Test ID:	1.3.6.1.4.1.25623.1.0.61924
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2008:0618
Summary:	Redhat Security Advisory RHSA-2008:0618
Description:	The remote host is missing updates announced in advisory RHSA-2008:0618. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0618.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Critical
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2712 Bugtraq: 20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search) http://www.securityfocus.com/archive/1/archive/1/493352/100/0/threaded Bugtraq: 20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search) http://www.securityfocus.com/archive/1/archive/1/493353/100/0/threaded Bugtraq: 20080811 rPSA-2008-0247-1 gvim vim vim-minimal (Google Search) http://www.securityfocus.com/archive/1/archive/1/495319/100/0/threaded http://marc.info/?l=bugtraq&m=121494431426308&w=2 Bugtraq: 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim (Google Search) http://www.securityfocus.com/archive/1/archive/1/502322/100/0/threaded http://www.rdancer.org/vulnerablevim.html http://www.openwall.com/lists/oss-security/2008/06/16/2 http://www.openwall.com/lists/oss-security/2008/10/15/1 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 http://www.redhat.com/support/errata/RHSA-2008-0617.html http://www.redhat.com/support/errata/RHSA-2008-0580.html http://www.redhat.com/support/errata/RHSA-2008-0618.html SuSE Security Announcement: SUSE-SR:2009:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://www.ubuntu.com/usn/USN-712-1 BugTraq ID: 29715 http://www.securityfocus.com/bid/29715 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11109 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6238 http://secunia.com/advisories/34418 http://secunia.com/advisories/32858 http://secunia.com/advisories/32864 http://www.vupen.com/english/advisories/2008/1851/references http://www.vupen.com/english/advisories/2008/2780 http://www.vupen.com/english/advisories/2009/0033 http://www.securitytracker.com/id?1020293 http://secunia.com/advisories/30731 http://secunia.com/advisories/32222 http://secunia.com/advisories/33410 http://securityreason.com/securityalert/3951 http://www.vupen.com/english/advisories/2009/0904 XForce ISS Database: vim-scripts-command-execution(43083) http://xforce.iss.net/xforce/xfdb/43083 Common Vulnerability Exposure (CVE) ID: CVE-2008-4101 Bugtraq: 20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g] (Google Search) http://www.securityfocus.com/archive/1/495662 Bugtraq: 20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g] (Google Search) http://www.securityfocus.com/archive/1/495703 http://www.openwall.com/lists/oss-security/2008/09/11/4 http://www.openwall.com/lists/oss-security/2008/09/11/3 http://www.openwall.com/lists/oss-security/2008/09/16/5 http://www.openwall.com/lists/oss-security/2008/09/16/6 http://ftp.vim.org/pub/vim/patches/7.2/7.2.010 http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33 http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2 http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2 http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e http://www.rdancer.org/vulnerablevim-K.html BugTraq ID: 30795 http://www.securityfocus.com/bid/30795 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10894 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5812 http://secunia.com/advisories/31592 XForce ISS Database: vim-normal-command-execution(44626) http://xforce.iss.net/xforce/xfdb/44626
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: