Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1377

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2002-1377
Last Modified 10 Sep 2008 03:14:26
Published 23 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1377

Summary

vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.

Vulnerable Systems

Application

  • Vim Development Group Vim 5.0

  • Vim Development Group Vim 5.1

  • Vim Development Group Vim 5.2

  • Vim Development Group Vim 5.3

  • Vim Development Group Vim 5.4

  • Vim Development Group Vim 5.5

  • Vim Development Group Vim 5.6

  • Vim Development Group Vim 5.7

  • Vim Development Group Vim 5.8

  • Vim Development Group Vim 6.0

  • Vim Development Group Vim 6.1


References

REDHAT - RHSA-2002:297

MISC - http://www.guninski.com/vim1.html

XF - vim-modeline-command-execution(10835)

BID - 6384

REDHAT - RHSA-2002:302

MANDRAKE - MDKSA-2003:012

SUNALERT - 55700

BUGTRAQ - 20040331 OpenLinux: vim arbitrary commands execution through modelines

FULLDISC - 20021213 Some vim problems, yet still vim much better than windows

CONECTIVA - CLA-2004:812


Last Updated: 27 May 2016 10:37:18