[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-4101

Date: (C)2008-09-18   (M)2017-12-01 


Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

CVSS Score: 9.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
http://www.securityfocus.com/archive/1/495662
http://www.securityfocus.com/archive/1/495703
http://www.securityfocus.com/archive/1/archive/1/502322/100/0/threaded
BID-30795
SECUNIA-31592
BID-31681
SECUNIA-32222
SECUNIA-32858
SECUNIA-32864
SECUNIA-33410
ADV-2008-2780
ADV-2009-0033
ADV-2009-0904
APPLE-SA-2008-10-09
APPLE-SA-2010-03-29-1
MDVSA-2008:236
RHSA-2008:0580
RHSA-2008:0617
RHSA-2008:0618
USN-712-1
http://www.openwall.com/lists/oss-security/2008/09/11/4
http://www.openwall.com/lists/oss-security/2008/09/11/3
http://www.openwall.com/lists/oss-security/2008/09/16/6
http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT4077
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
http://www.rdancer.org/vulnerablevim-K.html
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
https://bugzilla.redhat.com/show_bug.cgi?id=461927
vim-normal-command-execution(44626)

CPE    4
cpe:/a:vim:vim:6.1
cpe:/a:vim:vim:5.6
cpe:/a:vim:vim:6.3
cpe:/a:vim:vim:7.2
...
CWE    1
CWE-20
OVAL    6
oval:org.secpod.oval:def:301320
oval:org.secpod.oval:def:301484
oval:org.mitre.oval:def:7596
oval:org.secpod.oval:def:600351
...

© 2013 SecPod Technologies