Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3076

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3076
Last Modified 14 May 2009 01:25:55
Published 21 Feb 2009 05:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3076

Summary

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.

Vulnerable Systems

Application

  • Vim 7.2a.10


References

MISC - http://www.rdancer.org/vulnerablevim-netrw.v2.html

MISC - http://www.rdancer.org/vulnerablevim-netrw.html

MLIST - [oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10

XF - netrw-multiple-code-execution(43624)

BID - 30115

REDHAT - RHSA-2008:0580

MLIST - [oss-security] 20081020 CVE request (vim)

MLIST - [oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10

MANDRIVA - MDVSA-2008:236

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324

SECUNIA - 34418

MLIST - [oss-security] 20081016 CVE request - Vim netrw.plugin

BUGTRAQ - 20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1

SUSE - SUSE-SR:2009:007

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919


Last Updated: 27 May 2016 10:48:04