Vulnerability CVE-2008-4101 - CERT Civis.Net

Vulnerability Name:

CVE-2008-4101 (CCN-44626)

Assigned:

2008-08-19

Published:

2008-08-19

Updated:

2018-10-11

Summary:

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

CVSS v3 Severity:

4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-4101

Source: MLIST
Type: Exploit
[vim-dev] 20080903 Patch 7.2.010

Source: MISC
Type: UNKNOWN
http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2

Source: MISC
Type: Patch
http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2

Source: CCN
Type: Google Groups, vin_dev, Aug 19, 11:38 pm
Bug with v_K and potentially K command

Source: MISC
Type: Exploit
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e

Source: MLIST
Type: Patch
[vim_dev] 20080824 Bug with v_K and potentially K command

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-10-09

Source: APPLE
Type: UNKNOWN
APPLE-SA-2010-03-29-1

Source: CCN
Type: RHSA-2008-0580
Moderate: vim security update

Source: CCN
Type: RHSA-2008-0617
Moderate: vim security update

Source: CCN
Type: RHSA-2008-0618
Moderate: vim security update

Source: CCN
Type: SA31592
Vim Shell Command Injection Weaknesses

Source: SECUNIA
Type: UNKNOWN
31592

Source: CCN
Type: SA32222
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32222

Source: SECUNIA
Type: UNKNOWN
32858

Source: SECUNIA
Type: UNKNOWN
32864

Source: CCN
Type: SA33410
Avaya Products Vim Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
33410

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3216

Source: CCN
Type: Apple Web site
About the security content of Security Update 2010-002 / Mac OS X v10.6.3

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT4077

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm

Source: CCN
Type: ASA-2008-457
vim security update (RHSA-2008-0618)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm

Source: CCN
Type: ASA-2009-001
vim security update (RHSA-2008-0617)

Source: DEBIAN
Type: DSA-1733
vim -- several vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:236

Source: MLIST
Type: UNKNOWN
[oss-security] 20080911 [oss-list] CVE request (vim)

Source: MLIST
Type: UNKNOWN
[oss-security] 20080911 Re: [oss-list] CVE request (vim)

Source: MLIST
Type: UNKNOWN
[oss-security] 20080915 Re: [oss-list] CVE request (vim)

Source: MLIST
Type: UNKNOWN
[oss-security] 20080915 Re: [oss-list] CVE request (vim)

Source: CCN
Type: rdancer Advisories, 2008-08-20
Arbitrary Code Execution in Commands: K, Control-], g]

Source: MISC
Type: UNKNOWN
http://www.rdancer.org/vulnerablevim-K.html

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0580

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0617

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0618

Source: BUGTRAQ
Type: UNKNOWN
20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g]

Source: BUGTRAQ
Type: UNKNOWN
20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g]

Source: BUGTRAQ
Type: UNKNOWN
20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim

Source: BID
Type: UNKNOWN
30795

Source: CCN
Type: BID-30795
Vim Insufficient Shell Escaping Multiple Command Execution Vulnerabilities

Source: BID
Type: UNKNOWN
31681

Source: CCN
Type: BID-31681
RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities

Source: CCN
Type: USN-712-1
Vim vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-712-1

Source: CCN
Type: Vim Web site
welcome home : vim online

Source: CCN
Type: VMSA-2009-0004
ESX Service Console updates for openssl, bind, and vim

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2009-0004.html

Source: VUPEN
Type: UNKNOWN
ADV-2008-2780

Source: VUPEN
Type: UNKNOWN
ADV-2009-0033

Source: VUPEN
Type: UNKNOWN
ADV-2009-0904

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=461927

Source: XF
Type: UNKNOWN
vim-normal-command-execution(44626)

Source: XF
Type: UNKNOWN
vim-normal-command-execution(44626)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10894

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5812

Vulnerable Configuration:

Configuration 1:

cpe:/a:vim:vim:3.0:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:4.0:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.0:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.1:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.2:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.3:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.4:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.5:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.6:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.7:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.8:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:6.0:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:6.1:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:6.2:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:6.3:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:6.4:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:7.0:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:7.1:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:*:*:*:*:*:*:*:* (Version <= 7.2)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:vim:vim:6.0:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:6.1:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:6.3:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:6.4:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.0:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:7.0:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:7.1:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:7.2:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:3.0:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:4.0:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.1:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.2:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.3:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.4:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.5:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.6:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.7:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:5.8:*:*:*:*:*:*:*

OR cpe:/a:vim:vim:6.2:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*

OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*

OR cpe:/a:vmware:esx_server:3.0.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20084101	V	CVE-2008-4101	2017-09-27
oval:org.mitre.oval:def:29232	P	RHSA-2008:0580 -- vim security update (Moderate)	2015-08-17
oval:org.mitre.oval:def:7596	P	DSA-1733 vim -- several vulnerabilities	2015-02-23
oval:org.mitre.oval:def:12922	P	USN-712-1 -- vim vulnerabilities	2014-06-30
oval:org.mitre.oval:def:20113	P	DSA-1733-1 vim - multiple vulnerabilities	2014-06-23
oval:org.mitre.oval:def:22692	P	ELSA-2008:0580: vim security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:10894	V	Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.	2013-04-29
oval:org.mitre.oval:def:5812	V	Vim Insufficient Shell Escaping Multiple Command Execution Vulnerability	2009-11-30
oval:org.debian:def:1733	V	several vulnerabilities	2009-03-03
oval:com.redhat.rhsa:def:20080580	P	RHSA-2008:0580: vim security update (Moderate)	2008-11-25
oval:com.redhat.rhsa:def:20080617	P	RHSA-2008:0617: vim security update (Moderate)	2008-11-25