ID CVE-2007-2438
Summary The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. Successful exploitation requires that the "modelines" option is enabled and the user is tricked into opening a malicious file. The vendor has addressed this issue with the following patches: VIM Development Group VIM 7.0- VIM Development Group patch 7.0.234 ftp://ftp.vim.org/pub/vim/patches/7.0/7.0.234 VIM Development Group patch 7.0.235 ftp://ftp.vim.org/pub/vim/patches/7.0/7.0.235
References
Vulnerable Configurations
  • cpe:2.3:o:foresight_linux:foresight_linux:1.1:*:*:*:*:*:*:*
    cpe:2.3:o:foresight_linux:foresight_linux:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vim_development_group:vim:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:7.0:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 16-10-2018 - 16:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:22:59.219-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.
family unix
id oval:org.mitre.oval:def:9876
status accepted
submitted 2010-07-09T03:56:16-04:00
title The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.
version 18
redhat via4
advisories
bugzilla
id 238259
title CVE-2007-2438 vim-7 modeline security issue
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment vim-X11 is earlier than 2:7.0.109-3.el5.3
        oval oval:com.redhat.rhsa:tst:20070346006
      • comment vim-X11 is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070346007
    • AND
      • comment vim-common is earlier than 2:7.0.109-3.el5.3
        oval oval:com.redhat.rhsa:tst:20070346008
      • comment vim-common is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070346009
    • AND
      • comment vim-enhanced is earlier than 2:7.0.109-3.el5.3
        oval oval:com.redhat.rhsa:tst:20070346004
      • comment vim-enhanced is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070346005
    • AND
      • comment vim-minimal is earlier than 2:7.0.109-3.el5.3
        oval oval:com.redhat.rhsa:tst:20070346002
      • comment vim-minimal is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070346003
rhsa
id RHSA-2007:0346
released 2007-05-09
severity Moderate
title RHSA-2007:0346: vim security update (Moderate)
rpms
  • vim-X11-2:7.0.109-3.el5.3
  • vim-common-2:7.0.109-3.el5.3
  • vim-enhanced-2:7.0.109-3.el5.3
  • vim-minimal-2:7.0.109-3.el5.3
refmap via4
bid 23725
bugtraq 20070430 FLEA-2007-0014-1: vim
confirm
debian DSA-1364
mandriva MDKSA-2007:101
misc
mlist
  • [vim-dev] 20070426 feedkeys() allowed in sandbox
  • [vim-dev] 20070428 Re: feedkeys() allowed in sandbox
  • [vimannounce] 20070512 Stable Vim version 7.1 has been released
osvdb 36250
sectrack 1018035
secunia
  • 25024
  • 25159
  • 25182
  • 25255
  • 25367
  • 25432
  • 26653
suse SUSE-SR:2007:012
trustix 2007-0017
ubuntu USN-463-1
vim
  • 20070513 OMG VIM VULN
  • 20070823 vim editor duplicates / clarifications
vupen ADV-2007-1599
xf vim-feedkeyswritefile-command-execution(34012)
Last major update 16-10-2018 - 16:43
Published 02-05-2007 - 21:19
Back to Top