Vulnerability : several vulnerabilities Problem type : local (remote) Debian-specific: no CVE Ids : CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-3076 CVE-2008-4104 Debian Bugs : 486502 506919
Several vulnerabilities have been found in vim, an enhanced vi editor. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-2712
Jan Minar discovered that vim did not properly sanitise inputs
before invoking the execute or system functions inside vim
scripts. This could lead to the execution of arbitrary code.
CVE-2008-3074
Jan Minar discovered that the tar plugin of vim did not properly
sanitise the filenames in the tar archive or the name of the
archive file itself, making it prone to arbitrary code execution.
CVE-2008-3075
Jan Minar discovered that the zip plugin of vim did not properly
sanitise the filenames in the zip archive or the name of the
archive file itself, making it prone to arbitrary code execution.
CVE-2008-3076
Jan Minar discovered that the netrw plugin of vim did not properly
sanitise the filenames or directory names it is given. This could
lead to the execution of arbitrary code.
CVE-2008-4101
Ben Schmidt discovered that vim did not properly escape characters
when performing keyword or tag lookups. This could lead to the
execution of arbitrary code.
1:7.0-122+1etch5