ID de Prueba:	1.3.6.1.4.1.25623.1.0.61924
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0618
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0618. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0618.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2712 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 29715 http://www.securityfocus.com/bid/29715 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 Bugtraq: 20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search) http://www.securityfocus.com/archive/1/493352/100/0/threaded Bugtraq: 20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search) http://www.securityfocus.com/archive/1/493353/100/0/threaded http://marc.info/?l=bugtraq&m=121494431426308&w=2 Bugtraq: 20080811 rPSA-2008-0247-1 gvim vim vim-minimal (Google Search) http://www.securityfocus.com/archive/1/495319/100/0/threaded Bugtraq: 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim (Google Search) http://www.securityfocus.com/archive/1/502322/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 http://www.rdancer.org/vulnerablevim.html http://www.openwall.com/lists/oss-security/2008/06/16/2 http://www.openwall.com/lists/oss-security/2008/10/15/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238 http://www.redhat.com/support/errata/RHSA-2008-0580.html http://www.redhat.com/support/errata/RHSA-2008-0617.html http://www.redhat.com/support/errata/RHSA-2008-0618.html http://www.securitytracker.com/id?1020293 http://secunia.com/advisories/30731 http://secunia.com/advisories/32222 http://secunia.com/advisories/32858 http://secunia.com/advisories/32864 http://secunia.com/advisories/33410 http://secunia.com/advisories/34418 http://securityreason.com/securityalert/3951 SuSE Security Announcement: SUSE-SR:2009:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://www.ubuntu.com/usn/USN-712-1 http://www.vupen.com/english/advisories/2008/1851/references http://www.vupen.com/english/advisories/2008/2780 http://www.vupen.com/english/advisories/2009/0033 http://www.vupen.com/english/advisories/2009/0904 XForce ISS Database: vim-scripts-command-execution(43083) https://exchange.xforce.ibmcloud.com/vulnerabilities/43083 Common Vulnerability Exposure (CVE) ID: CVE-2008-4101 BugTraq ID: 30795 http://www.securityfocus.com/bid/30795 Bugtraq: 20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g] (Google Search) http://www.securityfocus.com/archive/1/495662 Bugtraq: 20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g] (Google Search) http://www.securityfocus.com/archive/1/495703 http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2 http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2 http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e http://www.rdancer.org/vulnerablevim-K.html http://www.openwall.com/lists/oss-security/2008/09/11/4 http://www.openwall.com/lists/oss-security/2008/09/11/3 http://www.openwall.com/lists/oss-security/2008/09/16/5 http://www.openwall.com/lists/oss-security/2008/09/16/6 http://ftp.vim.org/pub/vim/patches/7.2/7.2.010 http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812 http://secunia.com/advisories/31592 XForce ISS Database: vim-normal-command-execution(44626) https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.