Lucene search
Copyright (C) 2008 E-Soft Inc.OPENVAS:136141256231061187HistorySep 04, 2008 - 12:00 a.m.
FreeBSD Ports: vim, vim-lite, vim-ruby, vim6, vim6-ruby
2008-09-0400:00:00
Copyright (C) 2008 E-Soft Inc.
plugins.openvas.org
13
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
8.2
Confidence
High
EPSS
0.011
Percentile
84.2%
The remote host is missing an update to the system
as announced in the referenced advisory.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.61187");
script_version("2023-07-26T05:05:09+0000");
script_tag(name:"last_modification", value:"2023-07-26 05:05:09 +0000 (Wed, 26 Jul 2023)");
script_tag(name:"creation_date", value:"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)");
script_cve_id("CVE-2008-2712");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("FreeBSD Ports: vim, vim-lite, vim-ruby, vim6, vim6-ruby");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdrel");
script_tag(name:"insight", value:"The following packages are affected:
vim
vim-lite
vim-ruby
vim6
vim6-ruby
CVE-2008-2712
Vim 7.1.314, 6.4, and other versions allows user-assisted remote
attackers to execute arbitrary commands via Vim scripts that do not
properly sanitize inputs before invoking the execute or system
functions, as demonstrated using (1) filetype.vim, (2) zipplugin, (3)
xpm.vim, (4) gzip_vim, and (5) netrw.");
script_tag(name:"solution", value:"Update your system with the appropriate patches or
software upgrades.");
script_xref(name:"URL", value:"http://www.rdancer.org/vulnerablevim.html");
script_xref(name:"URL", value:"http://www.vuxml.org/freebsd/30866e6c-3c6d-11dd-98c9-00163e000016.html");
script_tag(name:"summary", value:"The remote host is missing an update to the system
as announced in the referenced advisory.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-bsd.inc");
vuln = FALSE;
txt = "";
bver = portver(pkg:"vim");
if(!isnull(bver) && revcomp(a:bver, b:"6")>0 && revcomp(a:bver, b:"6.4.10")<=0) {
txt += 'Package vim version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(!isnull(bver) && revcomp(a:bver, b:"7")>0 && revcomp(a:bver, b:"7.1.315")<0) {
txt += 'Package vim version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
bver = portver(pkg:"vim-lite");
if(!isnull(bver) && revcomp(a:bver, b:"6")>0 && revcomp(a:bver, b:"6.4.10")<=0) {
txt += 'Package vim-lite version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(!isnull(bver) && revcomp(a:bver, b:"7")>0 && revcomp(a:bver, b:"7.1.315")<0) {
txt += 'Package vim-lite version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
bver = portver(pkg:"vim-ruby");
if(!isnull(bver) && revcomp(a:bver, b:"6")>0 && revcomp(a:bver, b:"6.4.10")<=0) {
txt += 'Package vim-ruby version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(!isnull(bver) && revcomp(a:bver, b:"7")>0 && revcomp(a:bver, b:"7.1.315")<0) {
txt += 'Package vim-ruby version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
bver = portver(pkg:"vim6");
if(!isnull(bver) && revcomp(a:bver, b:"6")>0 && revcomp(a:bver, b:"6.4.10")<=0) {
txt += 'Package vim6 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(!isnull(bver) && revcomp(a:bver, b:"7")>0 && revcomp(a:bver, b:"7.1.315")<0) {
txt += 'Package vim6 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
bver = portver(pkg:"vim6-ruby");
if(!isnull(bver) && revcomp(a:bver, b:"6")>0 && revcomp(a:bver, b:"6.4.10")<=0) {
txt += 'Package vim6-ruby version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(!isnull(bver) && revcomp(a:bver, b:"7")>0 && revcomp(a:bver, b:"7.1.315")<0) {
txt += 'Package vim6-ruby version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(vuln) {
security_message(data:txt);
} else if (__pkg_match) {
exit(99);
}Related
openvas
openvas
FreeBSD Ports: vim, vim-lite, vim-ruby, vim6, vim6-ruby
2008-09-04 00:00:00
Ubuntu: Security Advisory (USN-712-1)
2009-02-02 00:00:00
SLES10: Security update for vim
2009-10-13 00:00:00
exploitdb
exploitdb
Vim 7.x - Vim Script Multiple Command Execution Vulnerabilities
2008-06-14 00:00:00
securityvulns
securityvulns
vim multiple security vulnerabilities
2008-08-25 00:00:00
Vim: Unfixed Vulnerabilities in Tar Plugin Version 20
2008-08-08 00:00:00
Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim
2008-07-24 00:00:00
nessus
nessus
FreeBSD : vim -- Vim Shell Command Injection Vulnerabilities (30866e6c-3c6d-11dd-98c9-00163e000016)
2008-06-24 00:00:00
SuSE 10 Security Update : vim (ZYPP Patch Number 6025)
2009-09-24 00:00:00
RHEL 2.1 : vim (RHSA-2008:0618)
2008-11-25 00:00:00
freebsd
freebsd
vim -- Vim Shell Command Injection Vulnerabilities
2008-06-16 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:25:49
prion
prion
Design/Logic Flaw
2008-06-16 21:41:00
Command injection
2009-02-21 22:30:00
Code injection
2008-09-18 17:59:00
debian
debian
[Backports-security-announce] Security Update for vim
2008-11-29 10:05:18
[Backports-security-announce] Security Update for vim
2008-11-29 10:05:12
[SECURITY] [DSA 1733-1] New vim packages fix multiple vulnerabilities
2009-03-03 08:35:06
ubuntucve
ubuntucve
nvd
nvd
ubuntu
ubuntu
Vim vulnerabilities
2009-01-27 00:00:00
debiancve
debiancve
cve
cve
cvelist
cvelist
redhat
redhat
(RHSA-2008:0618) Moderate: vim security update
2008-11-25 00:00:00
(RHSA-2008:0617) Moderate: vim security update
2008-11-25 00:00:00
(RHSA-2008:0580) Moderate: vim security update
2008-11-25 00:00:00
centos
centos
vim security update
2008-11-25 23:40:39
vim security update
2008-11-25 16:56:47
vim security update
2008-11-26 22:22:41
oraclelinux
oraclelinux
vim security update
2008-11-25 00:00:00
vim security update
2008-11-25 00:00:00
osv
osv
vim - multiple vulnerabilities
2009-03-03 00:00:00
vmware
vmware
ESX Service Console updates for openssl, bind, and vim
2009-03-31 00:00:00
ESX Service Console updates for openssl, bind, and vim
2009-03-31 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
8.2
Confidence
High
EPSS
0.011
Percentile
84.2%
Related for OPENVAS:136141256231061187