English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.61923
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2008:0617
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0617.

Vim (Visual editor IMproved) is an updated and improved version of the vi
editor.

Several input sanitization flaws were found in Vim's keyword and tag
handling. If Vim looked up a document's maliciously crafted tag or keyword,
it was possible to execute arbitrary code as the user running Vim.
(CVE-2008-4101)

A heap-based overflow flaw was discovered in Vim's expansion of file name
patterns with shell wildcards. An attacker could create a specially-crafted
file or directory name that, when opened by Vim, caused the application to
crash or, possibly, execute arbitrary code. (CVE-2008-3432)

Several input sanitization flaws were found in various Vim system
functions. If a user opened a specially crafted file, it was possible to
execute arbitrary code as the user running Vim. (CVE-2008-2712)

Ulf Härnhammar, of Secunia Research, discovered a format string flaw in
Vim's help tag processor. If a user was tricked into executing the
helptags command on malicious data, arbitrary code could be executed with
the permissions of the user running Vim. (CVE-2007-2953)

All Vim users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.


Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0617.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-2953
BugTraq ID: 25095
http://www.securityfocus.com/bid/25095
Bugtraq: 20070730 FLEA-2007-0036-1 vim vim-minimal gvim (Google Search)
http://www.securityfocus.com/archive/1/475076/100/100/threaded
Bugtraq: 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim (Google Search)
http://www.securityfocus.com/archive/1/502322/100/0/threaded
Debian Security Information: DSA-1364 (Google Search)
http://www.debian.org/security/2007/dsa-1364
http://www.mandriva.com/security/advisories?name=MDKSA-2007:168
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
http://secunia.com/secunia_research/2007-66/advisory/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11549
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6463
http://www.redhat.com/support/errata/RHSA-2008-0580.html
http://www.redhat.com/support/errata/RHSA-2008-0617.html
http://secunia.com/advisories/25941
http://secunia.com/advisories/26285
http://secunia.com/advisories/26522
http://secunia.com/advisories/26594
http://secunia.com/advisories/26653
http://secunia.com/advisories/26674
http://secunia.com/advisories/26822
http://secunia.com/advisories/32858
http://secunia.com/advisories/33410
SuSE Security Announcement: SUSE-SR:2007:018 (Google Search)
http://www.novell.com/linux/security/advisories/2007_18_sr.html
http://www.trustix.org/errata/2007/0026/
http://www.ubuntu.com/usn/usn-505-1
http://www.attrition.org/pipermail/vim/2007-August/001770.html
http://www.vupen.com/english/advisories/2007/2687
http://www.vupen.com/english/advisories/2009/0033
http://www.vupen.com/english/advisories/2009/0904
XForce ISS Database: vim-helptagsone-code-execution(35655)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35655
Common Vulnerability Exposure (CVE) ID: CVE-2008-2712
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 29715
http://www.securityfocus.com/bid/29715
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
Bugtraq: 20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search)
http://www.securityfocus.com/archive/1/493352/100/0/threaded
Bugtraq: 20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search)
http://www.securityfocus.com/archive/1/493353/100/0/threaded
http://marc.info/?l=bugtraq&m=121494431426308&w=2
Bugtraq: 20080811 rPSA-2008-0247-1 gvim vim vim-minimal (Google Search)
http://www.securityfocus.com/archive/1/495319/100/0/threaded
http://www.rdancer.org/vulnerablevim.html
http://www.openwall.com/lists/oss-security/2008/06/16/2
http://www.openwall.com/lists/oss-security/2008/10/15/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238
http://www.redhat.com/support/errata/RHSA-2008-0618.html
http://www.securitytracker.com/id?1020293
http://secunia.com/advisories/30731
http://secunia.com/advisories/32222
http://secunia.com/advisories/32864
http://secunia.com/advisories/34418
http://securityreason.com/securityalert/3951
SuSE Security Announcement: SUSE-SR:2009:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://www.ubuntu.com/usn/USN-712-1
http://www.vupen.com/english/advisories/2008/1851/references
http://www.vupen.com/english/advisories/2008/2780
XForce ISS Database: vim-scripts-command-execution(43083)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43083
Common Vulnerability Exposure (CVE) ID: CVE-2008-3432
20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim
30648
http://www.securityfocus.com/bid/30648
31681
32222
32858
33410
ADV-2008-2780
ADV-2009-0033
ADV-2009-0904
APPLE-SA-2008-10-09
RHSA-2008:0617
[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw
http://www.openwall.com/lists/oss-security/2008/07/15/4
[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw
http://www.openwall.com/lists/oss-security/2008/08/01/1
ftp://ftp.vim.org/pub/vim/patches/6.2.429
ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059
http://support.apple.com/kb/HT3216
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
https://bugzilla.redhat.com/show_bug.cgi?id=455455
oval:org.mitre.oval:def:11203
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203
oval:org.mitre.oval:def:5987
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987
vim-mchexpandwildcards-bo(44722)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44722
Common Vulnerability Exposure (CVE) ID: CVE-2008-4101
BugTraq ID: 30795
http://www.securityfocus.com/bid/30795
Bugtraq: 20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g] (Google Search)
http://www.securityfocus.com/archive/1/495662
Bugtraq: 20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g] (Google Search)
http://www.securityfocus.com/archive/1/495703
http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
http://www.rdancer.org/vulnerablevim-K.html
http://www.openwall.com/lists/oss-security/2008/09/11/4
http://www.openwall.com/lists/oss-security/2008/09/11/3
http://www.openwall.com/lists/oss-security/2008/09/16/5
http://www.openwall.com/lists/oss-security/2008/09/16/6
http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812
http://secunia.com/advisories/31592
XForce ISS Database: vim-normal-command-execution(44626)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.