Test ID:	1.3.6.1.4.1.25623.1.0.845134
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5147-1)
Summary:	The remote host is missing an update for the 'vim' package(s) announced via the USN-5147-1 advisory.
Description:	Summary: The remote host is missing an update for the 'vim' package(s) announced via the USN-5147-1 advisory. Vulnerability Insight: It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-17087) It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. This issue only affected Ubuntu 14.04 ESM. (CVE-2019-20807) Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04 and Ubuntu 21.10. (CVE-2021-3872) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3903) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3927) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3928) Affected Software/OS: 'vim' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 21.04, Ubuntu 21.10. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-17087 http://openwall.com/lists/oss-security/2017/11/27/2 http://security.cucumberlinux.com/security/details.php?id=166 https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8 https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html https://usn.ubuntu.com/4582-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-20807 http://seclists.org/fulldisclosure/2020/Jul/24 https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 https://github.com/vim/vim/releases/tag/v8.1.0881 https://www.starwindsoftware.com/security/sw-20220812-0003/ SuSE Security Announcement: openSUSE-SU-2020:0794 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3872 https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/ https://security.gentoo.org/glsa/202208-32 https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3903 https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BN4EX7BPQU7RP6PXCNCSDORUZBXQ4JUH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DU26T75PYA3OF7XJGNKMT2ZCQEU4UKP5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/ https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43 https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html http://www.openwall.com/lists/oss-security/2022/01/15/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-3927 https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/ https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3928 https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.