Test ID:	1.3.6.1.4.1.25623.1.0.58897
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:0346
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:0346. VIM (VIsual editor iMproved) is a version of the vi editor. An arbitrary command execution flaw was found in the way VIM processes modelines. If a user with modelines enabled opened a text file containing a carefully crafted modeline, arbitrary commands could be executed as the user running VIM. (CVE-2007-2438) Users of VIM are advised to upgrade to these updated packages, which resolve this issue. Please note: this issue did not affect VIM as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0346.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.6
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2438 1018035 http://www.securitytracker.com/id?1018035 2007-0017 http://www.trustix.org/errata/2007/0017/ 20070430 FLEA-2007-0014-1: vim http://www.securityfocus.com/archive/1/467202/100/0/threaded 20070513 OMG VIM VULN http://attrition.org/pipermail/vim/2007-May/001614.html 20070823 vim editor duplicates / clarifications http://www.attrition.org/pipermail/vim/2007-August/001770.html 23725 http://www.securityfocus.com/bid/23725 25024 http://secunia.com/advisories/25024 25159 http://secunia.com/advisories/25159 25182 http://secunia.com/advisories/25182 25255 http://secunia.com/advisories/25255 25367 http://secunia.com/advisories/25367 25432 http://secunia.com/advisories/25432 26653 http://secunia.com/advisories/26653 36250 http://osvdb.org/36250 ADV-2007-1599 http://www.vupen.com/english/advisories/2007/1599 DSA-1364 http://www.debian.org/security/2007/dsa-1364 MDKSA-2007:101 http://www.mandriva.com/security/advisories?name=MDKSA-2007:101 RHSA-2007:0346 http://www.redhat.com/support/errata/RHSA-2007-0346.html SUSE-SR:2007:012 http://www.novell.com/linux/security/advisories/2007_12_sr.html USN-463-1 http://www.ubuntu.com/usn/usn-463-1 [vim-dev] 20070426 feedkeys() allowed in sandbox http://marc.info/?l=vim-dev&m=117762581821298&w=2 [vim-dev] 20070428 Re: feedkeys() allowed in sandbox http://marc.info/?l=vim-dev&m=117778983714029&w=2 [vimannounce] 20070512 Stable Vim version 7.1 has been released http://tech.groups.yahoo.com/group/vimannounce/message/178 http://tech.groups.yahoo.com/group/vimdev/message/46627 http://tech.groups.yahoo.com/group/vimdev/message/46645 http://tech.groups.yahoo.com/group/vimdev/message/46658 http://www.vim.org/news/news.php https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238259 oval:org.mitre.oval:def:9876 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9876 vim-feedkeyswritefile-command-execution(34012) https://exchange.xforce.ibmcloud.com/vulnerabilities/34012
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.