ID de Prueba:	1.3.6.1.4.1.25623.1.0.61187
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: vim, vim-lite, vim-ruby, vim6, vim6-ruby
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: vim vim-lite vim-ruby vim6 vim6-ruby CVE-2008-2712 Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (2) zipplugin, (3) xpm.vim, (4) gzip_vim, and (5) netrw. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2712 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 29715 http://www.securityfocus.com/bid/29715 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 Bugtraq: 20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search) http://www.securityfocus.com/archive/1/493352/100/0/threaded Bugtraq: 20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search) http://www.securityfocus.com/archive/1/493353/100/0/threaded http://marc.info/?l=bugtraq&m=121494431426308&w=2 Bugtraq: 20080811 rPSA-2008-0247-1 gvim vim vim-minimal (Google Search) http://www.securityfocus.com/archive/1/495319/100/0/threaded Bugtraq: 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim (Google Search) http://www.securityfocus.com/archive/1/502322/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 http://www.rdancer.org/vulnerablevim.html http://www.openwall.com/lists/oss-security/2008/06/16/2 http://www.openwall.com/lists/oss-security/2008/10/15/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238 http://www.redhat.com/support/errata/RHSA-2008-0580.html http://www.redhat.com/support/errata/RHSA-2008-0617.html http://www.redhat.com/support/errata/RHSA-2008-0618.html http://www.securitytracker.com/id?1020293 http://secunia.com/advisories/30731 http://secunia.com/advisories/32222 http://secunia.com/advisories/32858 http://secunia.com/advisories/32864 http://secunia.com/advisories/33410 http://secunia.com/advisories/34418 http://securityreason.com/securityalert/3951 SuSE Security Announcement: SUSE-SR:2009:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://www.ubuntu.com/usn/USN-712-1 http://www.vupen.com/english/advisories/2008/1851/references http://www.vupen.com/english/advisories/2008/2780 http://www.vupen.com/english/advisories/2009/0033 http://www.vupen.com/english/advisories/2009/0904 XForce ISS Database: vim-scripts-command-execution(43083) https://exchange.xforce.ibmcloud.com/vulnerabilities/43083
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.