CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
88.3%
CentOS Errata and Security Advisory CESA-2007:0346
VIM (VIsual editor iMproved) is a version of the vi editor.
An arbitrary command execution flaw was found in the way VIM processes
modelines. If a user with modelines enabled opened a text file containing
a carefully crafted modeline, arbitrary commands could be executed as the user
running VIM. (CVE-2007-2438)
Users of VIM are advised to upgrade to these updated packages, which
resolve this issue.
Please note: this issue did not affect VIM as distributed with Red Hat
Enterprise Linux 2.1, 3, or 4.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075907.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075908.html
Affected packages:
vim-X11
vim-common
vim-enhanced
vim-minimal
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0346
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | x86_64 | vim-common | < 7.0.109-3.el5.3 | vim-common-7.0.109-3.el5.3.x86_64.rpm |
CentOS | 5 | x86_64 | vim-enhanced | < 7.0.109-3.el5.3 | vim-enhanced-7.0.109-3.el5.3.x86_64.rpm |
CentOS | 5 | x86_64 | vim-minimal | < 7.0.109-3.el5.3 | vim-minimal-7.0.109-3.el5.3.x86_64.rpm |
CentOS | 5 | x86_64 | vim-x11 | < 7.0.109-3.el5.3 | vim-X11-7.0.109-3.el5.3.x86_64.rpm |
CentOS | 5 | i386 | vim-common | < 7.0.109-3.el5.3 | vim-common-7.0.109-3.el5.3.i386.rpm |
CentOS | 5 | i386 | vim-enhanced | < 7.0.109-3.el5.3 | vim-enhanced-7.0.109-3.el5.3.i386.rpm |
CentOS | 5 | i386 | vim-minimal | < 7.0.109-3.el5.3 | vim-minimal-7.0.109-3.el5.3.i386.rpm |
CentOS | 5 | i386 | vim-x11 | < 7.0.109-3.el5.3 | vim-X11-7.0.109-3.el5.3.i386.rpm |