Vulnerability CVE-2007-2953

Vulnerability Name:

CVE-2007-2953 (CCN-35655)

Assigned:

2007-07-25

Published:

2007-07-25

Updated:

2018-10-16

Summary:

Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Vim FTP Web site
FTP directory /pub/vim/patches/7.1/ at ftp.vim.org

Source: CONFIRM
Type: Patch
ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039

Source: MITRE
Type: CNA
CVE-2007-2953

Source: CCN
Type: RHSA-2008-0580
Moderate: vim security update

Source: CCN
Type: RHSA-2008-0617
Moderate: vim security update

Source: CCN
Type: SA25941
Vim "helptags" Command Format String Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
25941

Source: SECUNIA
Type: UNKNOWN
26285

Source: SECUNIA
Type: UNKNOWN
26522

Source: SECUNIA
Type: UNKNOWN
26594

Source: SECUNIA
Type: UNKNOWN
26653

Source: SECUNIA
Type: UNKNOWN
26674

Source: SECUNIA
Type: UNKNOWN
26822

Source: SECUNIA
Type: UNKNOWN
32858

Source: CCN
Type: SA33410
Avaya Products Vim Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
33410

Source: MISC
Type: Patch, Vendor Advisory
http://secunia.com/secunia_research/2007-66/advisory/

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm

Source: CCN
Type: ASA-2009-001
vim security update (RHSA-2008-0617)

Source: VIM
Type: UNKNOWN
20070823 vim editor duplicates / clarifications

Source: DEBIAN
Type: UNKNOWN
DSA-1364

Source: DEBIAN
Type: DSA-1364
vim -- several vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:168

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:236

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:018

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0580

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0617

Source: BUGTRAQ
Type: UNKNOWN
20070730 FLEA-2007-0036-1 vim vim-minimal gvim

Source: BUGTRAQ
Type: UNKNOWN
20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim

Source: BID
Type: Patch
25095

Source: CCN
Type: BID-25095
Vim HelpTags Command Remote Format String Vulnerability

Source: TRUSTIX
Type: UNKNOWN
2007-0026

Source: CCN
Type: USN-505-1
vim vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-505-1

Source: CCN
Type: VMSA-2009-0004
ESX Service Console updates for openssl, bind, and vim

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2009-0004.html

Source: VUPEN
Type: UNKNOWN
ADV-2007-2687

Source: VUPEN
Type: UNKNOWN
ADV-2009-0033

Source: VUPEN
Type: UNKNOWN
ADV-2009-0904

Source: XF
Type: UNKNOWN
vim-helptagsone-code-execution(35655)

Source: XF
Type: UNKNOWN
vim-helptagsone-code-execution(35655)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1595

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11549

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6463

Source: SUSE
Type: SUSE-SR:2007:018
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:vim_development_group:vim:*:*:*:*:*:*:*:* (Version <= 6.4)

OR cpe:/a:vim_development_group:vim:7.0:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:7.1:*:*:*:*:*:*:*

