Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в vim
дополнено с 14 июня 2008 г.
Опубликовано:25 августа 2008 г.
Источник:
SecurityVulns ID:9086
Тип:локальная
Уровень опасности:
5/10
Описание:Выполнение кода при открытии файла.
Затронутые продукты:VIM : vim 6.4
 VIM : vim 7.1
CVE:CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.)
 CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.)
Оригинальный текстdocumentJan Minar, Vim: Arbitrary Code Execution in Commands: K, Control-], g] (25.08.2008)
 documentJan Minar, Vim 7.2c.002 Fixes Arbitrary Command Execution when Handling Tar Archives (13.08.2008)
 documentJan Minar, Vim: Netrw: FTP User Name and Password Disclosure (13.08.2008)
 documentJan Minar, Vim: Unfixed Vulnerabilities in Tar Plugin Version 20 (08.08.2008)
 documentJan Minar, Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim (24.07.2008)
 documentJan Minar, Vim: Improper Implementation of shellescape()/Arbitrary Code Execution (22.07.2008)
 documentJan Minar, Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution (22.07.2008)
 documentJan Minar, Collection of Vulnerabilities in Fully Patched Vim 7.1 (14.06.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород