DSA-1733-1

Details

Vulnerability : several vulnerabilities Problem type : local (remote) Debian-specific: no CVE Ids : CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-3076 CVE-2008-4104 Debian Bugs : 486502 506919

Several vulnerabilities have been found in vim, an enhanced vi editor. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-2712

Jan Minar discovered that vim did not properly sanitise inputs
before invoking the execute or system functions inside vim
scripts. This could lead to the execution of arbitrary code.

CVE-2008-3074

Jan Minar discovered that the tar plugin of vim did not properly
sanitise the filenames in the tar archive or the name of the
archive file itself, making it prone to arbitrary code execution.

CVE-2008-3075

Jan Minar discovered that the zip plugin of vim did not properly
sanitise the filenames in the zip archive or the name of the
archive file itself, making it prone to arbitrary code execution.

CVE-2008-3076

Jan Minar discovered that the netrw plugin of vim did not properly
sanitise the filenames or directory names it is given. This could
lead to the execution of arbitrary code.

CVE-2008-4101

Ben Schmidt discovered that vim did not properly escape characters
when performing keyword or tag lookups. This could lead to the
execution of arbitrary code.

Affected Packages

vim

Debian 4

Fixed in:

1:7.0-122+1etch5

References

ADVISORYhttps://security-tracker.debian.org/tracker/DSA-1733-1

DSA-1733-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline