ID CVE-2007-2953
Summary Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
References
Vulnerable Configurations
  • cpe:2.3:a:vim_development_group:vim:6.4
    cpe:2.3:a:vim_development_group:vim:6.4
  • cpe:2.3:a:vim_development_group:vim:7.0
    cpe:2.3:a:vim_development_group:vim:7.0
  • cpe:2.3:a:vim_development_group:vim:7.1
    cpe:2.3:a:vim_development_group:vim:7.1
  • cpe:2.3:a:vim_development_group:vim:7.1.38
    cpe:2.3:a:vim_development_group:vim:7.1.38
CVSS
Base: 6.8 (as of 31-07-2007 - 18:06)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1364.NASL
    description Several vulnerabilities have been discovered in the vim editor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2953 Ulf Harnhammar discovered that a format string flaw in helptags_one() from src/ex_cmds.c (triggered through the 'helptags' command) can lead to the execution of arbitrary code. - CVE-2007-2438 Editors often provide a way to embed editor configuration commands (aka modelines) which are executed once a file is opened. Harmful commands are filtered by a sandbox mechanism. It was discovered that function calls to writefile(), feedkeys() and system() were not filtered, allowing shell command execution with a carefully crafted file opened in vim. This updated advisory repairs issues with missing files in the packages for the oldstable distribution (sarge) for the alpha, mips, and mipsel architectures.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25964
    published 2007-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25964
    title Debian DSA-1364-2 : vim - several vulnerabilities
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2009-0004.NASL
    description a. Updated OpenSSL package for the Service Console fixes a security issue. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue. b. Update bind package for the Service Console fixes a security issue. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0025 to this issue. c. Updated vim package for the Service Console addresses several security issues. Several input flaws were found in Visual editor IMproved's (Vim) keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4101 to this issue. A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name, when opened by Vim causes the application to stop responding or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3432 to this issue. Several input flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2712 to this issue. A format string flaw was discovered in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running VIM. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2953 to this issue.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 40389
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40389
    title VMSA-2009-0004 : ESX Service Console updates for openssl, bind, and vim
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GVIM-4095.NASL
    description This update of Vim addresses a format-string bug in 'helptags'. This bug can be exploited to execute code with the privileges of the user running Vim. (CVE-2007-2953)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29456
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29456
    title SuSE 10 Security Update : vim and gvim (ZYPP Patch Number 4095)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11722.NASL
    description This update of Vim addresses a format-string bug in 'helptags'. This bug can be exploited to execute code with the privileges of the user running Vim. (CVE-2007-2953)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41148
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41148
    title SuSE9 Security Update : vim and gvim (YOU Patch Number 11722)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_1ED032223C6511DCB3D30016179B2DD5.NASL
    description A Secunia Advisory reports : A format string error in the 'helptags_one()' function in src/ex_cmds.c when running the 'helptags' command can be exploited to execute arbitrary code via specially crafted help files.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25802
    published 2007-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25802
    title FreeBSD : vim -- Command Format String Vulnerability (1ed03222-3c65-11dc-b3d3-0016179b2dd5)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-505-1.NASL
    description Ulf Harnhammar discovered that vim does not properly sanitise the 'helptags_one()' function when running the 'helptags' command. By tricking a user into running a crafted help file, a remote attacker could execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28109
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28109
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : vim vulnerability (USN-505-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-168.NASL
    description A format string vulnerability in the helptags support in vim allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file. Updated packages have been patched to prevent this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25945
    published 2007-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25945
    title Mandrake Linux Security Advisory : vim (MDKSA-2007:168)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GVIM-4092.NASL
    description This update of Vim addresses a format-string bug in 'helptags'. This bug can be exploited to execute code with the privileges of the user running Vim. (CVE-2007-2953)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27258
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27258
    title openSUSE 10 Security Update : gvim (gvim-4092)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0617.NASL
    description From Red Hat Security Advisory 2008:0617 : Updated vim packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67732
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67732
    title Oracle Linux 3 / 4 : vim (ELSA-2008-0617)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0617.NASL
    description Updated vim packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 37794
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37794
    title CentOS 3 / 4 : vim (CESA-2008:0617)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20081125_VIM_ON_SL3_X.NASL
    description Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) SL3 and SL4 Only: A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) SL5 Only: Multiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3076) SL5 Only: A security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075) SL5 Only: A security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf Härnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60500
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60500
