| Vulnerability Name: | CVE-2008-3076 (CCN-43624) | ||||||||||||||||||||
| Assigned: | 2008-07-07 | ||||||||||||||||||||
| Published: | 2008-07-07 | ||||||||||||||||||||
| Updated: | 2017-08-08 | ||||||||||||||||||||
| Summary: | The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. Note: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. | ||||||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:UR)
3.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:UR)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-78 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: CONFIRM Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919 Source: MITRE Type: CNA CVE-2008-3076 Source: SUSE Type: UNKNOWN SUSE-SR:2009:007 Source: BUGTRAQ Type: UNKNOWN 20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1 Source: MLIST Type: Exploit [oss-security] 20081016 CVE request - Vim netrw.plugin Source: SECUNIA Type: UNKNOWN 34418 Source: CONFIRM Type: UNKNOWN http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324 Source: DEBIAN Type: DSA-1733 vim -- several vulnerabilities Source: MANDRIVA Type: UNKNOWN MDVSA-2008:236 Source: MLIST Type: Exploit [oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Source: MLIST Type: Exploit, Patch [oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Source: MLIST Type: UNKNOWN [oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10 Source: MLIST Type: UNKNOWN [oss-security] 20081020 CVE request (vim) Source: CCN Type: rdancer Advisories, 2008-07-03 Arbitrary code execution in Netrw version 125, Vim 7.2a.10 Source: MISC Type: Exploit, Patch, Vendor Advisory http://www.rdancer.org/vulnerablevim-netrw.html Source: MISC Type: Exploit, Patch, Vendor Advisory http://www.rdancer.org/vulnerablevim-netrw.v2.html Source: REDHAT Type: UNKNOWN RHSA-2008:0580 Source: BID Type: Exploit 30115 Source: CCN Type: BID-30115 Netrw Vim Script Multiple Command Execution Vulnerabilities Source: CCN Type: Vim Web site netrw.vim - Network oriented reading, writing, and browsing (keywords: netrw ftp scp) : vim online Source: XF Type: UNKNOWN netrw-multiple-code-execution(43624) Source: XF Type: UNKNOWN netrw-multiple-code-execution(43624) Source: SUSE Type: SUSE-SR:2009:007 SUSE Security Summary Report | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||