| Vulnerability Name: | CVE-2005-2368 (CCN-21563) | ||||||||||||
| Assigned: | 2005-07-25 | ||||||||||||
| Published: | 2005-07-25 | ||||||||||||
| Updated: | 2017-10-11 | ||||||||||||
| Summary: | vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels. | ||||||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-78 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2005-2368 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2005:995 Security fix for vim Source: FULLDISC Type: Exploit, Patch, Vendor Advisory 20050725 Help poor children in Uganda Source: CCN Type: RHSA-2005-745 vim security update Source: CCN Type: Vim Download Web page download : vim online Source: MISC Type: Exploit, Patch, Vendor Advisory http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html Source: CCN Type: Fedora Update Notification FEDORA-2005-738 vim Source: CCN Type: Fedora Update Notification FEDORA-2005-737 vim Source: CCN Type: Fedora Update Notification FEDORA-2005-741 vim Source: REDHAT Type: UNKNOWN RHSA-2005:745 Source: BID Type: UNKNOWN 14374 Source: CCN Type: BID-14374 Vim ModeLines Further Variant Arbitrary Command Execution Vulnerability Source: CCN Type: USN-154-1 vim vulnerability Source: CCN Type: Vim Web site Vim Source: XF Type: UNKNOWN vim-glob-command-execution(21563) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11302 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||