Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2008-3074 (GCVE-0-2008-3074)
Vulnerability from cvelistv5
Published
2009-02-21 22:00
Modified
2024-08-07 09:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:35.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "32462",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32462"
},
{
"name": "oval:org.mitre.oval:def:10754",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754"
},
{
"name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
},
{
"name": "RHSA-2008:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rdancer.org/vulnerablevim-shellescape.html"
},
{
"name": "MDVSA-2008:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "32462",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32462"
},
{
"name": "oval:org.mitre.oval:def:10754",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754"
},
{
"name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
},
{
"name": "RHSA-2008:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rdancer.org/vulnerablevim-shellescape.html"
},
{
"name": "MDVSA-2008:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "http://www.rdancer.org/vulnerablevim.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "32462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32462"
},
{
"name": "oval:org.mitre.oval:def:10754",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754"
},
{
"name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
},
{
"name": "RHSA-2008:0580",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"name": "http://www.rdancer.org/vulnerablevim-shellescape.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim-shellescape.html"
},
{
"name": "MDVSA-2008:236",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=467428",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3074",
"datePublished": "2009-02-21T22:00:00",
"dateReserved": "2008-07-08T00:00:00",
"dateUpdated": "2024-08-07T09:21:35.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2008-3074\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-02-21T22:30:00.217\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \\\"!\\\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.\"},{\"lang\":\"es\",\"value\":\"La funcion shellescape en Vim desde v7.0 hasta v7.2, incluida la v7.2a.10, lo que permite a atacantes asistidos por el usuario ejecutar codigo a su eleccion a traves del metacaracter de linea de secuencia de comandos \\\"!\\\" (exclamacion) en (1) El nombre del fichero de un archi tar y posiblemente (2)el nombre del primer fichero de un archivo tar, el cual no es adecuadamente manejado por el plugin VIM TAR (tar.vim) v.10 hasta v.22, como quedo demostrado en los casos de prueba tarplugin.v2, tarplugin, y tarplugin.updated. NOTA: Estos datos tiene las mismas causas que CVE-2008-3075. NOTA: Debido a la complejidad de la revelaciones asociadad y la informacion incompleta relacionada con este hecho, es posible que existan inexactitudes en la descripcion de esta vulnerabilidad\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:tar.vim:v.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B487E3B-B247-4D72-B3AF-52D0ABEF0686\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:tar.vim:v.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE35C07E-621A-4106-A4E6-F60CD3AFFA08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:tar.vim:v.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F279ECB9-6CC8-4D0D-95B0-22754302873C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:tar.vim:v.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A0A3B1-789F-44B9-A96A-E7A89C1CF98A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:tar.vim:v.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C9F9C9C-4476-4A39-A08A-E6BC341876DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:tar.vim:v.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1514FE8-72B2-4766-963B-D5E1002F67E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:tar.vim:v.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB78E2BB-A45A-4379-A8FE-41ABC775EC1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:tar.vim:v.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24BD87B3-A388-4898-B433-E3553B9A3AD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:tar.vim:v.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF1FAF13-267E-4669-A379-AB31562452C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:tar.vim:v.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9B36F1A-C11D-4824-AB8E-261A07A18993\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:tar.vim:v.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFBD8B15-F906-47FA-87B3-19DABD821B13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:tar.vim:v.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A699C78-DF9C-4DC4-8DE4-0C03392D9690\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:tar.vim:v.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B01224-1A26-41C7-9191-CC14EDB2EA29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97CCAA40-55CE-4AB9-9268-AADA06E29B9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8C5B265-A7DD-4D24-864C-BF1FEEF8F138\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:7.1.266:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E9ABC5-442C-4693-8F86-A969AD89A0C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:7.1.314:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12BE4D12-2B98-4617-ADE2-6E71552306A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3613F5F4-9B8C-4020-8550-23310A41C85C\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34418\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:236\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/07/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/07/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/08/12\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/10/7\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/13/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/15/4\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/08/01/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/10/15/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/10/20/2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.rdancer.org/vulnerablevim-shellescape.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.rdancer.org/vulnerablevim.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0580.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/32462\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=467428\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:236\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/07/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/07/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/08/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/10/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/13/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/15/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/08/01/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/10/15/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/10/20/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.rdancer.org/vulnerablevim-shellescape.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.rdancer.org/vulnerablevim.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0580.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/32462\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=467428\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2008:0580
Vulnerability from csaf_redhat
Published
2008-11-25 08:41
Modified
2025-09-10 13:42
Summary
Red Hat Security Advisory: vim security update
Notes
Topic
Updated vim packages that fix security issues are now available for Red Hat
Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat
Security Response Team.
