008-2712)\n\n - A heap-based buffer overflow condition exists in the Vim\n mch_expand_wildcards() function. An attacker can exploit\n this, via shell metacharacters in a crafted file name,\n to execute arbitrary code. (CVE-2008-3432)\n\n - Multiple flaws exist in Vim keyword and tag handling due\n to improper handling of escape characters. An attacker\n can exploit this, via a crafted document, to execute\n arbitrary shell commands or Ex commands. (CVE-2008-4101)\n\n - A security bypass vulnerability exists in OpenSSL due to\n a failure to properly check the return value from the\n EVP_VerifyFinal() function. A remote attacker can\n exploit this, via a malformed SSL/TLS signature for DSA\n and ECDSA keys, to bypass the validation of the\n certificate chain. (CVE-2008-5077)\n\n - A security bypass vulnerability exists in BIND due to a\n failure to properly check the return value from the\n OpenSSL DSA_verify() function. A remote attacker can\n exploit this, via a malformed SSL/TLS signature, to\n bypass the validation of the certificate chain on those\n systems using DNSSEC. (CVE-2009-0025)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2009-0004\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 3.5 / 4.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware/version\");\nrelease = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\nfixes = make_array();\nfixes[\"ESX 3.5\"] = 158874;\nfixes[\"ESX 4.0\"] = 219382;\n\nmatches = eregmatch(pattern:'^VMware (ESXi?).*build-([0-9]+)$', string:release);\nif (empty_or_null(matches))\n exit(1, 'Failed to extract the ESX / ESXi build number.');\n\ntype = matches[1];\nbuild = int(matches[2]);\n\nfixed_build = fixes[version];\n\nif (!isnull(fixed_build) && build < fixed_build)\n{\n padding = crap(data:\" \", length:8 - strlen(type)); # Spacing alignment\n\n report = '\\n ' + type + ' version' + padding + ': ' + version +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n\n security_report_v4(extra:report, port:port, severity:SECURITY_HOLE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + version + \" build \" + build);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:47", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2712", "CVE-2008-4101"], "description": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2018-03-14T19:25:39", "published": "2008-11-25T05:00:00", "id": "RHSA-2008:0618", "href": "https://access.redhat.com/errata/RHSA-2008:0618", "type": "redhat", "title": "(RHSA-2008:0618) Moderate: vim security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:37", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3432", "CVE-2008-4101"], "description": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file name\npatterns with shell wildcards. An attacker could create a specially-crafted\nfile or directory name that, when opened by Vim, caused the application to\ncrash or, possibly, execute arbitrary code. (CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2017-09-08T11:47:42", "published": "2008-11-25T05:00:00", "id": "RHSA-2008:0617", "href": "https://access.redhat.com/errata/RHSA-2008:0617", "type": "redhat", "title": "(RHSA-2008:0617) Moderate: vim security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:31:50", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4101", "CVE-2008-6235"], "description": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2017-09-08T12:06:57", "published": "2008-11-25T05:00:00", "id": "RHSA-2008:0580", "href": "https://access.redhat.com/errata/RHSA-2008:0580", "type": "redhat", "title": "(RHSA-2008:0580) Moderate: vim security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:24:38", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4101", "CVE-2008-2712"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0618-01\n\n\nVim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027482.html\n\n**Affected packages:**\nvim-X11\nvim-common\nvim-enhanced\nvim-minimal\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 5, "modified": "2008-11-25T23:40:39", "published": "2008-11-25T23:40:39", "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/027482.html", "id": "CESA-2008:0618-01", "title": "vim security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:24", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2953", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-2712"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0617\n\n\nVim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nA heap-based overflow flaw was discovered in Vim's expansion of file name\npatterns with shell wildcards. An attacker could create a specially-crafted\nfile or directory name that, when opened by Vim, caused the application to\ncrash or, possibly, execute arbitrary code. (CVE-2008-3432)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027476.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027477.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027478.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027479.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027480.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027487.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027495.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027496.html\n\n**Affected packages:**\nvim\nvim-X11\nvim-common\nvim-enhanced\nvim-minimal\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0617.html", "edition": 4, "modified": "2008-11-26T22:58:49", "published": "2008-11-25T16:56:47", "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/027476.html", "id": "CESA-2008:0617", "title": "vim security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:28:43", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4101", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0580\n\n\nVim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027491.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027492.html\n\n**Affected packages:**\nvim\nvim-X11\nvim-common\nvim-enhanced\nvim-minimal\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0580.html", "edition": 5, "modified": "2008-11-26T22:22:42", "published": "2008-11-26T22:22:41", "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/027491.html", "id": "CESA-2008:0580", "title": "vim security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:21:29", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4101", "CVE-2008-2712"], "description": "Norbert Tretkowski uploaded new packages for vim which fixed the\nfollowing security problems:\n\nCVE-2008-4101, Debian Bug #500381\n\n Vim 3.0 through 7.x before 7.2.010 does not properly escape\n characters, which allows user-assisted attackers to (1) execute\n arbitrary shell commands by entering a K keystroke on a line that\n contains a ";" (semicolon) followed by a command, or execute arbitrary\n Ex commands by entering an argument after a (2) "Ctrl-]" (control\n close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke\n sequence, a different issue than CVE-2008-2712.\n\nFor the etch-backports distribution the problems have been fixed in\nversion 1:7.1.314-3+lenny2~bpo40+2.\n\nFor the lenny distribution the problems have been fixed in version\n1:7.1.314-3+lenny2.\n\nFor the sid distribution the problems have been fixed in version\n2:7.2.049-1.\n\nUpgrade instructions\n--------------------\n\nIf you don't use pinning (see [1]) you have to update the packages\nmanually via "apt-get -t etch-backports install <packagelist>" with the\npackagelist of your installed packages affected by this update.\n[1] <http://backports.org/dokuwiki/doku.php?id=instructions>\n\nWe recommend to pin the backports repository to 200 so that new versions\nof installed backports will be installed automatically:\n\n Package: *\n Pin: release a=etch-backports\n Pin-Priority: 200\n", "edition": 3, "modified": "2008-11-29T10:05:18", "published": "2008-11-29T10:05:18", "id": "DEBIAN:39911521BDD8B510D11191B007C5C80B:928A4", "href": "https://lists.debian.org/debian-backports-announce/2008/debian-backports-announce-200811/msg00004.html", "title": "[Backports-security-announce] Security Update for vim", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:22:06", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4104", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1733 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nMarch 03, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : vim\nVulnerability : several vulnerabilities\nProblem type : local (remote)\nDebian-specific: no\nCVE Ids : CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-3076\n CVE-2008-4104\nDebian Bugs : 486502 506919\n\nSeveral vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2008-2712\n\n Jan Minar discovered that vim did not properly sanitise inputs\n before invoking the execute or system functions inside vim\n scripts. This could lead to the execution of arbitrary code.