Test ID:	1.3.6.1.4.1.25623.1.0.63425
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2009:047 (vim)
Summary:	The remote host is missing an update to vim;announced via advisory MDVSA-2009:047.
Description:	Summary: The remote host is missing an update to vim announced via advisory MDVSA-2009:047. Vulnerability Insight: Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Vim working directory (CVE-2009-0316). This update provides fix for that vulnerability. Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0316 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 33447 http://www.securityfocus.com/bid/33447 http://www.mandriva.com/security/advisories?name=MDVSA-2009:047 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305 http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html http://www.openwall.com/lists/oss-security/2009/01/26/2 XForce ISS Database: vim-pysyssetargv-privilege-escalation(48275) https://exchange.xforce.ibmcloud.com/vulnerabilities/48275
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.