Details
Vim (Visual editor IMproved) is an updated and improved version of the vi
editor.
Several input sanitization flaws were found in Vim's keyword and tag
handling. If Vim looked up a document's maliciously crafted tag or keyword,
it was possible to execute arbitrary code as the user running Vim.
(CVE-2008-4101)
Multiple security flaws were found in netrw.vim, the Vim plug-in providing
file reading and writing over the network. If a user opened a specially
crafted file or directory with the netrw plug-in, it could result in
arbitrary code execution as the user running Vim. (CVE-2008-3076)
A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,
it could result in arbitrary code execution as the user running Vim.
(CVE-2008-3075)
A security flaw was found in tar.vim, the Vim plug-in which handles TAR
archive browsing. If a user opened a TAR archive using the tar.vim plug-in,
it could result in arbitrary code execution as the user runnin Vim.
(CVE-2008-3074)
Several input sanitization flaws were found in various Vim system
functions. If a user opened a specially crafted file, it was possible to
execute arbitrary code as the user running Vim. (CVE-2008-2712)
Ulf Härnhammar, of Secunia Research, discovered a format string flaw in
Vim's help tag processor. If a user was tricked into executing the
"helptags" command on malicious data, arbitrary code could be executed with
the permissions of the user running Vim. (CVE-2007-2953)
All Vim users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated vim packages that fix security issues are now available for Red Hat\nEnterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat\nSecurity Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim\u0027s keyword and tag\nhandling. If Vim looked up a document\u0027s maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\nVim\u0027s help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0580",
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "248542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248542"
},
{
"category": "external",
"summary": "451759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451759"
},
{
"category": "external",
"summary": "461927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
},
{
"category": "external",
"summary": "467428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"category": "external",
"summary": "467432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
},
{
"category": "external",
"summary": "467439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467439"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0580.json"
}
],
"title": "Red Hat Security Advisory: vim security update",
"tracking": {
"current_release_date": "2025-09-10T13:42:24+00:00",
"generator": {
"date": "2025-09-10T13:42:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2008:0580",
"initial_release_date": "2008-11-25T08:41:00+00:00",
"revision_history": [
{
"date": "2008-11-25T08:41:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-11-25T03:41:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:42:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-2:7.0.109-4.el5_2.4z.src",
"product": {
"name": "vim-2:7.0.109-4.el5_2.4z.src",
"product_id": "vim-2:7.0.109-4.el5_2.4z.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim@7.0.109-4.el5_2.4z?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-2:7.0.109-4.el5_2.4z.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-2:7.0.109-4.el5_2.4z.src"
},
"product_reference": "vim-2:7.0.109-4.el5_2.4z.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-2:7.0.109-4.el5_2.4z.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-2:7.0.109-4.el5_2.4z.src"
},
"product_reference": "vim-2:7.0.109-4.el5_2.4z.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-2953",
"discovery_date": "2007-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "248542"
}
],
"notes": [
{
"category": "description",
"text": "Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim format string flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248542\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-2953"
},
{
"category": "external",
"summary": "RHBZ#248542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2953"
}
],
"release_date": "2007-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vim format string flaw"
},
{
"cve": "CVE-2008-2712",
"discovery_date": "2008-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451759"
}
],
"notes": [
{
"category": "description",
