security advisorycriticalarbitrary code execution
Moderate: vim security update. Date: Tue, 25 Nov 2008 13:37:42 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for vim on SL3.x, SL4.x, SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Moderate: vim security update Issue date: 2008-11-25 CVE Names: CVE-2007-2953 CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-3076 CVE-2008-3432 CVE-2008-4101 Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) SL3 and SL4 Only: A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially-crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) SL5 Only: Multiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3076) SL5 Only: A security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075) SL5 Only: A security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf H=E4rnhammar, of Secunia Research, discovered a format string flawin Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) SL 3.0.x SRPMS: vim-6.3.046-0.30E.11.src.rpm i386: vim-common-6.3.046-0.30E.11.i386.rpm vim-enhanced-6.3.046-0.30E.11.i386.rpm vim-minimal-6.3.046-0.30E.11.i386.rpm vim-X11-6.3.046-0.30E.11.i386.rpm x86_64: vim-common-6.3.046-0.30E.11.x86_64.rpm vim-enhanced-6.3.046-0.30E.11.x86_64.rpm vim-minimal-6.3.046-0.30E.11.x86_64.rpm vim-X11-6.3.046-0.30E.11.x86_64.rpm SL 4.x SRPMS: vim-6.3.046-1.el4_7.5z.src.rpm i386: vim-common-6.3.046-1.el4_7.5z.i386.rpm vim-enhanced-6.3.046-1.el4_7.5z.i386.rpm vim-minimal-6.3.046-1.el4_7.5z.i386.rpm vim-X11-6.3.046-1.el4_7.5z.i386.rpm x86_64: vim-common-6.3.046-1.el4_7.5z.x86_64.rpm vim-enhanced-6.3.046-1.el4_7.5z.x86_64.rpm vim-minimal-6.3.046-1.el4_7.5z.x86_64.rpm vim-X11-6.3.046-1.el4_7.5z.x86_64.rpm SL 5.x SRPMS: vim-7.0.109-4.el5_2.4z.src.rpm i386: vim-common-7.0.109-4.el5_2.4z.i386.rpm vim-enhanced-7.0.109-4.el5_2.4z.i386.rpm vim-minimal-7.0.109-4.el5_2.4z.i386.rpm vim-X11-7.0.109-4.el5_2.4z.i386.rpm x86_64: vim-common-7.0.109-4.el5_2.4z.x86_64.rpm vim-enhanced-7.0.109-4.el5_2.4z.x86_64.rpm vim-minimal-7.0.109-4.el5_2.4z.x86_64.rpm vim-X11-7.0.109-4.el5_2.4z.x86_64.rpm -Connie Sieh -Troy Dawson . Updated vim package for Scientific Linux to remediate several input validation vulnerabilities which may permit arbitrary code execution.. Scientific Linux, vim security, input flaws, code execution risks. . Severity: Important. LinuxSecurity.com Team
Nov 25, 2008
•Important
Scientific Linux
Refine advisories
