Lucene search
GoogleOSV:DSA-1364-2HistorySep 19, 2007 - 12:00 a.m.
vim - several vulnerabilities
2007-09-1900:00:00
Google
osv.dev
11
EPSS
0.331
Percentile
97.1%
Several vulnerabilities have been discovered in the vim editor. The Common
Vulnerabilities and Exposures project identifies the following problems:
- CVE-2007-2953
Ulf Härnhammar discovered that a format string flaw in helptags_one() from
src/ex_cmds.c (triggered through the helptags command) can lead to the
execution of arbitrary code. - CVE-2007-2438
Editors often provide a way to embed editor configuration commands (aka
modelines) which are executed once a file is opened. Harmful commands
are filtered by a sandbox mechanism. It was discovered that function
calls to writefile(), feedkeys() and system() were not filtered, allowing
shell command execution with a carefully crafted file opened in vim.
This updated advisory repairs issues with missing files in the packages
for the oldstable distribution (sarge) for the alpha, mips, and mipsel
architectures.
For the oldstable distribution (sarge) these problems have been fixed in
version 6.3-071+1sarge2. Sarge is not affected by CVE-2007-2438.
For the stable distribution (etch) these problems have been fixed
in version 7.0-122+1etch3.
For the unstable distribution (sid) these problems have been fixed in
version 7.1-056+1.
We recommend that you upgrade your vim packages.
References
Related
openvas
openvas
Debian: Security Advisory (DSA-1364-2)
2008-01-17 00:00:00
Debian Security Advisory DSA 1364-1 (vim)
2008-01-17 00:00:00
Debian Security Advisory DSA 1364-1 (vim)
2008-01-17 00:00:00
osv
osv
vim
2007-09-19 00:00:00
debian
debian
[SECURITY] [DSA 1364-1] New vim packages fix several vulnerabilities
2007-09-01 11:30:35
[SECURITY] [DSA 1364-2] New vim packages fix several vulnerabilities
2007-09-19 22:20:43
nessus
nessus
Debian DSA-1364-2 : vim - several vulnerabilities
2007-09-03 00:00:00
Oracle Linux 5 : vim (ELSA-2007-0346)
2013-07-12 00:00:00
openSUSE 10 Security Update : vim (vim-3410)
2007-10-17 00:00:00
oraclelinux
oraclelinux
Moderate: vim security update
2007-06-26 00:00:00
vim security update
2008-11-25 00:00:00
vim security update
2008-11-25 00:00:00
redhat
redhat
(RHSA-2007:0346) Moderate: vim security update
2007-05-09 00:00:00
(RHSA-2008:0617) Moderate: vim security update
2008-11-25 00:00:00
(RHSA-2008:0580) Moderate: vim security update
2008-11-25 00:00:00
cve
cve
ubuntucve
ubuntucve
CVE-2007-2438
2007-05-02 00:00:00
CVE-2007-2953
2007-07-31 00:00:00
cvelist
cvelist
CVE-2007-2438
2007-05-02 21:00:00
CVE-2007-2953
2007-07-31 10:00:00
prion
prion
Command injection
2007-05-02 21:19:00
Format string
2007-07-31 10:17:00
Design/Logic Flaw
2007-05-14 21:19:00
centos
centos
vim security update
2007-05-10 15:37:27
vim security update
2008-11-25 16:56:47
vim security update
2008-11-26 22:22:41
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:25:49
securityvulns
securityvulns
vim sandbox protection bypass
2007-05-12 00:00:00
[ MDKSA-2007:101 ] - Updated vim packages fix vulnerability
2007-05-12 00:00:00
debiancve
debiancve
CVE-2007-2438
2007-05-02 21:19:00
CVE-2007-2953
2007-07-31 10:17:00
ubuntu
ubuntu
vim vulnerability
2007-05-23 00:00:00
vim vulnerability
2007-08-28 00:00:00
nvd
nvd
seebug
seebug
Vim HelpTags命令远程格式串处理漏洞
2007-08-01 00:00:00
freebsd
freebsd
vim -- Command Format String Vulnerability
2007-07-27 00:00:00
vmware
vmware
ESX Service Console updates for openssl, bind, and vim
2009-03-31 00:00:00
ESX Service Console updates for openssl, bind, and vim
2009-03-31 00:00:00