Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4101

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4101
Last Modified 30 Oct 2012 11:03:46
Published 18 Sep 2008 01:59:32
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4101

Summary

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

Vulnerable Systems

Application

  • Vim 3.0

  • Vim 4.0

  • Vim 5.0

  • Vim 5.1

  • Vim 5.2

  • Vim 5.3

  • Vim 5.4

  • Vim 5.5

  • Vim 5.6

  • Vim 5.7

  • Vim 5.8

  • Vim 6.0

  • Vim 6.1

  • Vim 6.2

  • Vim 6.3

  • Vim 6.4

  • Vim 7.0

  • Vim 7.1

  • Vim 7.2


References

MLIST - [vim_dev] 20080824 Bug with v_K and potentially K command

MISC - http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=461927

XF - vim-normal-command-execution(44626)

VUPEN - ADV-2009-0904

VUPEN - ADV-2009-0033

VUPEN - ADV-2008-2780

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0004.html

UBUNTU - USN-712-1

BID - 31681

BID - 30795

BUGTRAQ - 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim

BUGTRAQ - 20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g]

BUGTRAQ - 20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g]

REDHAT - RHSA-2008:0617

REDHAT - RHSA-2008:0580

MISC - http://www.rdancer.org/vulnerablevim-K.html

MLIST - [oss-security] 20080915 Re: [oss-list] CVE request (vim)

MLIST - [oss-security] 20080911 Re: [oss-list] CVE request (vim)

MLIST - [oss-security] 20080911 [oss-list] CVE request (vim)

MANDRIVA - MDVSA-2008:236

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm

CONFIRM - http://support.apple.com/kb/HT4077

CONFIRM - http://support.apple.com/kb/HT3216

SECUNIA - 33410

SECUNIA - 32222

SECUNIA - 31592

APPLE - APPLE-SA-2010-03-29-1

APPLE - APPLE-SA-2008-10-09

MISC - http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e

MISC - http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2

MLIST - [vim-dev] 20080903 Patch 7.2.010

REDHAT - RHSA-2008:0618

SECUNIA - 32864

SECUNIA - 32858

Related Patches

Apple 2008-10-09 Security Update 2008-007 Client (Leopard)

Novell SUSE 2009:6025 gvim security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:49:48