Vulnerability CVE-2007-2438

Vulnerability Name:

CVE-2007-2438 (CCN-34012)

Assigned:

2007-04-26

Published:

2007-04-26

Updated:

2018-10-16

Summary:

The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.

CVSS v3 Severity:

9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: VIM
Type: UNKNOWN
20070513 OMG VIM VULN

Source: MITRE
Type: CNA
CVE-2007-2438

Source: CCN
Type: vim-dev Mailing List, 2007-04-26 21:35:07
feedkeys() allowed in sandbox

Source: MLIST
Type: UNKNOWN
[vim-dev] 20070426 feedkeys() allowed in sandbox

Source: MLIST
Type: Exploit
[vim-dev] 20070428 Re: feedkeys() allowed in sandbox

Source: OSVDB
Type: UNKNOWN
36250

Source: CCN
Type: RHSA-2007-0346
Moderate: vim security update

Source: CCN
Type: SA25024
Vim Modelines "feedkeys()" Shell Command Execution

Source: SECUNIA
Type: Vendor Advisory
25024

Source: SECUNIA
Type: Vendor Advisory
25159

Source: SECUNIA
Type: Vendor Advisory
25182

Source: SECUNIA
Type: Vendor Advisory
25255

Source: SECUNIA
Type: UNKNOWN
25367

Source: SECUNIA
Type: UNKNOWN
25432

Source: SECUNIA
Type: UNKNOWN
26653

Source: CCN
Type: SECTRACK ID: 1018035
Vim Sandbox Functions Let Remote Users Execute Arbitrary Commands

Source: MLIST
Type: UNKNOWN
[vimannounce] 20070512 Stable Vim version 7.1 has been released

Source: MISC
Type: UNKNOWN
http://tech.groups.yahoo.com/group/vimdev/message/46627

Source: CONFIRM
Type: UNKNOWN
http://tech.groups.yahoo.com/group/vimdev/message/46645

Source: MISC
Type: UNKNOWN
http://tech.groups.yahoo.com/group/vimdev/message/46658

Source: VIM
Type: UNKNOWN
20070823 vim editor duplicates / clarifications

Source: DEBIAN
Type: UNKNOWN
DSA-1364

Source: DEBIAN
Type: DSA-1364
vim -- several vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:101

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:012

Source: CCN
Type: OSVDB ID: 36250
Vim Unspecified Issue

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0346

Source: BUGTRAQ
Type: UNKNOWN
20070430 FLEA-2007-0014-1: vim

Source: BID
Type: UNKNOWN
23725

Source: CCN
Type: BID-23725
Vim Feedkeys and Writefile Functions Remote Code Execution Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1018035

Source: TRUSTIX
Type: UNKNOWN
2007-0017

Source: CCN
Type: USN-463-1
vim vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-463-1

Source: CCN
Type: Vim Web site
Vim

Source: CONFIRM
Type: UNKNOWN
http://www.vim.org/news/news.php

Source: VUPEN
Type: UNKNOWN
ADV-2007-1599

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238259

Source: XF
Type: UNKNOWN
vim-feedkeyswritefile-command-execution(34012)

Source: XF
Type: UNKNOWN
vim-feedkeyswritefile-command-execution(34012)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9876

Source: SUSE
Type: SUSE-SR:2007:012
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/o:foresight_linux:foresight_linux:1.1:*:*:*:*:*:*:*

