CVE-2007-2438 – vim-7 modeline security issue
https://notcve.org/view.php?id=CVE-2007-2438
The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. El sandbox para el vim permite funciones peligrosas como (1) writefile, (2) feedkeys, y (3) system, lo que permite a atacantes con la intervención del usuario la ejecución de comandos shell y escribir ficheros a través de modelines. • http://attrition.org/pipermail/vim/2007-May/001614.html http://marc.info/?l=vim-dev&m=117762581821298&w=2 http://marc.info/?l=vim-dev&m=117778983714029&w=2 http://osvdb.org/36250 http://secunia.com/advisories/25024 http://secunia.com/advisories/25159 http://secunia.com/advisories/25182 http://secunia.com/advisories/25255 http://secunia.com/advisories/25367 http://secunia.com/advisories/25432 http://secunia.com/advisories/26653 http://tech.groups.yahoo.com •
CVE-2005-2368
https://notcve.org/view.php?id=CVE-2005-2368
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels. vim 6.3 anterior a la 6.3.082, con "modelines" habilitado, permite que atacantes remotos con la implicación del usuario que ejecuten comandos arbitrarios mediante metacaracteres de shell en los comandos "glob" o "expand" de una expresión "foldexpr". • http://lists.grok.org.uk/pipermail/full-disclosure/2005-July/035402.html http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html http://www.redhat.com/support/errata/RHSA-2005-745.html http://www.securityfocus.com/bid/14374 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11302 https://access.redhat.com/security/cve/CVE-2005-2368 https://bugzilla.redhat.com/show_bug.cgi?id=1617715 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2005-0069
https://notcve.org/view.php?id=CVE-2005-0069
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files. • http://marc.info/?l=bugtraq&m=110608387001863&w=2 http://secunia.com/advisories/13841 http://securitytracker.com/id?1012938 http://www.redhat.com/support/errata/RHSA-2005-036.html http://www.redhat.com/support/errata/RHSA-2005-122.html https://bugzilla.fedora.us/show_bug.cgi?id=2343 https://exchange.xforce.ibmcloud.com/vulnerabilities/18870 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9402 https://access.redhat.com/security/cve/CVE-2005- •
CVE-2004-1138
https://notcve.org/view.php?id=CVE-2004-1138
VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. • http://marc.info/?l=bugtraq&m=110313588125609&w=2 http://www.gentoo.org/security/en/glsa/glsa-200412-10.xml http://www.redhat.com/support/errata/RHSA-2005-010.html http://www.redhat.com/support/errata/RHSA-2005-036.html https://bugzilla.fedora.us/show_bug.cgi?id=2343 https://exchange.xforce.ibmcloud.com/vulnerabilities/18503 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9571 https://access.redhat.com/security/cve/CVE-2004-1138 https:& •
CVE-2002-1377
https://notcve.org/view.php?id=CVE-2002-1377
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. vim 6.0 y 6.1 y posiblemente otras versiones, permite a atacantes ejecutar comandos arbitrarios usando la característica libcall en lineas de modo, que no son apantalladas si no que pueden ser ejecutadas cuando vim es usado como editor para otros productos como mutt. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812 http://lists.grok.org.uk/pipermail/full-disclosure/2002-December/002948.html http://marc.info/?l=bugtraq&m=108077992208690&w=2 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700 http://www.guninski.com/vim1.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:012 http://www.redhat.com/support/errata/RHSA-2002-297.html http://www.redhat.com/support/errata/RHSA-2002-302.html http: •