Vulnerability Bulletins

int(1776)

Vulnerability Bulletins

Ejecución remota de código en vim
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	vim 6.3 < 6.3.082
Description
Se ha descubierto una vulnerabilidad en vim. La vulnerabilidad reside en la forma en la que se procesan las modelines. La explotación de esta vulnerabilidad podría permitir a atacantes remotos ejecutar código arbitrario mediante la construcción de ficheros de texto con modelines especialmente diseñadas. Es necesario que el usuario tenga modelines activadas para que se produzca esta situación.
Solution
Actualización de software Mandriva Linux Mandrakelinux 10.0/X86 10.0/RPMS/vim-X11-6.2-14.4.100mdk.i586.rpm 10.0/RPMS/vim-common-6.2-14.4.100mdk.i586.rpm 10.0/RPMS/vim-enhanced-6.2-14.4.100mdk.i586.rpm 10.0/RPMS/vim-minimal-6.2-14.4.100mdk.i586.rpm 10.0/SRPMS/vim-6.2-14.4.100mdk.src.rpm Mandrakelinux 10.0/AMD64 amd64/10.0/RPMS/vim-X11-6.2-14.4.100mdk.amd64.rpm amd64/10.0/RPMS/vim-common-6.2-14.4.100mdk.amd64.rpm amd64/10.0/RPMS/vim-enhanced-6.2-14.4.100mdk.amd64.rpm amd64/10.0/RPMS/vim-minimal-6.2-14.4.100mdk.amd64.rpm amd64/10.0/SRPMS/vim-6.2-14.4.100mdk.src.rpm Mandrakelinux 10.1/X86 10.1/RPMS/vim-X11-6.3-5.4.101mdk.i586.rpm 10.1/RPMS/vim-common-6.3-5.4.101mdk.i586.rpm 10.1/RPMS/vim-enhanced-6.3-5.4.101mdk.i586.rpm 10.1/RPMS/vim-minimal-6.3-5.4.101mdk.i586.rpm 10.1/SRPMS/vim-6.3-5.4.101mdk.src.rpm Mandrakelinux 10.1/X86_64 x86_64/10.1/RPMS/vim-X11-6.3-5.4.101mdk.x86_64.rpm x86_64/10.1/RPMS/vim-common-6.3-5.4.101mdk.x86_64.rpm x86_64/10.1/RPMS/vim-enhanced-6.3-5.4.101mdk.x86_64.rpm x86_64/10.1/RPMS/vim-minimal-6.3-5.4.101mdk.x86_64.rpm x86_64/10.1/SRPMS/vim-6.3-5.4.101mdk.src.rpm Corporate Server 2.1/X86 corporate/2.1/RPMS/vim-X11-6.1-34.5.C21mdk.i586.rpm corporate/2.1/RPMS/vim-common-6.1-34.5.C21mdk.i586.rpm corporate/2.1/RPMS/vim-enhanced-6.1-34.5.C21mdk.i586.rpm corporate/2.1/RPMS/vim-minimal-6.1-34.5.C21mdk.i586.rpm corporate/2.1/SRPMS/vim-6.1-34.5.C21mdk.src.rpm Corporate Server 2.1/X86_64 x86_64/corporate/2.1/RPMS/vim-X11-6.1-34.5.C21mdk.x86_64.rpm x86_64/corporate/2.1/RPMS/vim-common-6.1-34.5.C21mdk.x86_64.rpm x86_64/corporate/2.1/RPMS/vim-enhanced-6.1-34.5.C21mdk.x86_64.rpm x86_64/corporate/2.1/RPMS/vim-minimal-6.1-34.5.C21mdk.x86_64.rpm x86_64/corporate/2.1/SRPMS/vim-6.1-34.5.C21mdk.src.rpm Corporate Server 3.0/X86 corporate/3.0/RPMS/vim-X11-6.2-14.4.C30mdk.i586.rpm corporate/3.0/RPMS/vim-common-6.2-14.4.C30mdk.i586.rpm corporate/3.0/RPMS/vim-enhanced-6.2-14.4.C30mdk.i586.rpm corporate/3.0/RPMS/vim-minimal-6.2-14.4.C30mdk.i586.rpm corporate/3.0/SRPMS/vim-6.2-14.4.C30mdk.src.rpm Corporate Server 3.0/X86_64 x86_64/corporate/3.0/RPMS/vim-X11-6.2-14.4.