ID de Prueba:	1.3.6.1.4.1.25623.1.0.58897
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0346
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0346. VIM (VIsual editor iMproved) is a version of the vi editor. An arbitrary command execution flaw was found in the way VIM processes modelines. If a user with modelines enabled opened a text file containing a carefully crafted modeline, arbitrary commands could be executed as the user running VIM. (CVE-2007-2438) Users of VIM are advised to upgrade to these updated packages, which resolve this issue. Please note: this issue did not affect VIM as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0346.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2438 1018035 http://www.securitytracker.com/id?1018035 2007-0017 http://www.trustix.org/errata/2007/0017/ 20070430 FLEA-2007-0014-1: vim http://www.securityfocus.com/archive/1/467202/100/0/threaded 20070513 OMG VIM VULN http://attrition.org/pipermail/vim/2007-May/001614.html 20070823 vim editor duplicates / clarifications http://www.attrition.org/pipermail/vim/2007-August/001770.html 23725 http://www.securityfocus.com/bid/23725 25024 http://secunia.com/advisories/25024 25159 http://secunia.com/advisories/25159 25182 http://secunia.com/advisories/25182 25255 http://secunia.com/advisories/25255 25367 http://secunia.com/advisories/25367 25432 http://secunia.com/advisories/25432 26653 http://secunia.com/advisories/26653 36250 http://osvdb.org/36250 ADV-2007-1599 http://www.vupen.com/english/advisories/2007/1599 DSA-1364 http://www.debian.org/security/2007/dsa-1364 MDKSA-2007:101 http://www.mandriva.com/security/advisories?name=MDKSA-2007:101 RHSA-2007:0346 http://www.redhat.com/support/errata/RHSA-2007-0346.html SUSE-SR:2007:012 http://www.novell.com/linux/security/advisories/2007_12_sr.html USN-463-1 http://www.ubuntu.com/usn/usn-463-1 [vim-dev] 20070426 feedkeys() allowed in sandbox http://marc.info/?l=vim-dev&m=117762581821298&w=2 [vim-dev] 20070428 Re: feedkeys() allowed in sandbox http://marc.info/?l=vim-dev&m=117778983714029&w=2 [vimannounce] 20070512 Stable Vim version 7.1 has been released http://tech.groups.yahoo.com/group/vimannounce/message/178 http://tech.groups.yahoo.com/group/vimdev/message/46627 http://tech.groups.yahoo.com/group/vimdev/message/46645 http://tech.groups.yahoo.com/group/vimdev/message/46658 http://www.vim.org/news/news.php https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238259 oval:org.mitre.oval:def:9876 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9876 vim-feedkeyswritefile-command-execution(34012) https://exchange.xforce.ibmcloud.com/vulnerabilities/34012
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.