\n\nCVE-2008-3074\n\n Jan Minar discovered that the tar plugin of vim did not properly\n sanitise the filenames in the tar archive or the name of the\n archive file itself, making it prone to arbitrary code execution.\n\nCVE-2008-3075\n\n Jan Minar discovered that the zip plugin of vim did not properly\n sanitise the filenames in the zip archive or the name of the\n archive file itself, making it prone to arbitrary code execution.\n\nCVE-2008-3076\n\n Jan Minar discovered that the netrw plugin of vim did not properly\n sanitise the filenames or directory names it is given. This could\n lead to the execution of arbitrary code.\n\nCVE-2008-4101\n\n Ben Schmidt discovered that vim did not properly escape characters\n when performing keyword or tag lookups. This could lead to the\n execution of arbitrary code.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1:7.1.314-3+lenny1, which was already included in the lenny\nrelease.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 1:7.0-122+1etch4.\n\nFor the testing distribution (squeeze), these problems have been fixed\nin version 1:7.1.314-3+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:7.2.010-1.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0.orig.tar.gz\n Size/MD5 checksum: 8457888 9ba05680b0719462f653e82720599f32\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.diff.gz\n Size/MD5 checksum: 309257 3fb68c04086cf384e9a0be519a0faa6d\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.dsc\n Size/MD5 checksum: 1445 f49da047b6b5836abfe2d7d93d30d11d\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/v/vim/vim-gui-common_7.0-122+1etch5_all.deb\n Size/MD5 checksum: 166080 77259d158e96c1406dba1f1b4b47a2d2\n http://security.debian.org/pool/updates/main/v/vim/vim-runtime_7.0-122+1etch5_all.deb\n Size/MD5 checksum: 6436142 3e7fee588474fbc9ad1110ae78cdffb5\n http://security.debian.org/pool/updates/main/v/vim/vim-doc_7.0-122+1etch5_all.deb\n Size/MD5 checksum: 2048224 d5005e3efc24d3d7bd3d6a9c7b01cc42\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1072856 8193230db603c1254188fc2013288c55\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1158448 6ceb30fd5932d2945b962dee13d4f4cf\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 925404 23d8b9608aaf47fe3a651aedd3b3c3ce\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 205362 0c7fb486c98a609ac9185c2a794c4ef8\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1065236 90a42e55852d6450cbd79b10a2dd9582\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1080626 973d5e77cf259e3025fb73d9e5734e51\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1124104 59ef34ed09e3f8e1d2d01c7a419dd15f\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 681132 4dd97b0d70f400ce31e75a7c005103fc\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1069628 9a8757df139e529a7f04edaa015c0db4\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1118000 5553bc93d68daa7010bd2b439603a805\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_alpha.deb\n Size/MD5 checksum: 1129778 7c68287a63f92c85bbe7c451e0cd79db\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 970296 adb9326145046a8517f29430d9185356\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 1024798 474fc78e7e8d1baefbfbbb3b803c4593\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 615478 70ac9e55bb99b0e1b5d22f105e099ce0\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 1019868 97ecb9505f3497309aeff9c821da7451\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 1029122 0b446946ede11c6bd0acca6c701f7043\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 961786 6d0d2f78b0111b1b996fabec5b697230\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 835050 3cfcc7270baad54009293a3aacb1587a\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 972692 71f4f5e25b0962058740ba4d718b7ee0\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 203924 5c46591877f80de331011eb2fc8922e2\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 1055448 750e596ed6bf61bd0c369834577d0760\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_amd64.deb\n Size/MD5 checksum: 977848 70898b3a8793165593e2279df412847d\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 880468 e49632c4a2368c7caf5321e1d501f5d2\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 959492 8f06863583aa9d8de9e0bae69bdb22ec\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 194216 9f1a19f592d16ee5984e70309fd3046e\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 936934 a32d6e6c4c655469db40537d5e67ed46\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 925570 7ec6e1bd4de8d545fdd452b630ef4200\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 875960 d40a82f95a046771e12158c715394b44\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 548658 b65534d4f507d17343338b209fb4a7ef\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 930386 db9786b5c368e0f7d0c85137720ac265\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 885960 f0a44d7da770bc2c28dd18ac48fcc5f0\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 878132 8afa2754690619255e62c685ecbd7384\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_arm.deb\n Size/MD5 checksum: 756278 7d66f29205b21154a9ef1a4cd544b2f1\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 918284 2dbb674af6d8fb2906bd7ed6fec1dd95\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 215990 07fc4b6106d1316c92338aa5c5645a2f\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 540652 9c15ac5b85c605011d1b0ab4b13b0269\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 947842 cd7147610def6f6aebfc8ddd14a1f7ed\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 914094 0273374e2bba8706ac12ee449c1835e3\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 866124 00dd2547963789615b71b0f0fb291eb9\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 868326 3f04461e4f0414368fe60e0f4085d28c\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 873570 dae9ebb6f4e2cd0c3d82e5e547dd1957\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 860292 467ce64f0171f10ac4149e5716f651da\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 745560 ade89928c860c4990ec6e202a294f0c8\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_i386.deb\n Size/MD5 checksum: 924858 1942cedccbe124303b4ad0f7c650f0c6\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1591938 aaa5a72cfdacb3c3d2574390902bcfa2\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1523258 08f9a82ec68f452e1701f11b9c20d0e3\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1530006 9b77cd0ec49c8519d0c1af0914092260\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1538210 3dbde934956291182e5bf61157a80b44\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1575130 e328ca048ee883dba500128a2a06fc88\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1525510 e3736c90e105fa354c691546bec3922b\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1325622 693a3412efd63e8ac0d975b4fcae3ac5\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1627904 90ca86e74caf9c0367c20b32eb9d42b3\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 970874 2dccfb8e2287cd9e6285545e43dac87a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1585804 06a43c2668bf468ffe521880cc497518\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 184650 516d8eddce4e6628e8b6ee32f55ce2aa\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1061694 a2e9b2bc8f31cf878805dbc1babd4074\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1027336 d86f7c3fab9143c1c93d82b3762f8c0d\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 215734 c23239c8579e53a4277325a048567e75\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1021942 d75231c3c7950785df8f52680e28c956\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1029478 e74670d4918287fb3d05436419b7f5a9\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1037498 ac41c65a077d84f0f5405356d0b52ef1\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 654740 994339f109e5db97079633b5249bd8d2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1034390 2c4337c763ea13a11e13b711c25313b5\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1033336 