Vulnerability CVE-2004-1138

Vulnerability Name:

CVE-2004-1138 (CCN-18503)

Assigned:

2004-12-15

Published:

2004-12-15

Updated:

2017-10-11

Summary:

VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2004-1138

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2004.052

Source: CCN
Type: RHSA-2005-010
vim security update

Source: CCN
Type: RHSA-2005-036
vim security update

Source: CCN
Type: VIM Download Web page
download : vim online

Source: CCN
Type: CIAC Information Bulletin P-090
VIM Modeline Vulnerability

Source: CCN
Type: GLSA-200412-10
Vim, gVim: Vulnerable options in modelines

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200412-10

Source: CCN
Type: OpenPKG-SA-2004.052
Vim

Source: REDHAT
Type: UNKNOWN
RHSA-2005:010

Source: REDHAT
Type: UNKNOWN
RHSA-2005:036

Source: CCN
Type: BID-11941
Vim Modelines Arbitrary Command Execution Variant Vulnerability

Source: CCN
Type: USN-52-1
vim vulnerability

Source: FEDORA
Type: UNKNOWN
FLSA:2343

Source: XF
Type: UNKNOWN
vim-modeline-gain-privileges(18503)

Source: XF
Type: UNKNOWN
vim-modeline-gain-privileges(18503)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9571

Vulnerable Configuration:

Configuration 1:

cpe:/a:vim_development_group:vim:5.0:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:5.1:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:5.2:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:5.3:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:5.4:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:5.5:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:5.6:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:5.7:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:5.8:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:6.0:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:6.1:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:6.2:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:6.3.011:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:6.3.025:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:6.3.030:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:6.3.044:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:9571	V	VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.	2013-04-29
oval:com.redhat.rhsa:def:20050036	P	RHSA-2005:036: vim security update (Low)	2005-02-15
oval:com.redhat.rhsa:def:20050010	P	RHSA-2005:010: vim security update (Low)	2005-01-05

BACK