Debian: DSA-1733 Critical: Vim Code Execution Risks and Fixes
debian
March 3, 2009
Several vulnerabilities have been found in vim, an enhanced vi editor
Topics Covered
Summary
CVE-2008-2712
Jan Minar discovered that vim did not properly sanitise inputs
before invoking the execute or system functions inside vim
scripts. This could lead to the execution of arbitrary code.
CVE-2008-3074
Jan Minar discovered that the tar plugin of vim did not properly
sanitise the filenames in the tar archive or the name of the
archive file itself, making it prone to arbitrary code execution.
CVE-2008-3075
Jan Minar discovered that the zip plugin of vim did not properly
sanitise the filenames in the zip archive or the name of the
archive file itself, making it prone to arbitrary code execution.
CVE-2008-3076
Jan Minar discovered that the netrw plugin of vim did not properly
sanitise the filenames or directory names it is given. This could
lead to the execution of arbitrary code.
CVE-2008-4101
Ben Schmidt discovered that vim did not properly escape characters when performing keyword or tag lookups. This could lead to the
execution of ar...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!