Rapid7 Vulnerability & Exploit Database

RHSA-2007:0346: vim security update

Back to Search

RHSA-2007:0346: vim security update

Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
05/02/2007
Created
07/25/2018
Added
05/10/2007
Modified
07/04/2017

Description

Updated vim packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

VIM (VIsual editor iMproved) is a version of the vi editor. An arbitrary command execution flaw was found in the way VIM processes modelines. If a user with modelines enabled opened a text file containing a carefully crafted modeline, arbitrary commands could be executed as the user running VIM. (CVE-2007-2438) Users of VIM are advised to upgrade to these updated packages, which resolve this issue. Please note: this issue did not affect VIM as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.

Solution(s)

  • redhat-upgrade-vim-common
  • redhat-upgrade-vim-enhanced
  • redhat-upgrade-vim-minimal
  • redhat-upgrade-vim-x11

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;