AND

cpe:/a:vim_development_group:vim:7.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42322	P	Security update for mozilla-nss (Important)	2022-07-22
oval:org.opensuse.security:def:20072438	V	CVE-2007-2438	2022-06-30
oval:org.opensuse.security:def:112387	P	gvim-8.2.3408-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:33109	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:26183	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:32222	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31697	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:31698	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:32202	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:26144	P	Security update for libqt5-qtsvg (Moderate)	2021-10-11
oval:org.opensuse.security:def:105898	P	gvim-8.2.3408-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:42123	P	Security update for hivex (Moderate)	2021-09-23
oval:org.opensuse.security:def:31270	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:26121	P	Security update for ntfs-3g_ntfsprogs (Important)	2021-09-07
oval:org.opensuse.security:def:31249	P	Security update for python-PyYAML (Important)	2021-08-24
oval:org.opensuse.security:def:32158	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:26095	P	Security update for glibc (Moderate)	2021-07-27
oval:org.opensuse.security:def:32136	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:31638	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:36146	P	gvim-7.2-8.15.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42553	P	gvim-7.2-8.15.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31196	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:31184	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:31185	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:26043	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:26042	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:31613	P	Security update for tomcat (Important)	2021-04-29
oval:org.opensuse.security:def:31612	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:32066	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:31749	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:31746	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:32278	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:26197	P	Security update for postgresql13 (Moderate)	2021-02-22
oval:org.opensuse.security:def:31341	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:33070	P	Security update for MozillaFirefox (Low)	2021-02-10
oval:org.opensuse.security:def:31692	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:31641	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:31624	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:26037	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:32097	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:25985	P	Security update for gimp (Moderate)	2020-12-29
oval:org.opensuse.security:def:25980	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:32004	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:35915	P	gvim-7.2-8.15.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35563	P	gvim-7.2-8.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41970	P	gvim-7.2-8.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35716	P	gvim-7.2-8.15.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31383	P	Security update for openvpn (Important)	2020-12-01
oval:org.opensuse.security:def:32048	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:31830	P	Security update for bind (Critical)	2020-12-01
oval:org.opensuse.security:def:32388	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:25114	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:25318	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25691	P	Security update for python36 (Important)	2020-12-01
oval:org.opensuse.security:def:25846	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25343	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:25693	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:26716	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25477	P	Security update for spectre-meltdown-checker (Moderate)	2020-12-01
oval:org.opensuse.security:def:25807	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26879	P	cvs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25696	P	Security update for sudo (Important)	2020-12-01
oval:org.opensuse.security:def:26325	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26471	P	Security update for Mozilla Thunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:31031	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31807	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31938	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:32681	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31394	P	Security update for patch (Important)	2020-12-01
oval:org.opensuse.security:def:32840	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31922	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:32432	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25115	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25399	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:25744	P	Security update for djvulibre (Low)	2020-12-01
oval:org.opensuse.security:def:25890	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25267	P	Security update for exiv2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25471	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25844	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25999	P	Security update for zziplib (Moderate)	2020-12-01
oval:org.opensuse.security:def:25541	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25891	P	Security update for libimobiledevice, usbmuxd (Important)	2020-12-01
oval:org.opensuse.security:def:26914	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25707	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26374	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27109	P	dhcp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31032	P	Security update for java-1_7_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:31851	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:31402	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:31794	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31960	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31468	P	Security update for powerpc-utils	2020-12-01
oval:org.opensuse.security:def:31836	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32879	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31979	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32327	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:25126	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:25456	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:25793	P	Security update for icedtea-web (Moderate)	2020-12-01
oval:org.opensuse.security:def:26528	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25268	P	Security update for mozilla-nspr, mozilla-nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:25552	P	Security update for python3-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:25897	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25465	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25669	P	Security update for gcc10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25771	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26413	P	Security update for go1.8 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27144	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31043	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31398	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32489	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31494	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:31850	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:31382	P	Security update for openvpn	2020-12-01
oval:org.opensuse.security:def:31600	P	Security update for tightvnc (Important)	2020-12-01
oval:org.opensuse.security:def:31992	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32366	P	Security update for supportutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:25190	P	Security update for virglrenderer (Important)	2020-12-01
oval:org.opensuse.security:def:25540	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25832	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26563	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25279	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25609	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:25946	P	Security update for gnome-shell (Low)	2020-12-01
oval:org.opensuse.security:def:26681	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25466	P	Security update for libxml2 (Low)	2020-12-01
oval:org.opensuse.security:def:25750	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:26241	P	Security update for evolution (Moderate)	2020-12-01
oval:org.opensuse.security:def:25695	P	Security update for gcc9 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25899	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26272	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:26427	P	Security update for python-Django (Moderate)	2020-12-01
oval:org.opensuse.security:def:31117	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:31485	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:31785	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32528	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31551	P	Security update for shim	2020-12-01
oval:org.opensuse.security:def:31899	P	Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:32642	P	clamav on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:20483	P	DSA-1364-2 vim - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:17989	P	DSA-1364-1 vim	2014-06-23
oval:org.mitre.oval:def:22067	P	ELSA-2007:0346: vim security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:9876	V	The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.	2013-04-29
oval:org.debian:def:1364	V	several vulnerabilities	2007-09-19
oval:com.redhat.rhsa:def:20070346	P	RHSA-2007:0346: vim security update (Moderate)	2007-05-09

BACK