    title Scientific Linux Security Update : vim on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0580.NASL
    description From Red Hat Security Advisory 2008:0580 : Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) Multiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3076) A security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075) A security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67722
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67722
    title Oracle Linux 5 : vim (ELSA-2008-0580)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0617.NASL
    description Updated vim packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 34954
    published 2008-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34954
    title RHEL 3 / 4 : vim (RHSA-2008:0617)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0580.NASL
    description Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) Multiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3076) A security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075) A security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 34953
    published 2008-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34953
    title RHEL 5 : vim (RHSA-2008:0580)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2009-0004_REMOTE.NASL
    description The remote VMware ESX host is missing a security-related patch. It is, therefore, is affected by multiple vulnerabilities : - A format string flaw exists in the Vim help tag processor in the helptags_one() function that allows a remote attacker to execute arbitrary code by tricking a user into executing the 'helptags' command on malicious help files. (CVE-2007-2953) - Multiple flaws exist in the Vim system functions due to a failure to sanitize user-supplied input. An attacker can exploit these to execute arbitrary code by tricking a user into opening a crafted file. (CVE-2008-2712) - A heap-based buffer overflow condition exists in the Vim mch_expand_wildcards() function. An attacker can exploit this, via shell metacharacters in a crafted file name, to execute arbitrary code. (CVE-2008-3432) - Multiple flaws exist in Vim keyword and tag handling due to improper handling of escape characters. An attacker can exploit this, via a crafted document, to execute arbitrary shell commands or Ex commands. (CVE-2008-4101) - A security bypass vulnerability exists in OpenSSL due to a failure to properly check the return value from the EVP_VerifyFinal() function. A remote attacker can exploit this, via a malformed SSL/TLS signature for DSA and ECDSA keys, to bypass the validation of the certificate chain. (CVE-2008-5077) - A security bypass vulnerability exists in BIND due to a failure to properly check the return value from the OpenSSL DSA_verify() function. A remote attacker can exploit this, via a malformed SSL/TLS signature, to bypass the validation of the certificate chain on those systems using DNSSEC. (CVE-2009-0025)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89112
    published 2016-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89112
    title VMware ESX Multiple Vulnerabilities (VMSA-2009-0004) (remote check)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0580.NASL
    description Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) Multiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3076) A security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075) A security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43697
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43697
    title CentOS 5 : vim (CESA-2008:0580)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-236.NASL
    description Several vulnerabilities were found in the vim editor : A number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712). Ulf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953). A flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074). A flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075). A number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076). A number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101). A vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677). This update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes. Update : The previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 36821
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36821
    title Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)
oval via4
  • accepted 2013-04-29T04:14:40.356-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
    family unix
    id oval:org.mitre.oval:def:11549
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
    version 24
  • accepted 2009-11-30T04:00:45.365-05:00
    class vulnerability
    contributors
    • name Michael Wood
      organization Hewlett-Packard
    • name Michael Wood
      organization Hewlett-Packard
    definition_extensions
    • comment VMWare ESX Server 3.0.3 is installed
      oval oval:org.mitre.oval:def:6026
    • comment VMWare ESX Server 3.0.2 is installed
      oval oval:org.mitre.oval:def:5613
    • comment VMware ESX Server 3.5.0 is installed
      oval oval:org.mitre.oval:def:5887
    description Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
    family unix
    id oval:org.mitre.oval:def:6463
    status accepted
    submitted 2009-09-23T15:39:02.000-04:00
    title Vim HelpTags Command Remote Format String Vulnerability
    version 3
redhat via4
advisories
  • rhsa
    id RHSA-2008:0580
  • rhsa
    id RHSA-2008:0617
rpms
  • vim-X11-2:7.0.109-4.el5_2.4z
  • vim-common-2:7.0.109-4.el5_2.4z
  • vim-enhanced-2:7.0.109-4.el5_2.4z
  • vim-minimal-2:7.0.109-4.el5_2.4z
  • vim-X11-1:6.3.046-0.30E.11
  • vim-common-1:6.3.046-0.30E.11
  • vim-enhanced-1:6.3.046-0.30E.11
  • vim-minimal-1:6.3.046-0.30E.11
  • vim-X11-1:6.3.046-1.el4_7.5z
  • vim-common-1:6.3.046-1.el4_7.5z
  • vim-enhanced-1:6.3.046-1.el4_7.5z
  • vim-minimal-1:6.3.046-1.el4_7.5z
refmap via4
bid 25095
bugtraq
  • 20070730 FLEA-2007-0036-1 vim vim-minimal gvim
  • 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim
confirm
debian DSA-1364
mandriva
  • MDKSA-2007:168
  • MDVSA-2008:236
misc http://secunia.com/secunia_research/2007-66/advisory/
secunia
  • 25941
  • 26285
  • 26522
  • 26594
  • 26653
  • 26674
  • 26822
  • 32858
  • 33410
suse SUSE-SR:2007:018
trustix 2007-0026
ubuntu USN-505-1
vim 20070823 vim editor duplicates / clarifications
vupen
  • ADV-2007-2687
  • ADV-2009-0033
  • ADV-2009-0904
xf vim-helptagsone-code-execution(35655)
statements via4
contributor Joshua Bressers
lastmodified 2007-08-06
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248542 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Last major update 30-10-2012 - 22:36
Published 31-07-2007 - 06:17
Last modified 16-10-2018 - 12:46
Back to Top