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/vim-common-6.2-14.4.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/vim-enhanced-6.2-14.4.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/vim-minimal-6.2-14.4.C30mdk.x86_64.rpm x86_64/corporate/3.0/SRPMS/vim-6.2-14.4.C30mdk.src.rpm Multi Network Firewall 2.0/X86 mnf/2.0/RPMS/vim-common-6.2-14.4.M20mdk.i586.rpm mnf/2.0/RPMS/vim-enhanced-6.2-14.4.M20mdk.i586.rpm mnf/2.0/RPMS/vim-minimal-6.2-14.4.M20mdk.i586.rpm mnf/2.0/SRPMS/vim-6.2-14.4.M20mdk.src.rpm Mandrivalinux LE2005/X86 10.2/RPMS/vim-X11-6.3-12.1.102mdk.i586.rpm 10.2/RPMS/vim-common-6.3-12.1.102mdk.i586.rpm 10.2/RPMS/vim-enhanced-6.3-12.1.102mdk.i586.rpm 10.2/RPMS/vim-minimal-6.3-12.1.102mdk.i586.rpm 10.2/SRPMS/vim-6.3-12.1.102mdk.src.rpm Mandrivalinux LE2005/X86_64 x86_64/10.2/RPMS/vim-X11-6.3-12.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/vim-common-6.3-12.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/vim-enhanced-6.3-12.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/vim-minimal-6.3-12.1.102mdk.x86_64.rpm x86_64/10.2/SRPMS/vim-6.3-12.1.102mdk.src.rpm Red Hat Linux Red Hat Desktop (v. 3)/SRPMS vim-6.3.046-0.30E.4.src.rpm Red Hat Desktop (v. 3)/IA-32 vim-X11-6.3.046-0.30E.4.i386.rpm vim-common-6.3.046-0.30E.4.i386.rpm vim-enhanced-6.3.046-0.30E.4.i386.rpm vim-minimal-6.3.046-0.30E.4.i386.rpm Red Hat Desktop (v. 3)/X86_64 vim-X11-6.3.046-0.30E.4.x86_64.rpm vim-common-6.3.046-0.30E.4.x86_64.rpm vim-enhanced-6.3.046-0.30E.4.x86_64.rpm vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Desktop (v. 4)/SRPMS vim-6.3.046-0.40E.7.src.rpm Red Hat Desktop (v. 4)/IA-32 vim-X11-6.3.046-0.40E.7.i386.rpm vim-common-6.3.046-0.40E.7.i386.rpm vim-enhanced-6.3.046-0.40E.7.i386.rpm vim-minimal-6.3.046-0.40E.7.i386.rpm Red Hat Desktop (v. 4)/x86_64 vim-X11-6.3.046-0.40E.7.x86_64.rpm vim-common-6.3.046-0.40E.7.x86_64.rpm vim-enhanced-6.3.046-0.40E.7.x86_64.rpm vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Enterprise Linux AS (v. 2.1)/SRPMS vim-6.0-7.22.src.rpm Red Hat Enterprise Linux AS (v. 2.1)/IA-32 vim-X11-6.0-7.22.i386.rpm vim-common-6.0-7.22.i386.rpm vim-enhanced-6.0-7.22.i386.rpm vim-minimal-6.0-7.22.i386.rpm Red Hat Enterprise Linux AS (v. 2.1)/IA-64 vim-X11-6.0-7.22.ia64.rpm vim-common-6.0-7.22.ia64.rpm vim-enhanced-6.0-7.22.ia64.rpm vim-minimal-6.0-7.22.ia64.rpm Red Hat Enterprise Linux AS (v. 3)/SRPMS vim-6.3.046-0.30E.4.src.rpm Red Hat Enterprise Linux AS (v. 3)/IA-32 vim-X11-6.3.046-0.30E.4.i386.rpm vim-common-6.3.046-0.30E.4.i386.rpm vim-enhanced-6.3.046-0.30E.4.i386.rpm vim-minimal-6.3.046-0.30E.4.i386.rpm Red Hat Enterprise Linux AS (v. 3)/IA-64 