Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:0E8B8BC871B00C0A8672039E74B869EC
HistoryDec 14, 2016 - 12:00 a.m.

USN-3139-1: Vim vulnerability | Cloud Foundry

2016-12-1400:00:00
Cloud Foundry
www.cloudfoundry.org
17

0.8 High

EPSS

Percentile

98.3%

JSON

USN-3139-1: Vim vulnerability

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04 LTS

Description

Florian Larysch discovered that the Vim text editor did not properly validate values for the ‘filetype’, ‘syntax’, and ‘keymap’ options. An attacker could trick a user into opening a file with specially crafted modelines and possibly execute arbitrary code with the user’s privileges.

Affected Products and Versions

_Severity is medium unless otherwise noted.
_

  • Cloud Foundry BOSH stemcells are vulnerable, including:
    • All versions prior to 3151.5
    • 3233.x versions prior to 3233.6
    • 3263.x versions prior to 3263.12
    • 3312.x versions prior to 3312.7
    • All other versions
  • All versions of Cloud Foundry cflinuxfs2 prior to v.1.92.0

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team recommends upgrading to the following BOSH stemcells:
    • Upgrade all lower versions of 3151.x to version 3151.5
    • Upgrade all lower versions of 3233.x to version 3233.6
    • Upgrade all lower versions of 3263.x to version 3263.12
    • Upgrade all lower versions of 3312.x to version 3312.7
  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.92.0 or later versions

Credit

Florian Larysch

References

Related

nessus 24
debian 3
checkpoint_advisories 1
archlinux 1
cve 1
openvas 16
suse 4
oraclelinux 1
osv 1
veracode 1
ubuntucve 1
cvelist 1
freebsd 1
redhatcve 1
ibm 3
centos 1
nvd 1
amazon 1
debiancve 1
redhat 1
gentoo 1
f5 1
ubuntu 1
prion 1
alpinelinux 1
exploitpack 1
exploitdb 1
mageia 1
photon 1
apple 2
nessus
nessus
SUSE SLED12 / SLES12 Security Update : vim (SUSE-SU-2016:2942-1)
2016-11-29 00:00:00
CentOS 6 / 7 : vim (CESA-2016:2972)
2016-12-22 00:00:00
OracleVM 3.3 / 3.4 : vim (OVMSA-2016-0182)
2016-12-22 00:00:00
debian
debian
[SECURITY] [DSA 3722-1] vim security update
2016-11-22 16:41:44
[SECURITY] [DSA 3722-1] vim security update
2016-11-22 16:41:44
[SECURITY] [DLA 718-1] vim security update
2016-11-22 17:07:45
checkpoint_advisories
checkpoint_advisories
Vim modelines Remote Command Execution (CVE-2016-1248)
2016-12-28 00:00:00
archlinux
archlinux
[ASA-201611-29] neovim: arbitrary command execution
2016-11-29 00:00:00
cve
cve
CVE-2016-1248
2016-11-23 15:59:00
openvas
openvas
openSUSE: Security Advisory for vim (openSUSE-SU-2016:2993-1)
2017-02-22 00:00:00
Debian Security Advisory DSA 3722-1 (vim - security update)
2016-11-22 00:00:00
Debian: Security Advisory (DSA-3722-1)
2016-11-21 00:00:00
suse
suse
Security update for vim (important)
2016-12-04 22:07:19
Security update for vim (important)
2016-12-04 22:07:04
Security update for vim (important)
2016-11-29 17:07:20
oraclelinux
oraclelinux
vim security update
2016-12-20 00:00:00
osv
osv
vim - security update
2016-11-22 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:15:07
ubuntucve
ubuntucve
CVE-2016-1248
2016-11-23 00:00:00
cvelist
cvelist
CVE-2016-1248
2016-11-23 15:00:00
freebsd
freebsd
vim -- arbitrary command execution
2016-11-22 00:00:00
redhatcve
redhatcve
CVE-2016-1248
2016-11-24 10:17:49
ibm
ibm
Security Bulletin: A vulnerability in vim affects PowerKVM
2018-06-18 01:34:53
Security Bulletin: IBM Security Guardium is affected by Using Components with Known vulnerabilities (multiple CVEs)
2018-06-16 22:02:01
Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities
2018-06-16 22:03:01
centos
centos
vim security update
2016-12-21 17:28:53
nvd
nvd
CVE-2016-1248
2016-11-23 15:59:00
amazon
amazon
Important: vim
2016-12-19 16:30:00
debiancve
debiancve
CVE-2016-1248
2016-11-23 15:59:00
redhat
redhat
(RHSA-2016:2972) Moderate: vim security update
2016-12-21 01:01:15
gentoo
gentoo
Vim, gVim: Remote execution of arbitrary code
2017-01-11 00:00:00
f5
f5
K22183127 : Vim vulnerability CVE-2016-1248
2017-03-20 00:00:00
ubuntu
ubuntu
Vim vulnerability
2016-11-29 00:00:00
prion
prion
Design/Logic Flaw
2016-11-23 15:59:00
alpinelinux
alpinelinux
CVE-2016-1248
2016-11-23 15:59:00
exploitpack
exploitpack
Vim 8.1.1365 Neovim 0.3.6 - Arbitrary Code Execution
2019-06-04 00:00:00
exploitdb
exploitdb
Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution
2019-06-04 00:00:00
mageia
mageia
Updated vim packages fix security vulnerabilities
2017-08-17 11:02:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2016-0012
2016-12-06 00:00:00
apple
apple
About the security content of macOS Sierra 10.12.3 - Apple Support
2017-03-28 11:17:25
About the security content of macOS Sierra 10.12.3
2017-01-23 00:00:00

0.8 High

EPSS

Percentile

98.3%

JSON
Related for CFOUNDRY:0E8B8BC871B00C0A8672039E74B869EC
nessus24debian3checkpoint_advisories1archlinux1cve1openvas16suse4oraclelinux1osv1veracode1ubuntucve1cvelist1freebsd1redhatcve1ibm3centos1nvd1amazon1debiancve1redhat1gentoo1f51ubuntu1prion1alpinelinux1exploitpack1exploitdb1mageia1photon1apple2