thr3ads.net - Secure testing team - [Secure-testing-team] Bug#506919: vim: multiple vulnerabilities (CVE-2008-3074, CVE-2008-3075, and CVE-2008-3076) [Nov 2008]

If this information is useful, please help other people find it:
Share via:

Michael S. Gilbert

2008-Nov-25 22:31 UTC

[Secure-testing-team] Bug#506919: vim: multiple vulnerabilities (CVE-2008-3074, CVE-2008-3075, and CVE-2008-3076)

Package: vim
Version: 1:7.0.109
Severity: grave
Tags: security
Justification: user security hole

redhat has just released an update that fixes multiple security flaws in
vim [1].  these issues are currently reserved in the CVE tracker, but
redhat describes the probems as:

  Multiple security flaws were found in netrw.vim, the Vim plug-in providing
  file reading and writing over the network. If a user opened a specially
  crafted file or directory with the netrw plug-in, it could result in
  arbitrary code execution as the user running Vim. (CVE-2008-3076)

  A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
  archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,
  it could result in arbitrary code execution as the user running Vim.
  (CVE-2008-3075)

  A security flaw was found in tar.vim, the Vim plug-in which handles TAR
  archive browsing. If a user opened a TAR archive using the tar.vim plug-in,
  it could result in arbitrary code execution as the user runnin Vim.
  (CVE-2008-3074)

versions affected are unclear from the redhat notice, but the problem at 
least applies to vim version 7.0.109, which they have fixed in rhel5.

thanks for working to keep debian secure.

[1] https://rhn.redhat.com/errata/RHSA-2008-0580.html

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, ''testing'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages vim depends on:
ii  libacl1               2.2.47-2           Access control list shared library
ii  libc6                 2.7-16             GNU C Library: Shared libraries
ii  libgpm2               1.20.4-3           General Purpose Mouse - shared lib
ii  libncurses5           5.6+20080830-1     shared libraries for terminal hand
ii  libselinux1           2.0.65-5           SELinux shared libraries
ii  vim-common            1:7.1.314-3+lenny2 Vi IMproved - Common files
ii  vim-runtime           1:7.1.314-3+lenny2 Vi IMproved - Runtime files

vim recommends no packages.

Versions of packages vim suggests:
pn  ctags                         <none>     (no description available)
pn  vim-doc                       <none>     (no description available)
pn  vim-scripts                   <none>     (no description available)

-- no debconf information

Secure testing team - Nov 2008 - Bug#506919: vim: multiple vulnerabilities (CVE-2008-3074, CVE-2008-3075, and CVE-2008-3076)

[Secure-testing-team] Bug#506919: vim: multiple vulnerabilities (CVE-2008-3074, CVE-2008-3075, and CVE-2008-3076)