eb70a508dd3a9f30f31a87c4a2266959\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1024984 8d99fbb2712f791c3a0989929cf3f0a4\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 884306 7aeb2418d5366493e09306cb0dff0080\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 884962 b58372db99660ff0e4f547b3c66335e2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1034202 0622c0fac8ee51c7dd403a2d3a709f1f\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1024616 fa6a91224476aadab8e9086031c93843\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 655488 9ecdf0e56665da0aff429e23e9c0cb85\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1061362 accba14e8f0043ef3a0b9be85ae481cd\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 181736 5ba79db87623562481162cbac53ec2b6\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1037954 28979a474d512ec1abfb33a598b524c7\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1026874 5c10e35e281ec28eecc36b8fa80ef0d7\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1032800 75be0356398f5a88e836eafccdf11154\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1029056 0a13b0913667d03e2d3875611498c54c\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1022658 18d03119dc62eaca237a2513cba2c0ca\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 996154 f3c3d5660dd3e5e7fdb325a1f9ee80f3\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 1019842 f626233054124e014d335722e6b7b1f5\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 592366 e4bd0cbf615c36476bff4979d0987393\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 936024 be64d238a9cbf4d938999472026fde89\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 808854 7dfff56d11567d2dabafa290618b5e18\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 990262 6114d3fcd53521a8c2cd317d586b6fcd\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 933488 503e433ae6fd737f2b3ae48698e8e671\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 985094 28babdde5091f90ae7b64f6e33c6c50f\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 943596 3beb1be6cde901814742b33ee4973142\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 181648 b71e88d76eacbfa861c24c6c21881f66\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 938174 3a729f2922d8e84b222947a18bc6ace3\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1023236 1ee38cca410e5bd069a72a325fd8147e\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1019258 e1f6cae1e293d3cb212ff17dd7beb264\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1049408 4b1f42bb092f9dd62d7324e430a1a88e\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 825560 2b8b69171c45094c184e357b1a6a7336\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 955228 ceea2d07ea609414724aeedae57a3a0a\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 965878 824e5bfdcc9a8ed7ee54e4553c9461f8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 971822 194d010d7aea2f2c47075b6f205de0c1\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 963294 a7636d870a3bc1de7fc8248d35c74cf3\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 610092 6762beafb4e7376087c4f8962d1521f6\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 181488 00d25451b3c22213bf5eb807a6d4a75f\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1013748 598ccccd6f90df0ca7bedd5ec1d136c7\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 881430 2688537934012af957695fea329b48a1\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 545376 1ea2967048cd369cc870441f5caeb1b1\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 867886 f663757c3929af6b241a91efa07a626a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 928250 9c0199efd36a47c6d05861af5e04ff02\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 874108 4d351161d497905352ac6ef1dcabfc9e\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 934390 2151ef35c9424c90850c579f90effce4\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 874100 c05ccf6f4ffb15037cfd794647848617\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 204512 1e3590447f3f0804e9fe27ea61959b31\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 876370 1782507a950cbb17519d768f5655278a\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 751910 582313f03a36980fab96074ee218c0eb\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 952632 31875cb1a0037cf8923e7eda269ead80\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\nze/MD5 checksum: 970874 2dccfb8e2287cd9e6285545e43dac87a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 1585804 06a43c2668bf468ffe521880cc497518\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_ia64.deb\n Size/MD5 checksum: 184650 516d8eddce4e6628e8b6ee32f55ce2aa\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1061694 a2e9b2bc8f31cf878805dbc1babd4074\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1027336 d86f7c3fab9143c1c93d82b3762f8c0d\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 215734 c23239c8579e53a4277325a048567e75\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1021942 d75231c3c7950785df8f52680e28c956\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1029478 e74670d4918287fb3d05436419b7f5a9\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1037498 ac41c65a077d84f0f5405356d0b52ef1\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 654740 994339f109e5db97079633b5249bd8d2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1034390 2c4337c763ea13a11e13b711c25313b5\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1033336 eb70a508dd3a9f30f31a87c4a2266959\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 1024984 8d99fbb2712f791c3a0989929cf3f0a4\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mips.deb\n Size/MD5 checksum: 884306 7aeb2418d5366493e09306cb0dff0080\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 884962 b58372db99660ff0e4f547b3c66335e2\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1034202 0622c0fac8ee51c7dd403a2d3a709f1f\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1024616 fa6a91224476aadab8e9086031c93843\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 655488 9ecdf0e56665da0aff429e23e9c0cb85\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1061362 accba14e8f0043ef3a0b9be85ae481cd\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 181736 5ba79db87623562481162cbac53ec2b6\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1037954 28979a474d512ec1abfb33a598b524c7\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1026874 5c10e35e281ec28eecc36b8fa80ef0d7\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1032800 75be0356398f5a88e836eafccdf11154\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1029056 0a13b0913667d03e2d3875611498c54c\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mipsel.deb\n Size/MD5 checksum: 1022658 18d03119dc62eaca237a2513cba2c0ca\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 996154 f3c3d5660dd3e5e7fdb325a1f9ee80f3\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 1019842 f626233054124e014d335722e6b7b1f5\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 592366 e4bd0cbf615c36476bff4979d0987393\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 936024 be64d238a9cbf4d938999472026fde89\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 808854 7dfff56d11567d2dabafa290618b5e18\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 990262 6114d3fcd53521a8c2cd317d586b6fcd\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 933488 503e433ae6fd737f2b3ae48698e8e671\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 985094 28babdde5091f90ae7b64f6e33c6c50f\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 943596 3beb1be6cde901814742b33ee4973142\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 181648 b71e88d76eacbfa861c24c6c21881f66\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_powerpc.deb\n Size/MD5 checksum: 938174 3a729f2922d8e84b222947a18bc6ace3\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1023236 1ee38cca410e5bd069a72a325fd8147e\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1019258 e1f6cae1e293d3cb212ff17dd7beb264\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1049408 4b1f42bb092f9dd62d7324e430a1a88e\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 825560 2b8b69171c45094c184e357b1a6a7336\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 955228 ceea2d07ea609414724aeedae57a3a0a\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 965878 824e5bfdcc9a8ed7ee54e4553c9461f8\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 971822 