Rapid7 Vulnerability & Exploit Database

CESA-2007:0346: vim security update

Back to Search

CESA-2007:0346: vim security update

Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
05/02/2007
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

Updated vim packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the CentOS Security Response Team.

VIM (VIsual editor iMproved) is a version of the vi editor. An arbitrary command execution flaw was found in the way VIM processes modelines. If a user with modelines enabled opened a text file containing a carefully crafted modeline, arbitrary commands could be executed as the user running VIM. (CVE-2007-2438) Users of VIM are advised to upgrade to these updated packages, which resolve this issue. Please note: this issue did not affect VIM as distributed with CentOS Enterprise Linux 2.1, 3, or 4.

Solution(s)

  • centos-upgrade-vim-common
  • centos-upgrade-vim-enhanced
  • centos-upgrade-vim-minimal
  • centos-upgrade-vim-x11

References

  • centos-upgrade-vim-common
  • centos-upgrade-vim-enhanced
  • centos-upgrade-vim-minimal
  • centos-upgrade-vim-x11

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;