CVE-2008-4677

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately."

autoload/netrw.vim (también conocido como Netrw Plugin) v109, v131, y versiones anteriores a v133k para Vim v7.1.266, otras versiones v7.1 , y v7.2, guardan las credenciales de las sesiones FTP y envían estos datos al intentar establecer sesiones FTP posteriores a los servidores en diferentes host, lo que permite a los servidores FTP obtener información sensible en circunstancias oportunas mediante la validación con nombres de usuario y contraseñas. NOTA: el fabricante cuestiona un vector involucrando a distintos puertos en un mismo host afirmando que "Asumimos que están usando el mismo id y contraseña sobre el mismo servidor de manera intencionada".

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-10-22 CVE Reserved
2008-10-22 CVE Published
2023-03-07 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-255: Credentials Management Errors

CAPEC

References (15)

URL	Tag	Source
http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6	Mailing List
http://secunia.com/advisories/34418	Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/10/06/4	Mailing List
http://www.openwall.com/lists/oss-security/2008/10/16/2	Mailing List
http://www.openwall.com/lists/oss-security/2008/10/20/2	Mailing List
http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html	X_refsource_misc
http://www.securityfocus.com/archive/1/495432	Mailing List
http://www.securityfocus.com/archive/1/495436	Mailing List
http://www.securityfocus.com/bid/30670	Vdb Entry
http://www.vupen.com/english/advisories/2008/2379	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=461750	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/44419	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html	2017-08-08
http://secunia.com/advisories/31464	2017-08-08
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236	2017-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	109 Search vendor "Vim" for product "Netrw" and version "109"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	109 Search vendor "Vim" for product "Netrw" and version "109"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	109 Search vendor "Vim" for product "Netrw" and version "109"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	110 Search vendor "Vim" for product "Netrw" and version "110"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	110 Search vendor "Vim" for product "Netrw" and version "110"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	110 Search vendor "Vim" for product "Netrw" and version "110"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	111 Search vendor "Vim" for product "Netrw" and version "111"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	111 Search vendor "Vim" for product "Netrw" and version "111"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	111 Search vendor "Vim" for product "Netrw" and version "111"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	112 Search vendor "Vim" for product "Netrw" and version "112"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	112 Search vendor "Vim" for product "Netrw" and version "112"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	112 Search vendor "Vim" for product "Netrw" and version "112"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	113 Search vendor "Vim" for product "Netrw" and version "113"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	113 Search vendor "Vim" for product "Netrw" and version "113"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	113 Search vendor "Vim" for product "Netrw" and version "113"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	114 Search vendor "Vim" for product "Netrw" and version "114"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	114 Search vendor "Vim" for product "Netrw" and version "114"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	114 Search vendor "Vim" for product "Netrw" and version "114"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	115 Search vendor "Vim" for product "Netrw" and version "115"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	115 Search vendor "Vim" for product "Netrw" and version "115"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	115 Search vendor "Vim" for product "Netrw" and version "115"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	116 Search vendor "Vim" for product "Netrw" and version "116"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	116 Search vendor "Vim" for product "Netrw" and version "116"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	116 Search vendor "Vim" for product "Netrw" and version "116"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	118 Search vendor "Vim" for product "Netrw" and version "118"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	118 Search vendor "Vim" for product "Netrw" and version "118"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	118 Search vendor "Vim" for product "Netrw" and version "118"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	120 Search vendor "Vim" for product "Netrw" and version "120"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	120 Search vendor "Vim" for product "Netrw" and version "120"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	120 Search vendor "Vim" for product "Netrw" and version "120"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	121 Search vendor "Vim" for product "Netrw" and version "121"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	121 Search vendor "Vim" for product "Netrw" and version "121"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	121 Search vendor "Vim" for product "Netrw" and version "121"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	122 Search vendor "Vim" for product "Netrw" and version "122"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	122 Search vendor "Vim" for product "Netrw" and version "122"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	122 Search vendor "Vim" for product "Netrw" and version "122"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	123 Search vendor "Vim" for product "Netrw" and version "123"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	123 Search vendor "Vim" for product "Netrw" and version "123"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	123 Search vendor "Vim" for product "Netrw" and version "123"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	128 Search vendor "Vim" for product "Netrw" and version "128"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	128 Search vendor "Vim" for product "Netrw" and version "128"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	128 Search vendor "Vim" for product "Netrw" and version "128"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	131 Search vendor "Vim" for product "Netrw" and version "131"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1 Search vendor "Vim" for product "Vim" and version "7.1"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	131 Search vendor "Vim" for product "Netrw" and version "131"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.1.266 Search vendor "Vim" for product "Vim" and version "7.1.266"	-	Safe
Vim Search vendor "Vim"	Netrw Search vendor "Vim" for product "Netrw"	131 Search vendor "Vim" for product "Netrw" and version "131"	-	Affected	in	Vim Search vendor "Vim"	Vim Search vendor "Vim" for product "Vim"	7.2 Search vendor "Vim" for product "Vim" and version "7.2"	-	Safe