Lucene search
RootSSV:4819HistoryFeb 23, 2009 - 12:00 a.m.
Vim PySys_SetArgv函数本地命令执行漏洞
2009-02-2300:00:00
Root
www.seebug.org
15
0.0004 Low
EPSS
Percentile
5.7%
BUGTRAQ ID: 33447
CVE(CAN) ID: CVE-2009-0316
VIM是一款免费开放源代码文本编辑器,可使用在Unix/Linux操作系统下。
VIM的python接口使用argv[0]调用PySys_SetArgv函数。由于Python对sys.path变量附加了空字符串,如果工作目录中的文件名匹配VIM试图导入的python模块名,就可能允许本地用户在系统中执行任意代码。
VIM Development Group VIM < 7.2.045
厂商补丁:
VIM Development Group
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045” target=“_blank”>https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045</a>
Related
openvas
openvas
Mandrake Security Advisory MDVSA-2009:047-1 (vim)
2009-03-02 00:00:00
Mandrake Security Advisory MDVSA-2009:047-1 (vim)
2009-03-02 00:00:00
Mandrake Security Advisory MDVSA-2009:047 (vim)
2009-02-23 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : vim (MDVSA-2009:047-1)
2009-04-23 00:00:00
openSUSE 10 Security Update : gvim (gvim-6023)
2009-03-13 00:00:00
openSUSE Security Update : gvim (gvim-561)
2009-07-21 00:00:00
securityvulns
securityvulns
[ MDVSA-2009:047 ] vim
2009-02-21 00:00:00
blender / gedit / gnumeric / vim / eog python scripts code execution
2009-04-07 00:00:00
ubuntucve
ubuntucve
CVE-2009-0316
2009-01-28 00:00:00
prion
prion
Design/Logic Flaw
2009-01-28 11:30:00
cve
cve
CVE-2009-0316
2009-01-28 11:30:00
debiancve
debiancve
CVE-2009-0316
2009-01-28 11:30:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44