194d010d7aea2f2c47075b6f205de0c1\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 963294 a7636d870a3bc1de7fc8248d35c74cf3\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 610092 6762beafb4e7376087c4f8962d1521f6\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 181488 00d25451b3c22213bf5eb807a6d4a75f\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_s390.deb\n Size/MD5 checksum: 1013748 598ccccd6f90df0ca7bedd5ec1d136c7\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 881430 2688537934012af957695fea329b48a1\n http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 545376 1ea2967048cd369cc870441f5caeb1b1\n http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 867886 f663757c3929af6b241a91efa07a626a\n http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 928250 9c0199efd36a47c6d05861af5e04ff02\n http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 874108 4d351161d497905352ac6ef1dcabfc9e\n http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 934390 2151ef35c9424c90850c579f90effce4\n http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 874100 c05ccf6f4ffb15037cfd794647848617\n http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 204512 1e3590447f3f0804e9fe27ea61959b31\n http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 876370 1782507a950cbb17519d768f5655278a\n http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 751910 582313f03a36980fab96074ee218c0eb\n http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_sparc.deb\n Size/MD5 checksum: 952632 31875cb1a0037cf8923e7eda269ead80\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 7, "modified": "2009-03-03T08:35:17", "published": "2009-03-03T08:35:17", "id": "DEBIAN:DSA-1733-1:0AD7D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00043.html", "title": "[SECURITY] [DSA 1733-1] New vim packages fix multiple vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:34:47", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4101", "CVE-2008-2712"], "description": "Jan Minar discovered that Vim did not properly sanitize inputs before invoking \nthe execute or system functions inside Vim scripts. If a user were tricked \ninto running Vim scripts with a specially crafted input, an attacker could \nexecute arbitrary code with the privileges of the user invoking the program. \n(CVE-2008-2712)\n\nBen Schmidt discovered that Vim did not properly escape characters when \nperforming keyword or tag lookups. If a user were tricked into running specially \ncrafted commands, an attacker could execute arbitrary code with the privileges \nof the user invoking the program. (CVE-2008-4101)", "edition": 5, "modified": "2009-01-27T00:00:00", "published": "2009-01-27T00:00:00", "id": "USN-712-1", "href": "https://ubuntu.com/security/notices/USN-712-1", "title": "Vim vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:38", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2953", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-2712"], "description": "[6.3.046-1.el4_7.5z ]\n- remove duplicate vimtutor manpage\n[6.3.046-1.el4_7.4z ]\n- fix netrw\n[6.3.046-1.el4_7.3z ]\n- add fix for CVE-2008-4101\n[6.3.046-1.el4_6.2z]\n- don't add empty line when editing files with netrw\n[6.3.046-1.el4_6.1z]\n- fix erroneous quoting in CVE-2008-2712 patch\n[6.3.046-1.el4_6.z]\n- add fix for CVE-2007-2953\n- add fixes for CVE-2008-2712\n- add fix for incorrect computation of memory requirements for buffer", "edition": 4, "modified": "2008-11-25T00:00:00", "published": "2008-11-25T00:00:00", "id": "ELSA-2008-0617", "href": "http://linux.oracle.com/errata/ELSA-2008-0617.html", "title": "vim security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:00", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4101", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712"], "description": "[7.0.109-4.4z]\n- fix netrw\n[7.0.109-4.3z]\n- fixes CVE-2008-3074 (tar plugin)\n- fixes CVE-2008-3075 (zip plugin)\n- fixes CVE-2008-3076 (netrw plugin)\n- fixes CVE-2008-4101 (keyword and tag lookup)\n[7.0.109-4.2z]\n- fix some issues with netrw and remote file editing caused by\n the CVE-2008-2712 patch\n[7.0.109-4.1z]\n- more fixes for CVE-2008-2712\n[7.0.109-4.z]\n- fix release\n[7.0.109-3.1z]\n- rebuild for z stream\n[7.0.109-3.6]\n- re-enable debuginfo\n[7.0.109-3.5]\n- update netrw files for CVE-2008-2712\n[7.0.109-3.4]\n- add fixes for CVE-2007-2953 and CVE-2008-2712", "edition": 4, "modified": "2008-11-25T00:00:00", "published": "2008-11-25T00:00:00", "id": "ELSA-2008-0580", "href": "http://linux.oracle.com/errata/ELSA-2008-0580.html", "title": "vim security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "vmware": [{"lastseen": "2019-11-06T16:05:50", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2953", "CVE-2008-5077", "CVE-2008-3432", "CVE-2008-4101", "CVE-2009-0025", "CVE-2008-2712"], "description": "a. Updated OpenSSL package for the Service Console fixes a security issue. \nOpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue. \nThe following table lists what action remediates the vulnerability (column 4) if a solution is available. \n\n", "edition": 4, "modified": "2010-01-06T00:00:00", "published": "2009-03-31T00:00:00", "id": "VMSA-2009-0004", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0004.html", "title": "ESX Service Console updates for openssl, bind, and vim", "type": "vmware", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T23:08:12", "bulletinFamily": "info", "cvelist": ["CVE-2003-0063", "CVE-2006-1329", "CVE-2008-0564", "CVE-2008-0888", "CVE-2008-2712", "CVE-2008-4101", "CVE-2008-4456", "CVE-2008-5302", "CVE-2008-5303", "CVE-2008-5515", "CVE-2008-7247", "CVE-2009-0033", "CVE-2009-0037", "CVE-2009-0316", "CVE-2009-0580", "CVE-2009-0688", "CVE-2009-0689", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-1904", "CVE-2009-2042", "CVE-2009-2417", "CVE-2009-2422", "CVE-2009-2446", "CVE-2009-2632", "CVE-2009-2693", "CVE-2009-2801", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-2906", "CVE-2009-3009", "CVE-2009-3095", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-3559", "CVE-2009-4017", "CVE-2009-4019", "CVE-2009-4030", "CVE-2009-4142", "CVE-2009-4143", "CVE-2009-4214", "CVE-2010-0041", "CVE-2010-0042", "CVE-2010-0043", "CVE-2010-0055", "CVE-2010-0056", "CVE-2010-0057", "CVE-2010-0058", "CVE-2010-0059", "CVE-2010-0060", "CVE-2010-0062", "CVE-2010-0063", "CVE-2010-0064", "CVE-2010-0065", "CVE-2010-0393", "CVE-2010-0497", "CVE-2010-0498", "CVE-2010-0500", "CVE-2010-0501", "CVE-2010-0502", "CVE-2010-0503", "CVE-2010-0504", "CVE-2010-0505", "CVE-2010-0506", "CVE-2010-0507", "CVE-2010-0508", "CVE-2010-0509", "CVE-2010-0510", "CVE-2010-0511", "CVE-2010-0512", "CVE-2010-0513", "CVE-2010-0514", "CVE-2010-0515", "CVE-2010-0516", "CVE-2010-0517", "CVE-2010-0518", "CVE-2010-0519", "CVE-2010-0520", "CVE-2010-0521", "CVE-2010-0522", "CVE-2010-0523", "CVE-2010-0524", "CVE-2010-0525", "CVE-2010-0526", "CVE-2010-0533", "CVE-2010-0534", "CVE-2010-0535", "CVE-2010-0537"], "description": "Apple Mega Patch Covers 88 Mac OS X Vulnerabilities\n\nApple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping with fixes for 88 documented vulnerabilities.\n\nThe Mac OS X v10.6.3 update, which is considered \u201ccritical,\u201d covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.\n\nSecurity Update 2010-002 / Mac OS X v10.6.3 is now available and\n\naddresses the following:\n\nAppKit\n\nCVE-ID: CVE-2010-0056\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Spell checking a maliciously crafted document may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the spell checking feature\n\nused by Cocoa applications. Spell checking a maliciously crafted\n\ndocument may lead to an unexpected application termination or\n\narbitrary code execution. This issue is addressed through improved\n\nbounds checking. This issue does not affect Mac OS X v10.6 systems.\n\nCredit: Apple.\n\nApplication Firewall\n\nCVE-ID: CVE-2009-2801\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Certain rules in the Application Firewall may become\n\ninactive after restart\n\nDescription: A timing issue in the Application Firewall may cause\n\ncertain rules to become inactive after reboot. The issue is addressed\n\nthrough improved handling of Firewall rules. This issue does not\n\naffect Mac OS X v10.6 systems. Credit to Michael Kisor of\n\nOrganicOrb.com for reporting this issue.