[Forgot Password]
Login  Register Subscribe

23631

 
 

122203

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-712-1 -- vim vulnerabilities

ID: oval:org.secpod.oval:def:700348Date: (C)2011-05-13   (M)2017-11-27
Class: PATCHFamily: unix




Jan Minar discovered that Vim did not properly sanitize inputs before invoking the execute or system functions inside Vim scripts. If a user were tricked into running Vim scripts with a specially crafted input, an attacker could execute arbitrary code with the privileges of the user invoking the program. Ben Schmidt discovered that Vim did not properly escape characters when performing keyword or tag lookups. If a user were tricked into running specially crafted commands, an attacker could execute arbitrary code with the privileges of the user invoking the program

Platform:
Ubuntu 7.10
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product:
vim
Reference:
USN-712-1
CVE-2008-2712
CVE-2008-4101
CVE    2
CVE-2008-4101
CVE-2008-2712
CPE    4
cpe:/o:ubuntu:ubuntu_linux:8.04
cpe:/o:ubuntu:ubuntu_linux:7.10
cpe:/o:ubuntu:ubuntu_linux:6.06
cpe:/o:ubuntu:ubuntu_linux:8.10
...

© 2013 SecPod Technologies