Vulnerability Name:

CVE-2008-2712 (CCN-43083)

Assigned:2008-06-13
Published:2008-06-13
Updated:2018-11-01
Summary:Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.
Note: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298.
Note: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Vim FTP Web site
Patch 7.1.299

Source: CCN
Type: BugTraq Mailing List, Wed Jul 23 2008 - 13:29:01 CDT
Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim

Source: CCN
Type: Full-Disclosure Mailing List, Fri Jun 13 2008 - 17:43:35 CDT
Collection of Vulnerabilities in Fully Patched Vim 7.1

Source: MITRE
Type: CNA
CVE-2008-2712

Source: APPLE
Type: Mailing List, Third Party Advisory
APPLE-SA-2008-10-09

Source: APPLE
Type: Mailing List, Third Party Advisory
APPLE-SA-2010-03-29-1

Source: SUSE
Type: Third Party Advisory
SUSE-SR:2009:007

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1

Source: CCN
Type: RHSA-2008-0580
Moderate: vim security update

Source: CCN
Type: RHSA-2008-0617
Moderate: vim security update

Source: CCN
Type: RHSA-2008-0618
Moderate: vim security update

Source: CCN
Type: SA30731
Vim Shell Command Injection Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
30731

Source: CCN
Type: SA32222
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
32222

Source: SECUNIA
Type: Third Party Advisory
32858

Source: SECUNIA
Type: Third Party Advisory
32864

Source: CCN
Type: SA33410
Avaya Products Vim Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
33410

Source: SECUNIA
Type: Third Party Advisory
34418

Source: SREASON
Type: Third Party Advisory
3951

Source: CCN
Type: SECTRACK ID: 1020293
Vim Flaw in Quoting Vim Script Lets Remote Users Cause Arbitrary Commands to Be Executed in Certain Cases

Source: CCN
Type: Apple Web site
About Security Update 2008-007

Source: CONFIRM
Type: Third Party Advisory
http://support.apple.com/kb/HT3216

Source: CONFIRM
Type: Third Party Advisory
http://support.apple.com/kb/HT4077

Source: CONFIRM
Type: Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm

Source: CCN
Type: ASA-2008-457
vim security update (RHSA-2008-0618)

Source: CONFIRM
Type: Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm

Source: CCN
Type: ASA-2009-001
vim security update (RHSA-2008-0617)

Source: CONFIRM
Type: Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0247

Source: DEBIAN
Type: DSA-1733
vim -- several vulnerabilities

Source: MANDRIVA
Type: Third Party Advisory
MDVSA-2008:236

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20080616 CVE Id request: vim

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075

Source: CCN
Type: rdancer Advisories, 2008-06-13
Collection of Vulnerabilities in Fully Patched Vim 7.1

Source: MISC
Type: Broken Link
http://www.rdancer.org/vulnerablevim.html

Source: REDHAT
Type: Third Party Advisory
RHSA-2008:0580

Source: REDHAT
Type: Third Party Advisory
RHSA-2008:0617

Source: REDHAT
Type: Third Party Advisory
RHSA-2008:0618

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20080811 rPSA-2008-0247-1 gvim vim vim-minimal

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim

Source: BID
Type: Third Party Advisory, VDB Entry
29715

Source: CCN
Type: BID-29715
Vim Vim Script Multiple Command Execution Vulnerabilities

Source: BID
Type: Third Party Advisory, VDB Entry
31681

Source: CCN
Type: BID-31681
RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1020293

Source: CCN
Type: USN-712-1
Vim vulnerabilities

Source: UBUNTU
Type: Third Party Advisory
USN-712-1

Source: CCN
Type: Vim Web site
welcome home : vim online

Source: CCN
Type: VMSA-2009-0004
ESX Service Console updates for openssl, bind, and vim

Source: CONFIRM
Type: Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0004.html

Source: VUPEN
Type: Third Party Advisory
ADV-2008-1851

Source: VUPEN
Type: Third Party Advisory
ADV-2008-2780

Source: VUPEN
Type: Third Party Advisory
ADV-2009-0033

Source: VUPEN
Type: Third Party Advisory
ADV-2009-0904

Source: XF
Type: Third Party Advisory, VDB Entry
vim-scripts-command-execution(43083)

Source: XF
Type: UNKNOWN
vim-scripts-command-execution(43083)

Source: CONFIRM
Type: Broken Link
https://issues.rpath.com/browse/RPL-2622

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:11109

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:6238

Source: SUSE
Type: SUSE-SR:2009:007
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vim:vim:*:*:*:*:*:*:*:* (Version <= 6.4)
  • OR cpe:/a:vim:vim:*:*:*:*:*:*:*:* (Version >= 7.0 and <= 7.1.314)

    • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:vim:vim:6.4:*:*:*:*:*:*:*
  • OR cpe:/a:vim:vim:7.1.298:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20082712
    V
    		CVE-2008-2712
    2017-09-27
    oval:org.mitre.oval:def:29232
    P
    		RHSA-2008:0580 -- vim security update (Moderate)
    2015-08-17
    oval:org.mitre.oval:def:7596
    P
    		DSA-1733 vim -- several vulnerabilities
    2015-02-23
    oval:org.mitre.oval:def:12922
    P
    		USN-712-1 -- vim vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:20113
    P
    		DSA-1733-1 vim - multiple vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:22692
    P
    		ELSA-2008:0580: vim security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:11109
    V
    		Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
    2013-04-29
    oval:org.mitre.oval:def:6238
    V
    		Vim Flaw in Quoting Vim Script Lets Remote Users Cause Arbitrary Commands to Be Executed in Certain Cases
    2009-11-30
    oval:org.debian:def:1733
    V
    		several vulnerabilities
    2009-03-03
    oval:com.redhat.rhsa:def:20080580
    P
    		RHSA-2008:0580: vim security update (Moderate)
    2008-11-25
    oval:com.redhat.rhsa:def:20080617
    P
    		RHSA-2008:0617: vim security update (Moderate)
    2008-11-25
    BACK
    vim vim *
    vim vim *
    canonical ubuntu linux 6.06
    canonical ubuntu linux 7.10
    canonical ubuntu linux 8.04
    canonical ubuntu linux 8.10
    vim vim 6.4
    vim vim 7.1.298
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake multi network firewall 2.0
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    redhat enterprise linux 5
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    apple mac os x 10.5
    apple mac os x server 10.5
    apple mac os x 10.5.1
    apple mac os x server 10.5.1
    vmware esx server 2.5.5
    apple mac os x 10.5.2
    apple mac os x server 10.5.2
    mandrakesoft mandrake linux 2008.1
    canonical ubuntu 8.04
    vmware esx server 3.5
    apple mac os x server 10.5.3
    apple mac os x 10.5.3
    apple mac os x 10.5.4
    apple mac os x server 10.5.4
    vmware esx server 3.0.3
    apple mac os x 10.5.5
    apple mac os x server 10.5.5
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    apple mac os x 10.5.8
    apple mac os x server 10.5.8