Lucene search
Ubuntu.comUB:CVE-2008-6235HistoryFeb 21, 2009 - 12:00 a.m.
CVE-2008-6235
2009-02-2100:00:00
ubuntu.com
ubuntu.com
13
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.003
Percentile
67.9%
The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted
attackers to execute arbitrary commands via shell metacharacters in a
filename used by the (1) “D” (delete) command or (2) b:netrw_curdir
variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.
Notes
| Author | Note |
|---|---|
| mdeslaur | This was patched in vim from usn-712-1 |
Related
debiancve
debiancve
CVE-2008-6235
2009-02-21 23:30:00
cve
cve
CVE-2008-6235
2009-02-21 23:30:00
cvelist
cvelist
CVE-2008-6235
2009-02-21 23:00:00
prion
prion
Command injection
2009-02-21 23:30:00
nvd
nvd
CVE-2008-6235
2009-02-21 23:30:00
nessus
nessus
RHEL 5 : vim (RHSA-2008:0580)
2008-11-25 00:00:00
openSUSE 10 Security Update : gvim (gvim-6023)
2009-03-13 00:00:00
CentOS 5 : vim (CESA-2008:0580)
2010-01-06 00:00:00
oraclelinux
oraclelinux
vim security update
2008-11-25 00:00:00
redhat
redhat
(RHSA-2008:0580) Moderate: vim security update
2008-11-25 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2008-0580)
2015-10-08 00:00:00
SuSE Security Summary SUSE-SR:2009:007
2009-03-31 00:00:00
SUSE: Security Summary (SUSE-SR:2009:007)
2009-03-31 00:00:00
centos
centos
vim security update
2008-11-26 22:22:41
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.003
Percentile
67.9%
Related for UB:CVE-2008-6235