"text": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: command execution via scripts not sanitizing inputs to execute and system",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2712"
},
{
"category": "external",
"summary": "RHBZ#451759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2712",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2712",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2712"
}
],
"release_date": "2008-06-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: command execution via scripts not sanitizing inputs to execute and system"
},
{
"cve": "CVE-2008-3074",
"discovery_date": "2008-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467428"
}
],
"notes": [
{
"category": "description",
"text": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: improper Implementation of shellescape() (arbitrary code execution)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3074"
},
{
"category": "external",
"summary": "RHBZ#467428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3074",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3074"
}
],
"release_date": "2008-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: improper Implementation of shellescape() (arbitrary code execution)"
},
{
"cve": "CVE-2008-3075",
"discovery_date": "2008-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467432"
}
],
"notes": [
{
"category": "description",
"text": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: improper Implementation of shellescape() (arbitrary code execution)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3075"
},
{
"category": "external",
"summary": "RHBZ#467432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3075",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3075"
}
],
"release_date": "2008-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: improper Implementation of shellescape() (arbitrary code execution)"
},
{
"cve": "CVE-2008-4101",
"discovery_date": "2008-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "461927"
}
],
"notes": [
{
"category": "description",
"text": "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: arbitrary code execution in commands: K, Control-], g]",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4101"
},
{
"category": "external",
"summary": "RHBZ#461927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4101",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4101",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4101"
}
],
"release_date": "2008-08-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: arbitrary code execution in commands: K, Control-], g]"
},
{
"cve": "CVE-2008-6235",
"discovery_date": "2008-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467439"
}
],
"notes": [
{
"category": "description",
"text": "The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) \"D\" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-6235"
},
{
"category": "external",
"summary": "RHBZ#467439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467439"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-6235",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-6235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6235"
}
],
"release_date": "2008-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution"
}
]
}
RHSA-2008:0580
Vulnerability from csaf_redhat
Published
2008-11-25 08:41
Modified
2025-09-10 13:42
Summary
Red Hat Security Advisory: vim security update
Notes
Topic
Updated vim packages that fix security issues are now available for Red Hat
Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat
Security Response Team.
Details
Vim (Visual editor IMproved) is an updated and improved version of the vi
editor.
Several input sanitization flaws were found in Vim's keyword and tag
handling. If Vim looked up a document's maliciously crafted tag or keyword,
it was possible to execute arbitrary code as the user running Vim.
(CVE-2008-4101)
Multiple security flaws were found in netrw.vim, the Vim plug-in providing
file reading and writing over the network. If a user opened a specially
crafted file or directory with the netrw plug-in, it could result in
arbitrary code execution as the user running Vim. (CVE-2008-3076)
A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,
it could result in arbitrary code execution as the user running Vim.
(CVE-2008-3075)
A security flaw was found in tar.vim, the Vim plug-in which handles TAR
archive browsing. If a user opened a TAR archive using the tar.vim plug-in,
it could result in arbitrary code execution as the user runnin Vim.
