Vim (Visual editor IMproved) is an updated and improved version of the vi
editor.
Several input sanitization flaws were found in Vim’s keyword and tag
handling. If Vim looked up a document’s maliciously crafted tag or keyword,
it was possible to execute arbitrary code as the user running Vim.
(CVE-2008-4101)
Multiple security flaws were found in netrw.vim, the Vim plug-in providing
file reading and writing over the network. If a user opened a specially
crafted file or directory with the netrw plug-in, it could result in
arbitrary code execution as the user running Vim. (CVE-2008-3076)
A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,
it could result in arbitrary code execution as the user running Vim.
(CVE-2008-3075)
A security flaw was found in tar.vim, the Vim plug-in which handles TAR
archive browsing. If a user opened a TAR archive using the tar.vim plug-in,
it could result in arbitrary code execution as the user runnin Vim.
(CVE-2008-3074)
Several input sanitization flaws were found in various Vim system
functions. If a user opened a specially crafted file, it was possible to
execute arbitrary code as the user running Vim. (CVE-2008-2712)
Ulf Harnhammar, of Secunia Research, discovered a format string flaw in
Vim’s help tag processor. If a user was tricked into executing the
“helptags” command on malicious data, arbitrary code could be executed with
the permissions of the user running Vim. (CVE-2007-2953)
All Vim users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | i386 | vim-common | < 7.0.109-4.el5_2.4z | vim-common-7.0.109-4.el5_2.4z.i386.rpm |
RedHat | 5 | x86_64 | vim-enhanced | < 7.0.109-4.el5_2.4z | vim-enhanced-7.0.109-4.el5_2.4z.x86_64.rpm |
RedHat | 5 | x86_64 | vim-minimal | < 7.0.109-4.el5_2.4z | vim-minimal-7.0.109-4.el5_2.4z.x86_64.rpm |
RedHat | 5 | ia64 | vim-enhanced | < 7.0.109-4.el5_2.4z | vim-enhanced-7.0.109-4.el5_2.4z.ia64.rpm |
RedHat | 5 | x86_64 | vim-x11 | < 7.0.109-4.el5_2.4z | vim-X11-7.0.109-4.el5_2.4z.x86_64.rpm |
RedHat | 5 | s390x | vim-enhanced | < 7.0.109-4.el5_2.4z | vim-enhanced-7.0.109-4.el5_2.4z.s390x.rpm |
RedHat | 5 | ppc | vim-common | < 7.0.109-4.el5_2.4z | vim-common-7.0.109-4.el5_2.4z.ppc.rpm |
RedHat | 5 | ppc | vim-x11 | < 7.0.109-4.el5_2.4z | vim-X11-7.0.109-4.el5_2.4z.ppc.rpm |
RedHat | 5 | ppc | vim-minimal | < 7.0.109-4.el5_2.4z | vim-minimal-7.0.109-4.el5_2.4z.ppc.rpm |
RedHat | 5 | i386 | vim-minimal | < 7.0.109-4.el5_2.4z | vim-minimal-7.0.109-4.el5_2.4z.i386.rpm |