\n\nAFP Server\n\nCVE-ID: CVE-2010-0057\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: When guest access is disabled, a remote user may be able to\n\nmount AFP shares as a guest\n\nDescription: An access control issue in AFP Server may allow a\n\nremote user to mount AFP shares as a guest, even if guest access is\n\ndisabled. This issue is addressed through improved access control\n\nchecks. Credit: Apple.\n\nAFP Server\n\nCVE-ID: CVE-2010-0533\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote user with guest access to an AFP share may access\n\nthe contents of world-readable files outside the Public share\n\nDescription: A directory traversal issue exists in the path\n\nvalidation for AFP shares. A remote user may enumerate the parent\n\ndirectory of the share root, and read or write files within that\n\ndirectory that are accessible to the \u2018nobody\u2019 user. This issue is\n\naddressed through improved handling of file paths. Credit to Patrik\n\nKarlsson of cqure.net for reporting this issue.\n\nApache\n\nCVE-ID: CVE-2009-3095\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to bypass access control\n\nrestrictions\n\nDescription: An input validation issue exists in Apache\u2019s handling\n\nof proxied FTP requests. A remote attacker with the ability to issue\n\nrequests through the proxy may be able to bypass access control\n\nrestrictions specified in the Apache configuration. This issue is\n\naddressed by updating Apache to version 2.2.14.\n\nClamAV\n\nCVE-ID: CVE-2010-0058\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: ClamAV virus definitions may not receive updates\n\nDescription: A configuration issue introduced in Security Update\n\n2009-005 prevents freshclam from running. This may prevent virus\n\ndefinitions from being updated. This issue is addressed by updating\n\nfreshclam\u2019s launchd plist ProgramArguments key values. This issue\n\ndoes not affect Mac OS X v10.6 systems. Credit to Bayard Bell, Wil\n\nShipley of Delicious Monster, and David Ferrero of Zion Software, LLC\n\nfor reporting this issue.\n\nCoreAudio\n\nCVE-ID: CVE-2010-0059\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Playing maliciously crafted audio content may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nQDM2 encoded audio content. Playing maliciously crafted audio content\n\nmay lead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nCoreAudio\n\nCVE-ID: CVE-2010-0060\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Playing maliciously crafted audio content may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nQDMC encoded audio content. Playing maliciously crafted audio content\n\nmay lead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nCoreMedia\n\nCVE-ID: CVE-2010-0062\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in CoreMedia\u2019s handling\n\nof H.263 encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of H.263 encoded movie files. Credit to Damian Put working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nCoreTypes\n\nCVE-ID: CVE-2010-0063\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Users are not warned before opening certain potentially\n\nunsafe content types\n\nDescription: This update adds .ibplugin and .url to the system\u2019s\n\nlist of content types that will be flagged as potentially unsafe\n\nunder certain circumstances, such as when they are downloaded from a\n\nweb page. While these content types are not automatically launched,\n\nif manually opened they could lead to the execution of a malicious\n\nJavaScript payload or arbitrary code execution. This update improves\n\nthe system\u2019s ability to notify users before handling content types\n\nused by Safari. Credit to Clint Ruoho of Laconic Security for\n\nreporting this issue.\n\nCUPS\n\nCVE-ID: CVE-2010-0393\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may be able to obtain system privileges\n\nDescription: A format string issue exists in the lppasswd CUPS\n\nutility. This may allow a local user to obtain system privileges. Mac\n\nOS X v10.6 systems are only affected if the setuid bit has been set\n\non the binary. This issue is addressed by using default directories\n\nwhen running as a setuid process. Credit to Ronald Volgers for\n\nreporting this issue.\n\ncurl\n\nCVE-ID: CVE-2009-2417\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A man-in-the-middle attacker may be able to impersonate a\n\ntrusted server\n\nDescription: A canonicalization issue exists in curl\u2019s handling of\n\nNULL characters in the subject\u2019s Common Name (CN) field of X.509\n\ncertificates. This may lead to man-in-the-middle attacks against\n\nusers of the curl command line tool, or applications using libcurl.\n\nThis issue is addressed through improved handling of NULL characters.\n\ncurl\n\nCVE-ID: CVE-2009-0037\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Using curl with -L may allow a remote attacker to read or\n\nwrite local files\n\nDescription: curl will follow HTTP and HTTPS redirects when used\n\nwith the -L option. When curl follows a redirect, it allows file://\n\nURLs. This may allow a remote attacker to access local files. This\n\nissue is addressed through improved validation of redirects. This\n\nissue does not affect Mac OS X v10.6 systems. Credit to Daniel\n\nStenberg of Haxx AB for reporting this issue.\n\nCyrus IMAP\n\nCVE-ID: CVE-2009-2632\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: A local user may be able to obtain the privileges of the\n\nCyrus user\n\nDescription: A buffer overflow exists in the handling of sieve\n\nscripts. By running a maliciously crafted sieve script, a local user\n\nmay be able to obtain the privileges of the Cyrus user. This issue is\n\naddressed through improved bounds checking. This issue does not\n\naffect Mac OS X v10.6 systems.\n\nCyrus SASL\n\nCVE-ID: CVE-2009-0688\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: An unauthenticated remote attacker may cause unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the Cyrus SASL\n\nauthentication module. Using Cyrus SASL authentication may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. This issue does\n\nnot affect Mac OS X v10.6 systems.\n\nDesktopServices\n\nCVE-ID: CVE-2010-0064\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Items copied in the Finder may be assigned an unexpected\n\nfile owner\n\nDescription: When performing an authenticated copy in the Finder,\n\noriginal file ownership may be unexpectedly copied. This update\n\naddresses the issue by ensuring that copied files are owned by the\n\nuser performing the copy. This issue does not affect systems prior to\n\nMac OS X v10.6. Credit to Gerrit DeWitt of Auburn University (Auburn,\n\nAL) for reporting this issue.\n\nDesktopServices\n\nCVE-ID: CVE-2010-0537\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may gain access to user data via a multi-\n\nstage attack\n\nDescription: A path resolution issue in DesktopServices is\n\nvulnerable to a multi-stage attack. A remote attacker must first\n\nentice the user to mount an arbitrarily named share, which may be\n\ndone via a URL scheme. When saving a file using the default save\n\npanel in any application, and using \u201cGo to folder\u201d or dragging\n\nfolders to the save panel, the data may be unexpectedly saved to the\n\nmalicious share. This issue is addressed through improved path\n\nresolution. This issue does not affect systems prior to Mac OS X\n\nv10.6. Credit to Sidney San Martin working with DeepTech, Inc. for\n\nreporting this issue.\n\nDisk Images\n\nCVE-ID: CVE-2010-0065\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mounting a maliciously crafted disk image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nbzip2 compressed disk images. Mounting a maliciously crafted disk\n\nimage may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed through improved bounds\n\nchecking. Credit: Apple.\n\nDisk Images\n\nCVE-ID: CVE-2010-0497\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mounting a maliciously crafted disk image may lead to\n\narbitrary code execution\n\nDescription: A design issue exists in the handling of internet\n\nenabled disk images. Mounting an internet enabled disk image\n\ncontaining a package file type will open it rather than revealing it\n\nin the Finder. This file quarantine feature helps to mitigate this\n\nissue by providing a warning dialog for unsafe file types. This issue\n\nis addressed through improved handling of package file types on\n\ninternet enabled disk images. Credit to Brian Mastenbrook working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nDirectory Services\n\nCVE-ID: CVE-2010-0498\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may obtain system privileges\n\nDescription: An authorization issue in Directory Services\u2019 handling\n\nof record names may allow a local user to obtain system privileges.