Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6235

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-6235
Last Modified 21 Aug 2010 01:27:42
Published 21 Feb 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6235

Summary

The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.

Vulnerable Systems

Application

  • Vim 7.0

  • Vim 7.1


References

MISC - http://www.rdancer.org/vulnerablevim-netrw.v2.html

MISC - http://www.rdancer.org/vulnerablevim-netrw.html

REDHAT - RHSA-2008:0580

MISC - http://www.rdancer.org/vulnerablevim-netrw.v5.html

MLIST - [oss-security] 20081020 CVE request (vim)

MLIST - [oss-security] 20081016 CVE request - Vim netrw.plugin

SECUNIA - 34418

SUSE - SUSE-SR:2009:007


Last Updated: 27 May 2016 10:49:07