OR cpe:/a:vim_development_group:vim:7.1.38:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42322	P	Security update for mozilla-nss (Important)	2022-07-22
oval:org.opensuse.security:def:20072953	V	CVE-2007-2953	2022-06-30
oval:org.opensuse.security:def:112387	P	gvim-8.2.3408-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:33109	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:26183	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:32222	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31697	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:31698	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:32202	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:26144	P	Security update for libqt5-qtsvg (Moderate)	2021-10-11
oval:org.opensuse.security:def:105898	P	gvim-8.2.3408-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:42123	P	Security update for hivex (Moderate)	2021-09-23
oval:org.opensuse.security:def:31270	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:26121	P	Security update for ntfs-3g_ntfsprogs (Important)	2021-09-07
oval:org.opensuse.security:def:31249	P	Security update for python-PyYAML (Important)	2021-08-24
oval:org.opensuse.security:def:32158	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:26095	P	Security update for glibc (Moderate)	2021-07-27
oval:org.opensuse.security:def:32136	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:31638	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:31196	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:36146	P	gvim-7.2-8.15.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42553	P	gvim-7.2-8.15.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31184	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:31185	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:26043	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:26042	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:31613	P	Security update for tomcat (Important)	2021-04-29
oval:org.opensuse.security:def:31612	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:32066	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:31749	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:31746	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:32278	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:26197	P	Security update for postgresql13 (Moderate)	2021-02-22
oval:org.opensuse.security:def:31341	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:33070	P	Security update for MozillaFirefox (Low)	2021-02-10
oval:org.opensuse.security:def:31692	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:31641	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:31624	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:26037	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:32097	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:25985	P	Security update for gimp (Moderate)	2020-12-29
oval:org.opensuse.security:def:25980	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:32004	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:35716	P	gvim-7.2-8.15.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35915	P	gvim-7.2-8.15.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35563	P	gvim-7.2-8.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41970	P	gvim-7.2-8.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25466	P	Security update for libxml2 (Low)	2020-12-01
oval:org.opensuse.security:def:25750	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:26241	P	Security update for evolution (Moderate)	2020-12-01
oval:org.opensuse.security:def:25695	P	Security update for gcc9 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25899	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26272	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:26427	P	Security update for python-Django (Moderate)	2020-12-01
oval:org.opensuse.security:def:31117	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:31485	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:31785	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32528	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31551	P	Security update for shim	2020-12-01
oval:org.opensuse.security:def:31899	P	Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:32642	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31383	P	Security update for openvpn (Important)	2020-12-01
oval:org.opensuse.security:def:32048	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:31830	P	Security update for bind (Critical)	2020-12-01
oval:org.opensuse.security:def:32388	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:25114	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:25318	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25691	P	Security update for python36 (Important)	2020-12-01
oval:org.opensuse.security:def:25846	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25343	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:25693	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:26716	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25477	P	Security update for spectre-meltdown-checker (Moderate)	2020-12-01
oval:org.opensuse.security:def:25807	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26879	P	cvs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25696	P	Security update for sudo (Important)	2020-12-01
oval:org.opensuse.security:def:26325	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26471	P	Security update for Mozilla Thunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:31031	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31807	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31938	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:32681	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31394	P	Security update for patch (Important)	2020-12-01
oval:org.opensuse.security:def:32840	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31922	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:32432	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25115	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25399	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:25744	P	Security update for djvulibre (Low)	2020-12-01
oval:org.opensuse.security:def:25890	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25267	P	Security update for exiv2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25471	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25844	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25999	P	Security update for zziplib (Moderate)	2020-12-01
oval:org.opensuse.security:def:25541	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25891	P	Security update for libimobiledevice, usbmuxd (Important)	2020-12-01
oval:org.opensuse.security:def:26914	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25707	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26374	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27109	P	dhcp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31032	P	Security update for java-1_7_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:31851	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:31402	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:31794	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31960	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31468	P	Security update for powerpc-utils	2020-12-01
oval:org.opensuse.security:def:31836	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32879	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31979	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32327	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:25126	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:25456	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:25793	P	Security update for icedtea-web (Moderate)	2020-12-01
oval:org.opensuse.security:def:26528	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25268	P	Security update for mozilla-nspr, mozilla-nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:25552	P	Security update for python3-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:25897	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25465	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25669	P	Security update for gcc10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25771	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26413	P	Security update for go1.8 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27144	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31043	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31398	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32489	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31494	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:31850	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:31382	P	Security update for openvpn	2020-12-01
oval:org.opensuse.security:def:31600	P	Security update for tightvnc (Important)	2020-12-01
oval:org.opensuse.security:def:31992	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32366	P	Security update for supportutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:25190	P	Security update for virglrenderer (Important)	2020-12-01
oval:org.opensuse.security:def:25540	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25832	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26563	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25279	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25609	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:25946	P	Security update for gnome-shell (Low)	2020-12-01
oval:org.opensuse.security:def:26681	P	curl on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:29232	P	RHSA-2008:0580 -- vim security update (Moderate)	2015-08-17
oval:org.mitre.oval:def:17506	P	USN-505-1 -- vim vulnerability	2014-06-30
oval:org.mitre.oval:def:20483	P	DSA-1364-2 vim - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:17989	P	DSA-1364-1 vim	2014-06-23
oval:org.mitre.oval:def:22692	P	ELSA-2008:0580: vim security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:11549	V	Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.	2013-04-29
oval:org.mitre.oval:def:6463	V	Vim HelpTags Command Remote Format String Vulnerability	2009-11-30
oval:com.redhat.rhsa:def:20080580	P	RHSA-2008:0580: vim security update (Moderate)	2008-11-25
oval:com.redhat.rhsa:def:20080617	P	RHSA-2008:0617: vim security update (Moderate)	2008-11-25
oval:org.debian:def:1364	V	several vulnerabilities	2007-09-19

BACK