FreeBSD Local Security Checks : FreeBSD Ports: vim6, vim6+ruby

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67993

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: vim6, vim6+ruby

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

vim6
vim6+ruby

CVE-2008-3432
Heap-based buffer overflow in the mch_expand_wildcards function in
os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute
arbitrary code via shell metacharacters in filenames, as demonstrated
by the netrw.v3 test case.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3432
20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim
http://www.securityfocus.com/archive/1/502322/100/0/threaded
30648
http://www.securityfocus.com/bid/30648
31681
http://www.securityfocus.com/bid/31681
32222
http://secunia.com/advisories/32222
32858
http://secunia.com/advisories/32858
33410
http://secunia.com/advisories/33410
ADV-2008-2780
http://www.vupen.com/english/advisories/2008/2780
ADV-2009-0033
http://www.vupen.com/english/advisories/2009/0033
ADV-2009-0904
http://www.vupen.com/english/advisories/2009/0904
APPLE-SA-2008-10-09
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
RHSA-2008:0617
http://www.redhat.com/support/errata/RHSA-2008-0617.html
[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw
http://www.openwall.com/lists/oss-security/2008/07/15/4
[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw
http://www.openwall.com/lists/oss-security/2008/08/01/1
ftp://ftp.vim.org/pub/vim/patches/6.2.429
ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059
http://support.apple.com/kb/HT3216
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
https://bugzilla.redhat.com/show_bug.cgi?id=455455
oval:org.mitre.oval:def:11203
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203
oval:org.mitre.oval:def:5987
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987
vim-mchexpandwildcards-bo(44722)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44722

Copyright Copyright (C) 2010 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67993
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: vim6, vim6+ruby
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: vim6 vim6+ruby CVE-2008-3432 Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3432 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim http://www.securityfocus.com/archive/1/502322/100/0/threaded 30648 http://www.securityfocus.com/bid/30648 31681 http://www.securityfocus.com/bid/31681 32222 http://secunia.com/advisories/32222 32858 http://secunia.com/advisories/32858 33410 http://secunia.com/advisories/33410 ADV-2008-2780 http://www.vupen.com/english/advisories/2008/2780 ADV-2009-0033 http://www.vupen.com/english/advisories/2009/0033 ADV-2009-0904 http://www.vupen.com/english/advisories/2009/0904 APPLE-SA-2008-10-09 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html RHSA-2008:0617 http://www.redhat.com/support/errata/RHSA-2008-0617.html [oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw http://www.openwall.com/lists/oss-security/2008/07/15/4 [oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw http://www.openwall.com/lists/oss-security/2008/08/01/1 ftp://ftp.vim.org/pub/vim/patches/6.2.429 ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059 http://support.apple.com/kb/HT3216 http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm http://www.vmware.com/security/advisories/VMSA-2009-0004.html https://bugzilla.redhat.com/show_bug.cgi?id=455455 oval:org.mitre.oval:def:11203 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203 oval:org.mitre.oval:def:5987 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987 vim-mchexpandwildcards-bo(44722) https://exchange.xforce.ibmcloud.com/vulnerabilities/44722
Copyright	Copyright (C) 2010 E-Soft Inc.