(CVE-2008-3074)
Several input sanitization flaws were found in various Vim system
functions. If a user opened a specially crafted file, it was possible to
execute arbitrary code as the user running Vim. (CVE-2008-2712)
Ulf Härnhammar, of Secunia Research, discovered a format string flaw in
Vim's help tag processor. If a user was tricked into executing the
"helptags" command on malicious data, arbitrary code could be executed with
the permissions of the user running Vim. (CVE-2007-2953)
All Vim users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated vim packages that fix security issues are now available for Red Hat\nEnterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat\nSecurity Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim\u0027s keyword and tag\nhandling. If Vim looked up a document\u0027s maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\nVim\u0027s help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0580",
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "248542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248542"
},
{
"category": "external",
"summary": "451759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451759"
},
{
"category": "external",
"summary": "461927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
},
{
"category": "external",
"summary": "467428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"category": "external",
"summary": "467432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
},
{
"category": "external",
"summary": "467439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467439"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0580.json"
}
],
"title": "Red Hat Security Advisory: vim security update",
"tracking": {
"current_release_date": "2025-09-10T13:42:24+00:00",
"generator": {
"date": "2025-09-10T13:42:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2008:0580",
"initial_release_date": "2008-11-25T08:41:00+00:00",
"revision_history": [
{
"date": "2008-11-25T08:41:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-11-25T03:41:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:42:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-2:7.0.109-4.el5_2.4z.src",
"product": {
"name": "vim-2:7.0.109-4.el5_2.4z.src",
"product_id": "vim-2:7.0.109-4.el5_2.4z.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim@7.0.109-4.el5_2.4z?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-2:7.0.109-4.el5_2.4z.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-2:7.0.109-4.el5_2.4z.src"
},
"product_reference": "vim-2:7.0.109-4.el5_2.4z.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-2:7.0.109-4.el5_2.4z.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-2:7.0.109-4.el5_2.4z.src"
},
"product_reference": "vim-2:7.0.109-4.el5_2.4z.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-2953",
"discovery_date": "2007-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "248542"
}
],
"notes": [
{
"category": "description",
"text": "Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim format string flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248542\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-2953"
},
{
"category": "external",
"summary": "RHBZ#248542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2953"
}
],
"release_date": "2007-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vim format string flaw"
},
{
"cve": "CVE-2008-2712",
"discovery_date": "2008-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451759"
}
],
"notes": [
{
"category": "description",
"text": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: command execution via scripts not sanitizing inputs to execute and system",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2712"
},
{
"category": "external",
"summary": "RHBZ#451759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2712",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2712",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2712"
}
],
"release_date": "2008-06-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: command execution via scripts not sanitizing inputs to execute and system"
},
{
"cve": "CVE-2008-3074",
"discovery_date": "2008-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467428"
}
],
"notes": [
{
"category": "description",
"text": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: improper Implementation of shellescape() (arbitrary code execution)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3074"
},
{
"category": "external",
"summary": "RHBZ#467428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3074",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3074"
}
],
"release_date": "2008-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: improper Implementation of shellescape() (arbitrary code execution)"
},
{
"cve": "CVE-2008-3075",
"discovery_date": "2008-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467432"
}
],
"notes": [
{
"category": "description",
"text": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: improper Implementation of shellescape() (arbitrary code execution)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3075"
},
{
"category": "external",
"summary": "RHBZ#467432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3075",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3075"
}
],
"release_date": "2008-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: improper Implementation of shellescape() (arbitrary code execution)"
},
{
"cve": "CVE-2008-4101",
"discovery_date": "2008-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "461927"
}
],
"notes": [
{
"category": "description",
"text": "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: arbitrary code execution in commands: K, Control-], g]",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4101"
},
{
"category": "external",
"summary": "RHBZ#461927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4101",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4101",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4101"
}
],
"release_date": "2008-08-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: arbitrary code execution in commands: K, Control-], g]"
},
{
"cve": "CVE-2008-6235",
"discovery_date": "2008-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467439"
}
],
"notes": [
{
"category": "description",
"text": "The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) \"D\" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-6235"
},
{
"category": "external",
"summary": "RHBZ#467439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467439"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-6235",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-6235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6235"
}
],
"release_date": "2008-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution"
}
]
}
rhsa-2008_0580
Vulnerability from csaf_redhat
Published
2008-11-25 08:41
Modified
2024-11-22 02:08
Summary
Red Hat Security Advisory: vim security update
Notes
Topic
Updated vim packages that fix security issues are now available for Red Hat
Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat
Security Response Team.
Details
Vim (Visual editor IMproved) is an updated and improved version of the vi
editor.
Several input sanitization flaws were found in Vim's keyword and tag
handling. If Vim looked up a document's maliciously crafted tag or keyword,
it was possible to execute arbitrary code as the user running Vim.