\n\nThis issue is addressed through improved authorization checks.\n\nCredit: Apple.\n\nDovecot\n\nCVE-ID: CVE-2010-0535\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may be able to send and receive mail\n\neven if the user is not on the SACL of users who are permitted to do\n\nso\n\nDescription: An access control issue exists in Dovecot when Kerberos\n\nauthentication is enabled. This may allow an authenticated user to\n\nsend and receive mail even if the user is not on the service access\n\ncontrol list (SACL) of users who are permitted to do so. This issue\n\nis addressed through improved access control checks. This issue does\n\nnot affect systems prior to Mac OS X v10.6.\n\nEvent Monitor\n\nCVE-ID: CVE-2010-0500\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may cause arbitrary systems to be added to\n\nthe firewall blacklist\n\nDescription: A reverse DNS lookup is performed on remote ssh clients\n\nthat fail to authenticate. A plist injection issue exists in the\n\nhandling of resolved DNS names. This may allow a remote attacker to\n\ncause arbitrary systems to be added to the firewall blacklist. This\n\nissue is addressed by properly escaping resolved DNS names. Credit:\n\nApple.\n\nFreeRADIUS\n\nCVE-ID: CVE-2010-0524\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may obtain access to a network via RADIUS\n\nauthentication\n\nDescription: A certificate authentication issue exists in the\n\ndefault Mac OS X configuration of the FreeRADIUS server. A remote\n\nattacker may use EAP-TLS with an arbitrary valid certificate to\n\nauthenticate and connect to a network configured to use FreeRADIUS\n\nfor authentication. This issue is addressed by disabling support for\n\nEAP-TLS in the configuration. RADIUS clients should use EAP-TTLS\n\ninstead. This issue only affects Mac OS X Server systems. Credit to\n\nChris Linstruth of Qnet for reporting this issue.\n\nFTP Server\n\nCVE-ID: CVE-2010-0501\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Users may be able to retrieve files outside the FTP root\n\ndirectory\n\nDescription: A directory traversal issue exists in FTP Server. This\n\nmay allow a user to retrieve files outside the FTP root directory.\n\nThis issue is addressed through improved handling of file names. This\n\nissue only affects Mac OS X Server systems. Credit: Apple.\n\niChat Server\n\nCVE-ID: CVE-2006-1329\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An implementation issue exists in jabberd\u2019s handling of\n\nSASL negotiation. A remote attacker may be able to terminate the\n\noperation of jabberd. This issue is addressed through improved\n\nhandling of SASL negotiation. This issue only affects Mac OS X Server\n\nsystems.\n\niChat Server\n\nCVE-ID: CVE-2010-0502\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Chat messages may not be logged\n\nDescription: A design issue exists in iChat Server\u2019s support for\n\nconfigurable group chat logging. iChat Server only logs messages with\n\ncertain message types. This may allow a remote user to send a message\n\nthrough the server without it being logged. The issue is addressed by\n\nremoving the capability to disable group chat logs, and logging all\n\nmessages that are sent through the server. This issue only affects\n\nMac OS X Server systems. Credit: Apple.\n\niChat Server\n\nCVE-ID: CVE-2010-0503\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A use-after-free issue exists in iChat Server. An\n\nauthenticated user may be able to cause an unexpected application\n\ntermination or arbitrary code execution. This issue is addressed\n\nthrough improved memory reference tracking. This issue only affects\n\nMac OS X Server systems, and does not affect versions 10.6 or later.\n\niChat Server\n\nCVE-ID: CVE-2010-0504\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: Multiple stack buffer overflow issues exist in iChat\n\nServer. An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution. These issues are\n\naddressed through improved memory management. These issues only\n\naffect Mac OS X Server systems. Credit: Apple.\n\nImageIO\n\nCVE-ID: CVE-2010-0505\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted JP2 image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of JP2\n\nimages. Viewing a maliciously crafted JP2 image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. Credit to Chris\n\nRies of Carnegie Mellon University Computing Service, and researcher\n\n\u201c85319bb6e6ab398b334509c50afce5259d42756e\u201d working with\n\nTippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0041\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Visiting a maliciously crafted website may result in sending\n\ndata from Safari\u2019s memory to the website\n\nDescription: An uninitialized memory access issue exists in\n\nImageIO\u2019s handling of BMP images. Visiting a maliciously crafted\n\nwebsite may result in sending data from Safari\u2019s memory to the\n\nwebsite. This issue is addressed through improved memory\n\ninitialization and additional validation of BMP images. Credit to\n\nMatthew \u2018j00ru\u2019 Jurczyk of Hispasec for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0042\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Visiting a maliciously crafted website may result in sending\n\ndata from Safari\u2019s memory to the website\n\nDescription: An uninitialized memory access issue exists in\n\nImageIO\u2019s handling of TIFF images. Visiting a maliciously crafted\n\nwebsite may result in sending data from Safari\u2019s memory to the\n\nwebsite. This issue is addressed through improved memory\n\ninitialization and additional validation of TIFF images. Credit to\n\nMatthew \u2018j00ru\u2019 Jurczyk of Hispasec for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0043\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Processing a maliciously crafted TIFF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nTIFF images. Processing a maliciously crafted TIFF image may lead to\n\nan unexpected application termination or arbitrary code execution.\n\nThis issue is addressed through improved memory handling. This issue\n\ndoes not affect systems prior to Mac OS X v10.6. Credit to Gus\n\nMueller of Flying Meat for reporting this issue.\n\nImage RAW\n\nCVE-ID: CVE-2010-0506\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Viewing a maliciously crafted NEF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in Image RAW\u2019s handling of NEF\n\nimages. Viewing a maliciously crafted NEF image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. This issue does\n\nnot affect Mac OS X v10.6 systems. Credit: Apple.\n\nImage RAW\n\nCVE-ID: CVE-2010-0507\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted PEF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in Image RAW\u2019s handling of PEF\n\nimages. Viewing a maliciously crafted PEF image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. Credit to Chris\n\nRies of Carnegie Mellon University Computing Services for reporting\n\nthis issue.\n\nLibsystem\n\nCVE-ID: CVE-2009-0689\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Applications that convert untrusted data between binary\n\nfloating point and text may be vulnerable to an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the floating point binary\n\nto text conversion code within Libsystem. An attacker who can cause\n\nan application to convert a floating point value into a long string,\n\nor to parse a maliciously crafted string as a floating point value,\n\nmay be able to cause an unexpected application termination or\n\narbitrary code execution. This issue is addressed through improved\n\nbounds checking. Credit to Maksymilian Arciemowicz of\n\nSecurityReason.com for reporting this issue.\n\nMail\n\nCVE-ID: CVE-2010-0508\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Rules associated with a deleted mail account remain in\n\neffect\n\nDescription: When a mail account is deleted, user-defined filter\n\nrules associated with that account remain active. This may result in\n\nunexpected actions. This issue is addressed by disabling associated\n\nrules when a mail account is deleted.