CVE-2008-4101 : Détail

CVE-2008-4101

A03-Injection
0.29%V3
Network
2008-09-18
15h47 +00:00
2018-10-11
17h57 +00:00
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Informations sur l'Exploit

Exploit Database EDB-ID : 32289

Date de publication : 2008-08-18 22h00 +00:00
Auteur : Ben Schmidt
EDB Vérifié : Yes

source: https://www.securityfocus.com/bid/30795/info Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application. Versions prior to Vim 7.2.010 are vulnerable. Copy-and-paste these examples into separate files: ;xclock vim: set iskeyword=;,@ Place your cursor on ``xclock'', and press K. xclock appears. ;date>>pwned vim: set iskeyword=1-255 Place your cursor on ``date'' and press K. File ``pwned'' is created in the current working directory. Please note: If modeline processing is disabled, set the 'iskeyword' option manually.

Products Mentioned

Configuraton 0

Vim>>Vim >> Version To (including) 7.2

Vim>>Vim >> Version 3.0

    Vim>>Vim >> Version 4.0

      Vim>>Vim >> Version 5.0

        Vim>>Vim >> Version 5.1

          Vim>>Vim >> Version 5.2

            Vim>>Vim >> Version 5.3

              Vim>>Vim >> Version 5.4

                Vim>>Vim >> Version 5.5

                  Vim>>Vim >> Version 5.6

                  Vim>>Vim >> Version 5.7

                    Vim>>Vim >> Version 5.8

                      Vim>>Vim >> Version 6.0

                        Vim>>Vim >> Version 6.1

                        Vim>>Vim >> Version 6.2

                          Vim>>Vim >> Version 6.3

                          Vim>>Vim >> Version 6.4

                          Vim>>Vim >> Version 7.0

                          Vim>>Vim >> Version 7.1

                          Références

                          http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
                          Tags : mailing-list, x_refsource_MLIST
                          http://www.redhat.com/support/errata/RHSA-2008-0618.html
                          Tags : vendor-advisory, x_refsource_REDHAT
                          http://www.openwall.com/lists/oss-security/2008/09/16/5
                          Tags : mailing-list, x_refsource_MLIST
                          http://secunia.com/advisories/31592
                          Tags : third-party-advisory, x_refsource_SECUNIA
                          http://www.securityfocus.com/archive/1/495703
                          Tags : mailing-list, x_refsource_BUGTRAQ
                          http://www.ubuntu.com/usn/USN-712-1
                          Tags : vendor-advisory, x_refsource_UBUNTU
                          http://www.openwall.com/lists/oss-security/2008/09/11/4
                          Tags : mailing-list, x_refsource_MLIST
                          http://www.securityfocus.com/bid/31681
                          Tags : vdb-entry, x_refsource_BID
                          http://www.openwall.com/lists/oss-security/2008/09/16/6
                          Tags : mailing-list, x_refsource_MLIST
                          http://secunia.com/advisories/32858
                          Tags : third-party-advisory, x_refsource_SECUNIA
                          http://secunia.com/advisories/33410
                          Tags : third-party-advisory, x_refsource_SECUNIA
                          http://www.redhat.com/support/errata/RHSA-2008-0580.html
                          Tags : vendor-advisory, x_refsource_REDHAT
                          http://www.vupen.com/english/advisories/2009/0904
                          Tags : vdb-entry, x_refsource_VUPEN
                          http://www.vupen.com/english/advisories/2009/0033
                          Tags : vdb-entry, x_refsource_VUPEN
                          http://secunia.com/advisories/32222
                          Tags : third-party-advisory, x_refsource_SECUNIA
                          http://support.apple.com/kb/HT4077
                          Tags : x_refsource_CONFIRM
                          http://www.securityfocus.com/bid/30795
                          Tags : vdb-entry, x_refsource_BID
                          http://www.openwall.com/lists/oss-security/2008/09/11/3
                          Tags : mailing-list, x_refsource_MLIST
                          http://www.securityfocus.com/archive/1/495662
                          Tags : mailing-list, x_refsource_BUGTRAQ
                          http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
                          Tags : vendor-advisory, x_refsource_MANDRIVA
                          http://www.vupen.com/english/advisories/2008/2780
                          Tags : vdb-entry, x_refsource_VUPEN
                          http://secunia.com/advisories/32864
                          Tags : third-party-advisory, x_refsource_SECUNIA
                          http://support.apple.com/kb/HT3216
                          Tags : x_refsource_CONFIRM
                          http://www.redhat.com/support/errata/RHSA-2008-0617.html
                          Tags : vendor-advisory, x_refsource_REDHAT