Rapid7 VulnDB

RHSA-2008:0580: vim security update

Back to Search

RHSA-2008:0580: vim security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
02/21/2009
Created
07/25/2018
Added
02/22/2009
Modified
07/04/2017

Description

Vim (Visual editor IMproved) is an updated and improved version of the vieditor.Several input sanitization flaws were found in Vim's keyword and taghandling. If Vim looked up a document's maliciously crafted tag or keyword,it was possible to execute arbitrary code as the user running Vim.(CVE-2008-4101)Multiple security flaws were found in netrw.vim, the Vim plug-in providingfile reading and writing over the network. If a user opened a speciallycrafted file or directory with the netrw plug-in, it could result inarbitrary code execution as the user running Vim. (CVE-2008-3076)A security flaw was found in zip.vim, the Vim plug-in that handles ZIParchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,it could result in arbitrary code execution as the user running Vim.(CVE-2008-3075)A security flaw was found in tar.vim, the Vim plug-in which handles TARarchive browsing. If a user opened a TAR archive using the tar.vim plug-in,it could result in arbitrary code execution as the user runnin Vim.(CVE-2008-3074)Several input sanitization flaws were found in various Vim systemfunctions. If a user opened a specially crafted file, it was possible toexecute arbitrary code as the user running Vim. (CVE-2008-2712)Ulf Härnhammar, of Secunia Research, discovered a format string flaw inVim's help tag processor. If a user was tricked into executing the"helptags" command on malicious data, arbitrary code could be executed withthe permissions of the user running Vim. (CVE-2007-2953)All Vim users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues.

Solution(s)

  • redhat-upgrade-vim-common
  • redhat-upgrade-vim-enhanced
  • redhat-upgrade-vim-minimal
  • redhat-upgrade-vim-x11

References

  • redhat-upgrade-vim-common
  • redhat-upgrade-vim-enhanced
  • redhat-upgrade-vim-minimal
  • redhat-upgrade-vim-x11

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;