\n\nMail\n\nCVE-ID: CVE-2010-0525\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mail may use a weaker encryption key for outgoing email\n\nDescription: A logic issue exists in Mail\u2019s handling of encryption\n\ncertificates. When multiple certificates for the recipient exist in\n\nthe keychain, Mail may select an encryption key that is not intended\n\nfor encipherment. This may lead to a security issue if the chosen key\n\nis weaker than expected. This issue is addressed by ensuring that the\n\nkey usage extension within certificates is evaluated when selecting a\n\nmail encryption key. Credit to Paul Suh of ps Enable, Inc. for\n\nreporting this issue.\n\nMailman\n\nCVE-ID: CVE-2008-0564\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in Mailman 2.1.9\n\nDescription: Multiple cross-site scripting issues exist in Mailman\n\n2.1.9. These issues are addressed by updating Mailman to version\n\n2.1.13. Further information is available via the Mailman site at\n\nhttp://mail.python.org/pipermail/mailman-\n\nannounce/2009-January/000128.html These issues only affect Mac OS X\n\nServer systems, and do not affect versions 10.6 or later.\n\nMySQL\n\nCVE-ID: CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019,\n\nCVE-2009-4030\n\nAvailable for: Mac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in MySQL 5.0.82\n\nDescription: MySQL is updated to version 5.0.88 to address multiple\n\nvulnerabilities, the most serious of which may lead to arbitrary code\n\nexecution. These issues only affect Mac OS X Server systems. Further\n\ninformation is available via the MySQL web site at\n\nhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html\n\nOS Services\n\nCVE-ID: CVE-2010-0509\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may be able to obtain elevated privileges\n\nDescription: A privilege escalation issue exists in SFLServer, as it\n\nruns as group \u2018wheel\u2019 and accesses files in users\u2019 home directories.\n\nThis issue is addressed through improved privilege management. Credit\n\nto Kevin Finisterre of DigitalMunition for reporting this issue.\n\nPassword Server\n\nCVE-ID: CVE-2010-0510\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to log in with an outdated\n\npassword\n\nDescription: An implementation issue in Password Server\u2019s handling\n\nof replication may cause passwords to not be replicated. A remote\n\nattacker may be able to log in to a system using an outdated\n\npassword. This issue is addressed through improved handling of\n\npassword replication. This issue only affects Mac OS X Server\n\nsystems. Credit to Jack Johnson of Anchorage School District for\n\nreporting this issue.\n\nperl\n\nCVE-ID: CVE-2008-5302, CVE-2008-5303\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: A local user may cause arbitrary files to be deleted\n\nDescription: Multiple race condition issues exist in the rmtree\n\nfunction of the perl module File::Path. A local user with write\n\naccess to a directory that is being deleted may cause arbitrary files\n\nto be removed with the privileges of the perl process. This issue is\n\naddressed through improved handling of symbolic links. This issue\n\ndoes not affect Mac OS X v10.6 systems.\n\nPHP\n\nCVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4017\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in PHP 5.3.0\n\nDescription: PHP is updated to version 5.3.1 to address multiple\n\nvulnerabilities, the most serious of which may lead to arbitary code\n\nexecution. Further information is available via the PHP website at\n\nhttp://www.php.net/\n\nPHP\n\nCVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4142,\n\nCVE-2009-4143\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in PHP 5.2.11\n\nDescription: PHP is updated to version 5.2.12 to address multiple\n\nvulnerabilities, the most serious of which may lead to cross-site\n\nscripting. Further information is available via the PHP website at\n\nhttp://www.php.net/\n\nPodcast Producer\n\nCVE-ID: CVE-2010-0511\n\nAvailable for: Mac OS X Server v10.6 through v10.6.2\n\nImpact: An unauthorized user may be able to access a Podcast\n\nComposer workflow\n\nDescription: When a Podcast Composer workflow is overwritten, the\n\naccess restrictions are removed. This may allow an unauthorized user\n\nto access a Podcast Composer workflow. This issue is addressed\n\nthrough improved handling of workflow access restrictions. Podcast\n\nComposer was introduced in Mac OS X Server v10.6.\n\nPreferences\n\nCVE-ID: CVE-2010-0512\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A network user may be able to bypass system login\n\nrestrictions\n\nDescription: An implementation issue exists in the handling of\n\nsystem login restrictions for network accounts. If the network\n\naccounts allowed to log in to the system at the Login Window are\n\nidentified by group membership only, the restriction will not be\n\nenforced, and all network users will be allowed to log in to the\n\nsystem. The issue is addressed through improved group restriction\n\nmanagement in the Accounts preference pane. This issue only affects\n\nsystems configured to use a network account server, and does not\n\naffect systems prior to Mac OS X v10.6. Credit to Christopher D.\n\nGrieb of University of Michigan MSIS for reporting this issue.\n\nPS Normalizer\n\nCVE-ID: CVE-2010-0513\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted PostScript file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A stack buffer overflow exists in the handling of\n\nPostScript files. Viewing a maliciously crafted PostScript file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of PostScript files. On Mac OS X v10.6 systems this issue\n\nis mitigated by the -fstack-protector compiler flag. Credit: Apple.\n\nQuickTime\n\nCVE-ID: CVE-2010-0062\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in QuickTime\u2019s handling\n\nof H.263 encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of H.263 encoded movie files. Credit to Damian Put working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0514\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of H.261\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of H.261 encoded movie files. Credit to Will Dormann of\n\nthe CERT/CC for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0515\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption in the handling of H.264 encoded\n\nmovie files. Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed by performing additional validation of H.264\n\nencoded movie files.\n\nQuickTime\n\nCVE-ID: CVE-2010-0516\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow in the handling of RLE encoded\n\nmovie files. Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed by performing additional validation of RLE encoded\n\nmovie files. Credit to an anonymous researcher working with\n\nTippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0517\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow in the handling of M-JPEG\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of M-JPEG encoded movie files. Credit to Damian Put\n\nworking with TippingPoint\u2019s Zero Day Initiative for reporting this\n\nissue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0518\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nSorenson encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of Sorenson encoded movie files. Credit to Will Dormann of\n\nthe CERT/CC for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0519\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: An integer overflow exists in the handling of FlashPix\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0520\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of FLC\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of FLC encoded movie files. Credit to Moritz Jodeit of\n\nn.runs AG, working with TippingPoint\u2019s Zero Day Initiative, and\n\nNicols Joly of VUPEN Security for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0526\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted MPEG file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of MPEG\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of MPEG encoded movie files. Credit to an anonymous\n\nresearcher working with TippingPoint\u2019s Zero Day Initiative for\n\nreporting this issue.