Oval Definition:oval:org.mitre.oval:def:11109
Revision Date:2013-04-29Version:12
Title:Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
Description:Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-2712
Platform(s):CentOS Linux 3
CentOS Linux 4
CentOS Linux 5
Oracle Linux 4
Oracle Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • vim-minimal is earlier than 1:6.3.046-0.30E.11
  • OR vim-enhanced is earlier than 1:6.3.046-0.30E.11
  • OR vim is earlier than 1:6.3.046-0.30E.11
  • OR vim-X11 is earlier than 1:6.3.046-0.30E.11
  • OR vim-common is earlier than 1:6.3.046-0.30E.11
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • vim-minimal is earlier than 1:6.3.046-1.el4_7.5z
  • OR vim-enhanced is earlier than 1:6.3.046-1.el4_7.5z
  • OR vim is earlier than 1:6.3.046-1.el4_7.5z
  • OR vim-X11 is earlier than 1:6.3.046-1.el4_7.5z
  • OR vim-common is earlier than 1:6.3.046-1.el4_7.5z
  • OR OS Section: RHEL5, CentOS5, Oracle Linux 5
  • RHEL5, CentOS5 or Oracle Linux 5
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • OR Oracle Linux 5.x
  • AND Configuration section
  • vim-minimal is earlier than 2:7.0.109-4.el5_2.4z
  • OR vim-enhanced is earlier than 2:7.0.109-4.el5_2.4z
  • OR vim is earlier than 2:7.0.109-4.el5_2.4z
  • OR vim-X11 is earlier than 2:7.0.109-4.el5_2.4z
  • OR vim-common is earlier than 2:7.0.109-4.el5_2.4z
    • BACK