CVE-2008-2712

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.rdancer.org/vulnerablevim.html	Broken Link
http://www.openwall.com/lists/oss-security/2008/06/16/2	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/29715	Third Party Advisory VDB Entry
http://secunia.com/advisories/30731	Third Party Advisory
http://www.securitytracker.com/id?1020293	Third Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-2622	Broken Link
http://wiki.rpath.com/Advisories:rPSA-2008-0247	Third Party Advisory
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/31681	Third Party Advisory VDB Entry
http://support.apple.com/kb/HT3216	Third Party Advisory
http://secunia.com/advisories/32222	Third Party Advisory
http://secunia.com/advisories/33410	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm	Third Party Advisory
http://www.ubuntu.com/usn/USN-712-1	Third Party Advisory
http://securityreason.com/securityalert/3951	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0617.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0580.html	Third Party Advisory
http://marc.info/?l=bugtraq&m=121494431426308&w=2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/10/15/1	Mailing List Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html	Third Party Advisory
http://secunia.com/advisories/34418	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0004.html	Third Party Advisory
http://www.vupen.com/english/advisories/2009/0904	Third Party Advisory
http://support.apple.com/kb/HT4077	Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html	Mailing List Third Party Advisory
http://www.vupen.com/english/advisories/2009/0033	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1851/references	Third Party Advisory
http://www.vupen.com/english/advisories/2008/2780	Third Party Advisory
http://secunia.com/advisories/32858	Third Party Advisory
http://secunia.com/advisories/32864	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0618.html	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43083	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109	Third Party Advisory
http://www.securityfocus.com/archive/1/502322/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/495319/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/493353/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/493352/100/0/threaded	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vim:vim::::::::
	cpe:2.3:a:vim:vim::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::

Information

Published : 2008-06-16 14:41

Updated : 2018-11-01 08:07

NVD link : CVE-2008-2712

Mitre link : CVE-2008-2712

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

canonical

ubuntu_linux

vim

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.rdancer.org/vulnerablevim.html", "name": "http://www.rdancer.org/vulnerablevim.html", "tags": ["Broken Link"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2008/06/16/2", "name": "[oss-security] 20080616 CVE Id request: vim", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://www.securityfocus.com/bid/29715", "name": "29715", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/30731", "name": "30731", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1020293", "name": "1020293", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "https://issues.rpath.com/browse/RPL-2622", "name": "https://issues.rpath.com/browse/RPL-2622", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0247", "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0247", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", "name": "APPLE-SA-2008-10-09", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "APPLE"}, {"url": "http://www.securityfocus.com/bid/31681", "name": "31681", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://support.apple.com/kb/HT3216", "name": "http://support.apple.com/kb/HT3216", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/32222", "name": "32222", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/33410", "name": "33410", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.ubuntu.com/usn/USN-712-1", "name": "USN-712-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://securityreason.com/securityalert/3951", "name": "3951", "tags": ["Third Party Advisory"], "refsource": "SREASON"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html", "name": "RHSA-2008:0617", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html", "name": "RHSA-2008:0580", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://marc.info/?l=bugtraq&m=121494431426308&w=2", "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1", "name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236", "name": "MDVSA-2008:236", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html", "name": "SUSE-SR:2009:007", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/34418", "name": "34418", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html", "name": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2009/0904", "name": "ADV-2009-0904", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://support.apple.com/kb/HT4077", "name": "http://support.apple.com/kb/HT4077", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "name": "APPLE-SA-2010-03-29-1", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "APPLE"}, {"url": "http://www.vupen.com/english/advisories/2009/0033", "name": "ADV-2009-0033", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2008/1851/references", "name": "ADV-2008-1851", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2008/2780", "name": "ADV-2008-2780", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/32858", "name": "32858", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32864", "name": "32864", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html", "name": "RHSA-2008:0618", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43083", "name": "vim-scripts-command-execution(43083)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238", "name": "oval:org.mitre.oval:def:6238", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109", "name": "oval:org.mitre.oval:def:11109", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded", "name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/495319/100/0/threaded", "name": "20080811 rPSA-2008-0247-1 gvim vim vim-minimal", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/493353/100/0/threaded", "name": "20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/493352/100/0/threaded", "name": "20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-2712", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2008-06-16T21:41Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.1.314", "versionStartIncluding": "7.0"}, {"cpe23Uri": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.4"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-11-01T15:07Z"}

9.3 /10