\n\nRuby\n\nCVE-ID: CVE-2009-2422, CVE-2009-3009, CVE-2009-4214\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple issues in Ruby on Rails\n\nDescription: Multiple vulnerabilities exist in Ruby on Rails, the\n\nmost serious of which may lead to cross-site scripting. On Mac OS X\n\nv10.6 systems, these issues are addressed by updating Ruby on Rails\n\nto version 2.3.5. Mac OS X v10.5 systems are affected only by\n\nCVE-2009-4214, and this issue is addressed through improved\n\nvalidation of arguments to strip_tags.\n\nRuby\n\nCVE-ID: CVE-2009-1904\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Running a Ruby script that uses untrusted input to\n\ninitialize a BigDecimal object may lead to an unexpected application\n\ntermination\n\nDescription: A stack exhaustion issue exists in Ruby\u2019s handling of\n\nBigDecimal objects with very large values. Running a Ruby script that\n\nuses untrusted input to initialize a BigDecimal object may lead to an\n\nunexpected application termination. For Mac OS X v10.6 systems, this\n\nissue is addressed by updating Ruby to version 1.8.7-p173. For Mac OS\n\nv10.5 systems, this issue is addressed by updating Ruby to version\n\n1.8.6-p369.\n\nServer Admin\n\nCVE-ID: CVE-2010-0521\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may extract information from Open\n\nDirectory\n\nDescription: A design issue exists in the handling of authenticated\n\ndirectory binding. A remote attacker may be able to anonymously\n\nextract information from Open Directory, even if the \u201cRequire\n\nauthenticated binding between directory and clients\u201d option is\n\nenabled. The issue is addressed by removing this configuration\n\noption. This issue only affects Mac OS X Server systems. Credit to\n\nScott Gruby of Gruby Solutions, and Mathias Haack of GRAVIS\n\nComputervertriebsgesellschaft mbH for reporting this issue.\n\nServer Admin\n\nCVE-ID: CVE-2010-0522\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: A former administrator may have unauthorized access to\n\nscreen sharing\n\nDescription: A user who is removed from the \u2018admin\u2019 group may still\n\nconnect to the server using screen sharing. This issue is addressed\n\nthrough improved handling of administrator privileges. This issue\n\nonly affects Mac OS X Server systems, and does not affect version\n\n10.6 or later. Credit: Apple.\n\nSMB\n\nCVE-ID: CVE-2009-2906\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An infinite loop issue exists in Samba\u2019s handling of\n\nSMB \u2018oplock\u2019 break notifications. A remote attacker may be able to\n\ntrigger an infinite loop in smbd, causing it to consume excessive CPU\n\nresources. The issue is addressed through improved handling of\n\n\u2018oplock\u2019 break notifications.\n\nTomcat\n\nCVE-ID: CVE-2009-0580, CVE-2009-0033, CVE-2009-0783, CVE-2008-5515,\n\nCVE-2009-0781, CVE-2009-2901, CVE-2009-2902, CVE-2009-2693\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in Tomcat 6.0.18\n\nDescription: Tomcat is updated to version 6.0.24 to address multiple\n\nvulnerabilities, the most serious of which may lead to a cross site\n\nscripting attack. Tomcat is only provided on Mac OS X Server systems.\n\nFurther information is available via the Tomcat site at\n\nhttp://tomcat.apache.org/\n\nunzip\n\nCVE-ID: CVE-2008-0888\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Extracting maliciously crafted zip files using the unzip\n\ncommand tool may lead to an unexpected application termination or\n\ncode execution\n\nDescription: An uninitialized pointer issue exists is the handling\n\nof zip files. Extracting maliciously crafted zip files using the\n\nunzip command tool may lead to an unexpected application termination\n\nor arbitrary code execution. This issue is addressed by performing\n\nadditional validation of zip files. This issue does not affect Mac OS\n\nX v10.6 systems.\n\nvim\n\nCVE-ID: CVE-2008-2712, CVE-2008-4101, CVE-2009-0316\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in vim 7.0\n\nDescription: Multiple vulnerabilities exist in vim 7.0, the most\n\nserious of which may lead to arbitrary code execution when working\n\nwith maliciously crafted files. These issues are addressed by\n\nupdating to vim 7.2.102. These issues do not affect Mac OS X v10.6\n\nsystems. Further information is available via the vim website at\n\nhttp://www.vim.org/\n\nWiki Server\n\nCVE-ID: CVE-2010-0523\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: Uploading a maliciously crafted applet may lead to the\n\ndisclosure of sensitive information\n\nDescription: Wiki Server allows users to upload active content such\n\nas Java applets. A remote attacker may obtain sensitive information\n\nby uploading a maliciously crafted applet and directing a Wiki Server\n\nuser to view it. The issue is addressed by restricting the file types\n\nthat may be uploaded to the Wiki Server. This issue only affects Mac\n\nOS X Server systems, and does not affect versions 10.6 or later.\n\nWiki Server\n\nCVE-ID: CVE-2010-0534\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may bypass weblog creation\n\nrestrictions\n\nDescription: Wiki Server supports service access control lists\n\n(SACLs), allowing an administrator to control the publication of\n\ncontent. Wiki Server fails to consult the weblog SACL during the\n\ncreation of a user\u2019s weblog. This may allow an authenticated user to\n\npublish content to the Wiki Server, even though publication should be\n\ndisallowed by the service ACL. This issue does not affect systems\n\nprior to Mac OS X v10.6.\n\nX11\n\nCVE-ID: CVE-2009-2042\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted image may lead to the\n\ndisclosure of sensitive information\n\nDescription: libpng is updated to version 1.2.37 to address an issue\n\nthat may result in the disclosure of sensitive information. Further\n\ninformation is available via the libpng site at\n\nhttp://www.libpng.org/pub/png/libpng.html\n\nX11\n\nCVE-ID: CVE-2003-0063\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Displaying maliciously crafted data within an xterm terminal\n\nmay lead to arbitrary code execution\n\nDescription: The xterm program supports a command sequence to change\n\nthe window title, and to print the window title to the terminal. The\n\ninformation returned is provided to the terminal as though it were\n\nkeyboard input from the user. Within an xterm terminal, displaying\n\nmaliciously crafted data containing such sequences may result in\n\ncommand injection. The issue is addressed by disabling the affected\n\ncommand sequence.\n\nxar\n\nCVE-ID: CVE-2010-0055\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: A modified package may appear as validly signed\n\nDescription: A design issue exists in xar when validating a package\n\nsignature. This may allow a modified package to appear as validly\n\nsigned. This issue is fixed through improved package signature\n\nvalidation. This issue does not affect Mac OS X v10.6 systems.\n\nCredit: Apple.\n\nSecurity Update 2010-002 / Mac OS X v10.6.3 may be obtained from\n\nthe Software Update pane in System Preferences, or Apple\u2019s Software\n\nDownloads web site:\n\nhttp://www.apple.com/support/downloads/\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07055217/mac_os_x_patch_1.jpg)](<https://threatpost.com/apple-mega-patch-covers-88-mac-os-x-vulnerabilities-032910/>)Apple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping 88 documented vulnerabilities.\n\nThe Mac OS X v10.6.3 update, which is considered \u201ccritical,\u201d covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.\n\nIn some scenarios, a malicious hacker could take complete control of a Mac-powered machine if a user simply views a malicious image or movie file.\n\nThe update covers critical vulnerabilities in AppKit, QuickTime,CoreMedia, CoreTypes, DiskImages, ImageIO and Image RAW.\n\nIt also covers holes in several open-source components, including Apache, ClamAV, MySQL, PHP.\n\nHere\u2019s [the full list](<http://support.apple.com/kb/HT4077>) of the patched vulnerabilities. \n\nThe Security Update 2010-002 / Mac OS X v10.6.3 may be obtained from the Software Update pane in System Preferences, or [Apple\u2019s Software Downloads](<site:http://www.apple.com/support/downloads/>) web page.\n", "modified": "2013-04-17T16:37:25", "published": "2010-03-29T17:15:44", "id": "THREATPOST:4F867C686B7E31697E158FBD04A5DD35", "href": "https://threatpost.com/apple-mega-patch-covers-88-mac-os-x-vulnerabilities-032910/73753/", "type": "threatpost", "title": "Apple Mega Patch Covers 88 Mac OS X Vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}