(CVE-2008-4101)
Multiple security flaws were found in netrw.vim, the Vim plug-in providing
file reading and writing over the network. If a user opened a specially
crafted file or directory with the netrw plug-in, it could result in
arbitrary code execution as the user running Vim. (CVE-2008-3076)
A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,
it could result in arbitrary code execution as the user running Vim.
(CVE-2008-3075)
A security flaw was found in tar.vim, the Vim plug-in which handles TAR
archive browsing. If a user opened a TAR archive using the tar.vim plug-in,
it could result in arbitrary code execution as the user runnin Vim.
(CVE-2008-3074)
Several input sanitization flaws were found in various Vim system
functions. If a user opened a specially crafted file, it was possible to
execute arbitrary code as the user running Vim. (CVE-2008-2712)
Ulf Härnhammar, of Secunia Research, discovered a format string flaw in
Vim's help tag processor. If a user was tricked into executing the
"helptags" command on malicious data, arbitrary code could be executed with
the permissions of the user running Vim. (CVE-2007-2953)
All Vim users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated vim packages that fix security issues are now available for Red Hat\nEnterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat\nSecurity Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim\u0027s keyword and tag\nhandling. If Vim looked up a document\u0027s maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\nVim\u0027s help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0580",
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "248542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248542"
},
{
"category": "external",
"summary": "451759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451759"
},
{
"category": "external",
"summary": "461927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
},
{
"category": "external",
"summary": "467428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"category": "external",
"summary": "467432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
},
{
"category": "external",
"summary": "467439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467439"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0580.json"
}
],
"title": "Red Hat Security Advisory: vim security update",
"tracking": {
"current_release_date": "2024-11-22T02:08:04+00:00",
"generator": {
"date": "2024-11-22T02:08:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2008:0580",
"initial_release_date": "2008-11-25T08:41:00+00:00",
"revision_history": [
{
"date": "2008-11-25T08:41:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-11-25T03:41:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:08:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-2:7.0.109-4.el5_2.4z.src",
"product": {
"name": "vim-2:7.0.109-4.el5_2.4z.src",
"product_id": "vim-2:7.0.109-4.el5_2.4z.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim@7.0.109-4.el5_2.4z?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"product": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"product_id": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-2:7.0.109-4.el5_2.4z.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-2:7.0.109-4.el5_2.4z.src"
},
"product_reference": "vim-2:7.0.109-4.el5_2.4z.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-2:7.0.109-4.el5_2.4z.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-2:7.0.109-4.el5_2.4z.src"
},
"product_reference": "vim-2:7.0.109-4.el5_2.4z.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
},
"product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-2953",
"discovery_date": "2007-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "248542"
}
],
"notes": [
{
"category": "description",
"text": "Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim format string flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248542\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-2953"
},
{
"category": "external",
"summary": "RHBZ#248542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2953"
}
],
"release_date": "2007-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vim format string flaw"
},
{
"cve": "CVE-2008-2712",
"discovery_date": "2008-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451759"
}
],
"notes": [
{
"category": "description",
"text": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: command execution via scripts not sanitizing inputs to execute and system",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2712"
},
{
"category": "external",
"summary": "RHBZ#451759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2712",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2712",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2712"
}
],
"release_date": "2008-06-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: command execution via scripts not sanitizing inputs to execute and system"
},
{
"cve": "CVE-2008-3074",
"discovery_date": "2008-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467428"
}
],
"notes": [
{
"category": "description",
"text": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: improper Implementation of shellescape() (arbitrary code execution)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3074"
},
{
"category": "external",
"summary": "RHBZ#467428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3074",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3074"
}
],
"release_date": "2008-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: improper Implementation of shellescape() (arbitrary code execution)"
},
{
"cve": "CVE-2008-3075",
"discovery_date": "2008-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467432"
}
],
"notes": [
{
"category": "description",
"text": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: improper Implementation of shellescape() (arbitrary code execution)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3075"
},
{
"category": "external",
"summary": "RHBZ#467432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3075",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3075"
}
],
"release_date": "2008-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: improper Implementation of shellescape() (arbitrary code execution)"
},
{
"cve": "CVE-2008-4101",
"discovery_date": "2008-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "461927"
}
],
"notes": [
{
"category": "description",
"text": "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: arbitrary code execution in commands: K, Control-], g]",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4101"
},
{
"category": "external",
"summary": "RHBZ#461927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4101",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4101",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4101"
}
],
"release_date": "2008-08-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: arbitrary code execution in commands: K, Control-], g]"
},
{
"cve": "CVE-2008-6235",
"discovery_date": "2008-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "467439"
}
],
"notes": [
{
"category": "description",
"text": "The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) \"D\" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-6235"
},
{
"category": "external",
"summary": "RHBZ#467439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467439"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-6235",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-6235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6235"
}
],
"release_date": "2008-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-25T08:41:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:vim-2:7.0.109-4.el5_2.4z.src",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-2:7.0.109-4.el5_2.4z.src",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
"5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0580"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution"
}
]
}
gsd-2008-3074
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2008-3074",
"description": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
"id": "GSD-2008-3074",
"references": [
"https://www.suse.com/security/cve/CVE-2008-3074.html",
"https://www.debian.org/security/2009/dsa-1733",
"https://access.redhat.com/errata/RHSA-2008:0580",
"https://linux.oracle.com/cve/CVE-2008-3074.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2008-3074"
],
"details": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
"id": "GSD-2008-3074",
"modified": "2023-12-13T01:23:05.587833Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "http://www.rdancer.org/vulnerablevim.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "32462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32462"
},
{
"name": "oval:org.mitre.oval:def:10754",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754"
},
{
"name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
},
{
"name": "RHSA-2008:0580",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"name": "http://www.rdancer.org/vulnerablevim-shellescape.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim-shellescape.html"
},
{
"name": "MDVSA-2008:236",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=467428",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vim:vim:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:tar.vim:v.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:tar.vim:v.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:tar.vim:v.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:tar.vim:v.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:tar.vim:v.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:tar.vim:v.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:vim:7.1.314:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:vim:7.1.266:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:tar.vim:v.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:tar.vim:v.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:tar.vim:v.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:tar.vim:v.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:tar.vim:v.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:tar.vim:v.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vim:tar.vim:v.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3074"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"name": "[oss-security] 20081020 CVE request (vim)",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
},
{
"name": "http://www.rdancer.org/vulnerablevim.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
},
{
"name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"name": "http://www.rdancer.org/vulnerablevim-shellescape.html",
"refsource": "MISC",
"tags": [],
"url": "http://www.rdancer.org/vulnerablevim-shellescape.html"
},
{
"name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
},
{
"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"name": "RHSA-2008:0580",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919",
"refsource": "CONFIRM",
"tags": [],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"name": "MDVSA-2008:236",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324",
"refsource": "CONFIRM",
"tags": [],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"name": "32462",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/32462"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=467428",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"name": "34418",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:10754",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-09-29T01:31Z",
"publishedDate": "2009-02-21T22:30Z"
}
}
}
ghsa-rj5h-39v8-hch3
Vulnerability from github
Published
2022-05-01 23:56
Modified
2022-05-01 23:56
VLAI Severity ?
Details
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
{
"affected": [],
"aliases": [
"CVE-2008-3074"
],
"database_specific": {
"cwe_ids": [
"CWE-78"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-02-21T22:30:00Z",
"severity": "HIGH"
},
"details": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
"id": "GHSA-rj5h-39v8-hch3",
"modified": "2022-05-01T23:56:22Z",
"published": "2022-05-01T23:56:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3074"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34418"
},
{
"type": "WEB",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"type": "WEB",
"url": "http://www.rdancer.org/vulnerablevim-shellescape.html"
},
{
"type": "WEB",
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/32462"
}
],
"schema_version": "1.4.0",
"severity": []
}
fkie_cve-2008-3074
Vulnerability from fkie_nvd
Published
2009-02-21 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vim | tar.vim | v.10 | |
| vim | tar.vim | v.11 | |
| vim | tar.vim | v.12 | |
| vim | tar.vim | v.13 | |
| vim | tar.vim | v.14 | |
| vim | tar.vim | v.15 | |
| vim | tar.vim | v.16 | |
| vim | tar.vim | v.17 | |
| vim | tar.vim | v.18 | |
| vim | tar.vim | v.19 | |
| vim | tar.vim | v.20 | |
| vim | tar.vim | v.21 | |
| vim | tar.vim | v.22 | |
| vim | vim | 7.0 | |
| vim | vim | 7.1 | |
| vim | vim | 7.1.266 | |
| vim | vim | 7.1.314 | |
| vim | vim | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vim:tar.vim:v.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2B487E3B-B247-4D72-B3AF-52D0ABEF0686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:tar.vim:v.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CE35C07E-621A-4106-A4E6-F60CD3AFFA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:tar.vim:v.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F279ECB9-6CC8-4D0D-95B0-22754302873C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:tar.vim:v.13:*:*:*:*:*:*:*",
"matchCriteriaId": "72A0A3B1-789F-44B9-A96A-E7A89C1CF98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:tar.vim:v.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9F9C9C-4476-4A39-A08A-E6BC341876DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:tar.vim:v.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E1514FE8-72B2-4766-963B-D5E1002F67E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:tar.vim:v.16:*:*:*:*:*:*:*",
"matchCriteriaId": "AB78E2BB-A45A-4379-A8FE-41ABC775EC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:tar.vim:v.17:*:*:*:*:*:*:*",
"matchCriteriaId": "24BD87B3-A388-4898-B433-E3553B9A3AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:tar.vim:v.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1FAF13-267E-4669-A379-AB31562452C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:tar.vim:v.19:*:*:*:*:*:*:*",
"matchCriteriaId": "F9B36F1A-C11D-4824-AB8E-261A07A18993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:tar.vim:v.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBD8B15-F906-47FA-87B3-19DABD821B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:tar.vim:v.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3A699C78-DF9C-4DC4-8DE4-0C03392D9690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:tar.vim:v.22:*:*:*:*:*:*:*",
"matchCriteriaId": "25B01224-1A26-41C7-9191-CC14EDB2EA29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97CCAA40-55CE-4AB9-9268-AADA06E29B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C5B265-A7DD-4D24-864C-BF1FEEF8F138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:vim:7.1.266:*:*:*:*:*:*:*",
"matchCriteriaId": "99E9ABC5-442C-4693-8F86-A969AD89A0C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:vim:7.1.314:*:*:*:*:*:*:*",
"matchCriteriaId": "12BE4D12-2B98-4617-ADE2-6E71552306A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:vim:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3613F5F4-9B8C-4020-8550-23310A41C85C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier."
},
{
"lang": "es",
"value": "La funcion shellescape en Vim desde v7.0 hasta v7.2, incluida la v7.2a.10, lo que permite a atacantes asistidos por el usuario ejecutar codigo a su eleccion a traves del metacaracter de linea de secuencia de comandos \"!\" (exclamacion) en (1) El nombre del fichero de un archi tar y posiblemente (2)el nombre del primer fichero de un archivo tar, el cual no es adecuadamente manejado por el plugin VIM TAR (tar.vim) v.10 hasta v.22, como quedo demostrado en los casos de prueba tarplugin.v2, tarplugin, y tarplugin.updated. NOTA: Estos datos tiene las mismas causas que CVE-2008-3075. NOTA: Debido a la complejidad de la revelaciones asociadad y la informacion incompleta relacionada con este hecho, es posible que existan inexactitudes en la descripcion de esta vulnerabilidad"
}
],
"id": "CVE-2008-3074",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-21T22:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34418"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.rdancer.org/vulnerablevim-shellescape.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32462"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.rdancer.org/vulnerablevim-shellescape.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.rdancer.org/vulnerablevim.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…