CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
84.2%
CentOS Errata and Security Advisory CESA-2008:0618-01
Vim (Visual editor IMproved) is an updated and improved version of the vi
editor.
Several input sanitization flaws were found in Vim’s keyword and tag
handling. If Vim looked up a document’s maliciously crafted tag or keyword,
it was possible to execute arbitrary code as the user running Vim.
(CVE-2008-4101)
Several input sanitization flaws were found in various Vim system
functions. If a user opened a specially crafted file, it was possible to
execute arbitrary code as the user running Vim. (CVE-2008-2712)
All Vim users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-November/077606.html
Affected packages:
vim-X11
vim-common
vim-enhanced
vim-minimal
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | vim-common | < 6.0-7.25 | vim-common-6.0-7.25.i386.rpm |
CentOS | 2 | i386 | vim-enhanced | < 6.0-7.25 | vim-enhanced-6.0-7.25.i386.rpm |
CentOS | 2 | i386 | vim-minimal | < 6.0-7.25 | vim-minimal-6.0-7.25.i386.rpm |
CentOS | 2 | i386 | vim-x11 | < 6.0-7.25 | vim-X11-6.0-7.25.i386.rpm |