ID CVE-2007-2438
Summary The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.
References
Vulnerable Configurations
  • cpe:2.3:o:foresight_linux:foresight_linux:1.1
    cpe:2.3:o:foresight_linux:foresight_linux:1.1
  • cpe:2.3:a:vim_development_group:vim:7.0
    cpe:2.3:a:vim_development_group:vim:7.0
CVSS
Base: 7.6 (as of 03-05-2007 - 10:04)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1364.NASL
    description Several vulnerabilities have been discovered in the vim editor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2953 Ulf Harnhammar discovered that a format string flaw in helptags_one() from src/ex_cmds.c (triggered through the 'helptags' command) can lead to the execution of arbitrary code. - CVE-2007-2438 Editors often provide a way to embed editor configuration commands (aka modelines) which are executed once a file is opened. Harmful commands are filtered by a sandbox mechanism. It was discovered that function calls to writefile(), feedkeys() and system() were not filtered, allowing shell command execution with a carefully crafted file opened in vim. This updated advisory repairs issues with missing files in the packages for the oldstable distribution (sarge) for the alpha, mips, and mipsel architectures.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25964
    published 2007-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25964
    title Debian DSA-1364-2 : vim - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_VIM-3410.NASL
    description Files with VIM modelines could call some unsafe VIM functions (CVE-2007-2438). Modelines are disabled in the default config (/etc/vimrc) of openSUSE though.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27474
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27474
    title openSUSE 10 Security Update : vim (vim-3410)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-463-1.NASL
    description Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines. By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28063
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28063
    title Ubuntu 6.10 / 7.04 : vim vulnerability (USN-463-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0346.NASL
    description From Red Hat Security Advisory 2007:0346 : Updated vim packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. VIM (VIsual editor iMproved) is a version of the vi editor. An arbitrary command execution flaw was found in the way VIM processes modelines. If a user with modelines enabled opened a text file containing a carefully crafted modeline, arbitrary commands could be executed as the user running VIM. (CVE-2007-2438) Users of VIM are advised to upgrade to these updated packages, which resolve this issue. Please note: this issue did not affect VIM as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67494
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67494
    title Oracle Linux 5 : vim (ELSA-2007-0346)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0346.NASL
    description Updated vim packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. VIM (VIsual editor iMproved) is a version of the vi editor. An arbitrary command execution flaw was found in the way VIM processes modelines. If a user with modelines enabled opened a text file containing a carefully crafted modeline, arbitrary commands could be executed as the user running VIM. (CVE-2007-2438) Users of VIM are advised to upgrade to these updated packages, which resolve this issue. Please note: this issue did not affect VIM as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25205
    published 2007-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25205
    title CentOS 5 : vim (CESA-2007:0346)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-101.NASL
    description A vulnerability in vim 7.0's modeline processing capabilities was discovered where a user with modelines enabled could open a text file containing a carefully crafted modeline, executing arbitrary commands as the user running vim. Updated packages have been patched to prevent this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25191
    published 2007-05-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25191
    title Mandrake Linux Security Advisory : vim (MDKSA-2007:101)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0346.NASL
    description Updated vim packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. VIM (VIsual editor iMproved) is a version of the vi editor. An arbitrary command execution flaw was found in the way VIM processes modelines. If a user with modelines enabled opened a text file containing a carefully crafted modeline, arbitrary commands could be executed as the user running VIM. (CVE-2007-2438) Users of VIM are advised to upgrade to these updated packages, which resolve this issue. Please note: this issue did not affect VIM as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25332
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25332
    title RHEL 5 : vim (RHSA-2007:0346)
oval via4
accepted 2013-04-29T04:22:59.219-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.
family unix
id oval:org.mitre.oval:def:9876
status accepted
submitted 2010-07-09T03:56:16-04:00
title The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.
version 18
redhat via4
advisories
bugzilla
id 238259
title CVE-2007-2438 vim-7 modeline security issue
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhsa:tst:20070055001
  • OR
    • AND
      • comment vim-X11 is earlier than 2:7.0.109-3.el5.3
        oval oval:com.redhat.rhsa:tst:20070346006
      • comment vim-X11 is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070346007
    • AND
      • comment vim-common is earlier than 2:7.0.109-3.el5.3
        oval oval:com.redhat.rhsa:tst:20070346008
      • comment vim-common is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070346009
    • AND
      • comment vim-enhanced is earlier than 2:7.0.109-3.el5.3
        oval oval:com.redhat.rhsa:tst:20070346004
      • comment vim-enhanced is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070346005
    • AND
      • comment vim-minimal is earlier than 2:7.0.109-3.el5.3
        oval oval:com.redhat.rhsa:tst:20070346002
      • comment vim-minimal is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070346003
rhsa
id RHSA-2007:0346
released 2007-05-09
severity Moderate
title RHSA-2007:0346: vim security update (Moderate)
rpms
  • vim-X11-2:7.0.109-3.el5.3
  • vim-common-2:7.0.109-3.el5.3
  • vim-enhanced-2:7.0.109-3.el5.3
  • vim-minimal-2:7.0.109-3.el5.3
refmap via4
bid 23725
bugtraq 20070430 FLEA-2007-0014-1: vim
confirm
debian DSA-1364
mandriva MDKSA-2007:101
misc
mlist
  • [vim-dev] 20070426 feedkeys() allowed in sandbox
  • [vim-dev] 20070428 Re: feedkeys() allowed in sandbox
  • [vimannounce] 20070512 Stable Vim version 7.1 has been released
osvdb 36250
sectrack 1018035
secunia
  • 25024
  • 25159
  • 25182
  • 25255
  • 25367
  • 25432
  • 26653
suse SUSE-SR:2007:012
trustix 2007-0017
ubuntu USN-463-1
vim
  • 20070513 OMG VIM VULN
  • 20070823 vim editor duplicates / clarifications
vupen ADV-2007-1599
xf vim-feedkeyswritefile-command-execution(34012)
Last major update 30-10-2012 - 22:34
Published 02-05-2007 - 17:19
Last modified 16-10-2018 - 12:43
Back to Top