Lucene search
UbuntuUSN-505-1HistoryAug 28, 2007 - 12:00 a.m.
vim vulnerability
2007-08-2800:00:00
ubuntu.com
30
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.331
Percentile
97.1%
Releases
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06
Packages
- vim -
Details
Ulf Harnhammar discovered that vim does not properly sanitise the
βhelptags_one()β function when running the βhelptagsβ command.
By tricking a user into running a crafted help file, a remote attacker
could execute arbitrary code with the userβs privileges.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 7.04 | noarch | vim | <Β 1:7.0-164+1ubuntu7.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | vim-common | <Β 1:7.0-164+1ubuntu7.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | vim-full | <Β 1:7.0-164+1ubuntu7.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | vim-gnome | <Β 1:7.0-164+1ubuntu7.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | vim-gtk | <Β 1:7.0-164+1ubuntu7.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | vim-perl | <Β 1:7.0-164+1ubuntu7.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | vim-python | <Β 1:7.0-164+1ubuntu7.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | vim-ruby | <Β 1:7.0-164+1ubuntu7.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | vim-tcl | <Β 1:7.0-164+1ubuntu7.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | vim-tiny | <Β 1:7.0-164+1ubuntu7.2 | UNKNOWN |
References
Related
nessus
nessus
openSUSE 10 Security Update : gvim (gvim-4092)
2007-10-17 00:00:00
Ubuntu 6.06 LTS / 6.10 / 7.04 : vim vulnerability (USN-505-1)
2007-11-10 00:00:00
SuSE9 Security Update : vim and gvim (YOU Patch Number 11722)
2009-09-24 00:00:00
openvas
openvas
Mandriva Update for vim MDKSA-2007:168 (vim)
2009-04-09 00:00:00
SLES9: Security update for vim and gvim
2009-10-10 00:00:00
Ubuntu: Security Advisory (USN-505-1)
2009-03-23 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:25:49
cve
cve
CVE-2007-2953
2007-07-31 10:17:00
seebug
seebug
Vim HelpTagsε½δ»€θΏη¨ζ ΌεΌδΈ²ε€ηζΌζ΄
2007-08-01 00:00:00
freebsd
freebsd
vim -- Command Format String Vulnerability
2007-07-27 00:00:00
ubuntucve
ubuntucve
CVE-2007-2953
2007-07-31 00:00:00
prion
prion
Format string
2007-07-31 10:17:00
cvelist
cvelist
CVE-2007-2953
2007-07-31 10:00:00
nvd
nvd
CVE-2007-2953
2007-07-31 10:17:00
debiancve
debiancve
CVE-2007-2953
2007-07-31 10:17:00
osv
osv
vim - several vulnerabilities
2007-09-19 00:00:00
vim
2007-09-19 00:00:00
debian
debian
[SECURITY] [DSA 1364-1] New vim packages fix several vulnerabilities
2007-09-01 11:30:35
[SECURITY] [DSA 1364-2] New vim packages fix several vulnerabilities
2007-09-19 22:20:43
oraclelinux
oraclelinux
vim security update
2008-11-25 00:00:00
vim security update
2008-11-25 00:00:00
centos
centos
vim security update
2008-11-25 16:56:47
vim security update
2008-11-26 22:22:41
redhat
redhat
(RHSA-2008:0617) Moderate: vim security update
2008-11-25 00:00:00
(RHSA-2008:0580) Moderate: vim security update
2008-11-25 00:00:00
vmware
vmware
ESX Service Console updates for openssl, bind, and vim
2009-03-31 00:00:00
ESX Service Console updates for openssl, bind, and vim
2009-03-31 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.331
Percentile
97.1%
Related for USN-505-1