CVE-2008-4101

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2	Patch
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e	Exploit
http://www.openwall.com/lists/oss-security/2008/09/11/4
http://www.openwall.com/lists/oss-security/2008/09/16/5
http://ftp.vim.org/pub/vim/patches/7.2/7.2.010	Exploit
http://www.rdancer.org/vulnerablevim-K.html
http://www.openwall.com/lists/oss-security/2008/09/16/6
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=461927
http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
http://www.openwall.com/lists/oss-security/2008/09/11/3
http://www.securityfocus.com/bid/31681
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://support.apple.com/kb/HT3216
http://secunia.com/advisories/32222
http://secunia.com/advisories/33410
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
http://www.ubuntu.com/usn/USN-712-1
http://www.redhat.com/support/errata/RHSA-2008-0617.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
http://www.redhat.com/support/errata/RHSA-2008-0580.html
http://www.securityfocus.com/bid/30795
http://www.securityfocus.com/archive/1/495662
http://www.securityfocus.com/archive/1/495703
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
http://www.vupen.com/english/advisories/2009/0904
http://secunia.com/advisories/31592
http://support.apple.com/kb/HT4077
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://www.vupen.com/english/advisories/2009/0033
http://www.vupen.com/english/advisories/2008/2780
http://secunia.com/advisories/32858
http://secunia.com/advisories/32864
http://www.redhat.com/support/errata/RHSA-2008-0618.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894
http://www.securityfocus.com/archive/1/502322/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vim:vim:5.2:::::::*
	cpe:2.3:a:vim:vim:5.3:::::::*
	cpe:2.3:a:vim:vim:6.1:::::::*
	cpe:2.3:a:vim:vim:6.2:::::::*
	cpe:2.3:a:vim:vim:5.4:::::::*
	cpe:2.3:a:vim:vim:5.5:::::::*
	cpe:2.3:a:vim:vim:6.3:::::::*
	cpe:2.3:a:vim:vim:6.4:::::::*
	cpe:2.3:a:vim:vim:5.0:::::::*
	cpe:2.3:a:vim:vim:5.1:::::::*
	cpe:2.3:a:vim:vim:5.8:::::::*
	cpe:2.3:a:vim:vim:5.7:::::::*
	cpe:2.3:a:vim:vim:3.0:::::::*
	cpe:2.3:a:vim:vim:7.1:::::::*
	cpe:2.3:a:vim:vim:7.0:::::::*
	cpe:2.3:a:vim:vim::::::::
	cpe:2.3:a:vim:vim:6.0:::::::*
	cpe:2.3:a:vim:vim:5.6:::::::*
	cpe:2.3:a:vim:vim:4.0:::::::*

Information

Published : 2008-09-18 10:59

Updated : 2018-10-11 13:50

NVD link : CVE-2008-4101

Mitre link : CVE-2008-4101

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

vim

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2", "name": "http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2", "tags": ["Patch"], "refsource": "MISC"}, {"url": "http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e", "name": "http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2008/09/11/4", "name": "[oss-security] 20080911 Re: [oss-list] CVE request (vim)", "tags": [], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2008/09/16/5", "name": "[oss-security] 20080915 Re: [oss-list] CVE request (vim)", "tags": [], "refsource": "MLIST"}, {"url": "http://ftp.vim.org/pub/vim/patches/7.2/7.2.010", "name": "[vim-dev] 20080903 Patch 7.2.010", "tags": ["Exploit"], "refsource": "MLIST"}, {"url": "http://www.rdancer.org/vulnerablevim-K.html", "name": "http://www.rdancer.org/vulnerablevim-K.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2008/09/16/6", "name": "[oss-security] 20080915 Re: [oss-list] CVE request (vim)", "tags": [], "refsource": "MLIST"}, {"url": "http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33", "name": "[vim_dev] 20080824 Bug with v_K and potentially K command", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=461927", "tags": [], "refsource": "CONFIRM"}, {"url": "http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2", "name": "http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2008/09/11/3", "name": "[oss-security] 20080911 [oss-list] CVE request (vim)", "tags": [], "refsource": "MLIST"}, {"url": "http://www.securityfocus.com/bid/31681", "name": "31681", "tags": [], "refsource": "BID"}, {"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", "name": "APPLE-SA-2008-10-09", "tags": [], "refsource": "APPLE"}, {"url": "http://support.apple.com/kb/HT3216", "name": "http://support.apple.com/kb/HT3216", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/32222", "name": "32222", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/33410", "name": "33410", "tags": [], "refsource": "SECUNIA"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.ubuntu.com/usn/USN-712-1", "name": "USN-712-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html", "name": "RHSA-2008:0617", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236", "name": "MDVSA-2008:236", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html", "name": "RHSA-2008:0580", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/30795", "name": "30795", "tags": [], "refsource": "BID"}, {"url": "http://www.securityfocus.com/archive/1/495662", "name": "20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g]", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/495703", "name": "20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g]", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html", "name": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2009/0904", "name": "ADV-2009-0904", "tags": [], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/31592", "name": "31592", "tags": [], "refsource": "SECUNIA"}, {"url": "http://support.apple.com/kb/HT4077", "name": "http://support.apple.com/kb/HT4077", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "name": "APPLE-SA-2010-03-29-1", "tags": [], "refsource": "APPLE"}, {"url": "http://www.vupen.com/english/advisories/2009/0033", "name": "ADV-2009-0033", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2008/2780", "name": "ADV-2008-2780", "tags": [], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/32858", "name": "32858", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32864", "name": "32864", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html", "name": "RHSA-2008:0618", "tags": [], "refsource": "REDHAT"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44626", "name": "vim-normal-command-execution(44626)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812", "name": "oval:org.mitre.oval:def:5812", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894", "name": "oval:org.mitre.oval:def:10894", "tags": [], "refsource": "OVAL"}, {"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded", "name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-4101", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2008-09-18T17:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vim:vim:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.2"}, {"cpe23Uri": "cpe:2.3:a:vim:vim:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vim:vim:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-11T20:50Z"}

9.3 /10