CVE-2008-2712

Current Description

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

Referenced by CVEs:CVE-2008-3074, CVE-2008-3075, CVE-2008-3076, CVE-2008-4101

Basic Data

PublishedJune 16, 2008
Last ModifiedNovember 01, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationVimVim********6.4
    2.3ApplicationVimVim********7.07.1.314
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux6.06***lts***
    2.3OSCanonicalUbuntu Linux7.10*******
    2.3OSCanonicalUbuntu Linux8.04***lts***
    2.3OSCanonicalUbuntu Linux8.10*******

Vulnerable Software List

VendorProductVersions
Canonical Ubuntu Linux 6.06, 7.10, 8.04, 8.10
Vim Vim *

References

NameSourceURLTags
APPLE-SA-2008-10-09http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlAPPLEMailing List Third Party Advisory
APPLE-SA-2010-03-29-1http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlAPPLEMailing List Third Party Advisory
SUSE-SR:2009:007http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlSUSEThird Party Advisory
20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1http://marc.info/?l=bugtraq&m=121494431426308&w=2BUGTRAQMailing List Third Party Advisory
30731http://secunia.com/advisories/30731SECUNIAThird Party Advisory
32222http://secunia.com/advisories/32222SECUNIAThird Party Advisory
32858http://secunia.com/advisories/32858SECUNIAThird Party Advisory
32864http://secunia.com/advisories/32864SECUNIAThird Party Advisory
33410http://secunia.com/advisories/33410SECUNIAThird Party Advisory
34418http://secunia.com/advisories/34418SECUNIAThird Party Advisory
3951http://securityreason.com/securityalert/3951SREASONThird Party Advisory
http://support.apple.com/kb/HT3216http://support.apple.com/kb/HT3216CONFIRMThird Party Advisory
http://support.apple.com/kb/HT4077http://support.apple.com/kb/HT4077CONFIRMThird Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htmhttp://support.avaya.com/elmodocs2/security/ASA-2008-457.htmCONFIRMThird Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htmhttp://support.avaya.com/elmodocs2/security/ASA-2009-001.htmCONFIRMThird Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0247http://wiki.rpath.com/Advisories:rPSA-2008-0247CONFIRMThird Party Advisory
MDVSA-2008:236http://www.mandriva.com/security/advisories?name=MDVSA-2008:236MANDRIVAThird Party Advisory
[oss-security] 20080616 CVE Id request: vimhttp://www.openwall.com/lists/oss-security/2008/06/16/2MLISTMailing List Third Party Advisory
[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075http://www.openwall.com/lists/oss-security/2008/10/15/1MLISTMailing List Third Party Advisory
http://www.rdancer.org/vulnerablevim.htmlhttp://www.rdancer.org/vulnerablevim.htmlMISCBroken Link
RHSA-2008:0580http://www.redhat.com/support/errata/RHSA-2008-0580.htmlREDHATThird Party Advisory
RHSA-2008:0617http://www.redhat.com/support/errata/RHSA-2008-0617.htmlREDHATThird Party Advisory
RHSA-2008:0618http://www.redhat.com/support/errata/RHSA-2008-0618.htmlREDHATThird Party Advisory
20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1http://www.securityfocus.com/archive/1/493352/100/0/threadedBUGTRAQThird Party Advisory VDB Entry
20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1http://www.securityfocus.com/archive/1/493353/100/0/threadedBUGTRAQThird Party Advisory VDB Entry
20080811 rPSA-2008-0247-1 gvim vim vim-minimalhttp://www.securityfocus.com/archive/1/495319/100/0/threadedBUGTRAQThird Party Advisory VDB Entry
20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vimhttp://www.securityfocus.com/archive/1/502322/100/0/threadedBUGTRAQThird Party Advisory VDB Entry
29715http://www.securityfocus.com/bid/29715BIDThird Party Advisory VDB Entry
31681http://www.securityfocus.com/bid/31681BIDThird Party Advisory VDB Entry
1020293http://www.securitytracker.com/id?1020293SECTRACKThird Party Advisory VDB Entry
USN-712-1http://www.ubuntu.com/usn/USN-712-1UBUNTUThird Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0004.htmlhttp://www.vmware.com/security/advisories/VMSA-2009-0004.htmlCONFIRMThird Party Advisory
ADV-2008-1851http://www.vupen.com/english/advisories/2008/1851/referencesVUPENThird Party Advisory
ADV-2008-2780http://www.vupen.com/english/advisories/2008/2780VUPENThird Party Advisory
ADV-2009-0033http://www.vupen.com/english/advisories/2009/0033VUPENThird Party Advisory
ADV-2009-0904http://www.vupen.com/english/advisories/2009/0904VUPENThird Party Advisory
vim-scripts-command-execution(43083)https://exchange.xforce.ibmcloud.com/vulnerabilities/43083XFThird Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-2622https://issues.rpath.com/browse/RPL-2622CONFIRMBroken Link
oval:org.mitre.oval:def:11109https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109OVALThird Party Advisory
oval:org.mitre.oval:def:6238https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238OVALThird Party Advisory