vim-X11-6.3.046-0.30E.4.ia64.rpm vim-common-6.3.046-0.30E.4.ia64.rpm vim-enhanced-6.3.046-0.30E.4.ia64.rpm vim-minimal-6.3.046-0.30E.4.ia64.rpm Red Hat Enterprise Linux AS (v. 3)/PPC vim-X11-6.3.046-0.30E.4.ppc.rpm vim-common-6.3.046-0.30E.4.ppc.rpm vim-enhanced-6.3.046-0.30E.4.ppc.rpm vim-minimal-6.3.046-0.30E.4.ppc.rpm Red Hat Enterprise Linux AS (v. 3)/s390 vim-X11-6.3.046-0.30E.4.s390.rpm vim-common-6.3.046-0.30E.4.s390.rpm vim-enhanced-6.3.046-0.30E.4.s390.rpm vim-minimal-6.3.046-0.30E.4.s390.rpm Red Hat Enterprise Linux AS (v. 3)/s390x vim-X11-6.3.046-0.30E.4.s390x.rpm vim-common-6.3.046-0.30E.4.s390x.rpm vim-enhanced-6.3.046-0.30E.4.s390x.rpm vim-minimal-6.3.046-0.30E.4.s390x.rpm Red Hat Enterprise Linux AS (v. 3)/x86_64 vim-X11-6.3.046-0.30E.4.x86_64.rpm vim-common-6.3.046-0.30E.4.x86_64.rpm vim-enhanced-6.3.046-0.30E.4.x86_64.rpm vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Enterprise Linux AS (v. 4)/SRPMS vim-6.3.046-0.40E.7.src.rpm Red Hat Enterprise Linux AS (v. 4)/IA-32 vim-X11-6.3.046-0.40E.7.i386.rpm vim-common-6.3.046-0.40E.7.i386.rpm vim-enhanced-6.3.046-0.40E.7.i386.rpm vim-minimal-6.3.046-0.40E.7.i386.rpm Red Hat Enterprise Linux AS (v. 4)/IA-64 vim-X11-6.3.046-0.40E.7.ia64.rpm vim-common-6.3.046-0.40E.7.ia64.rpm vim-enhanced-6.3.046-0.40E.7.ia64.rpm vim-minimal-6.3.046-0.40E.7.ia64.rpm Red Hat Enterprise Linux AS (v. 4)/PPC vim-X11-6.3.046-0.40E.7.ppc.rpm vim-common-6.3.046-0.40E.7.ppc.rpm vim-enhanced-6.3.046-0.40E.7.ppc.rpm vim-minimal-6.3.046-0.40E.7.ppc.rpm Red Hat Enterprise Linux AS (v. 4)/s390 vim-X11-6.3.046-0.40E.7.s390.rpm vim-common-6.3.046-0.40E.7.s390.rpm vim-enhanced-6.3.046-0.40E.7.s390.rpm vim-minimal-6.3.046-0.40E.7.s390.rpm Red Hat Enterprise Linux AS (v. 4)/390x vim-X11-6.3.046-0.40E.7.s390x.rpm vim-common-6.3.046-0.40E.7.s390x.rpm vim-enhanced-6.3.046-0.40E.7.s390x.rpm vim-minimal-6.3.046-0.40E.7.s390x.rpm Red Hat Enterprise Linux AS (v. 4)/x86_64 vim-X11-6.3.046-0.40E.7.x86_64.rpm vim-common-6.3.046-0.40E.7.x86_64.rpm vim-enhanced-6.3.046-0.40E.7.x86_64.rpm vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Enterprise Linux ES (v. 2.1)/SRPMS vim-6.0-7.22.src.rpm Red Hat Enterprise Linux ES (v. 2.1)/IA-32 vim-X11-6.0-7.22.i386.rpm vim-common-6.0-7.22.i386.rpm vim-enhanced-6.0-7.22.i386.rpm vim-minimal-6.0-7.22.i386.rpm Red Hat Enterprise Linux ES (v. 3)/SRPMS vim-6.3.046-0.30E.4.src.rpm Red Hat Enterprise Linux ES (v. 3)/IA-32 vim-X11-6.3.046-0.30E.4.i386.rpm vim-common-6.3.046-0.30E.4.i386.rpm vim-enhanced-6.3.046-0.30E.4.i386.rpm vim-minimal-6.3.046-0.30E.4.i386.rpm Red Hat Enterprise Linux ES (v. 3)/IA-64 vim-X11-6.3.046-0.30E.4.ia64.rpm vim-common-6.3.046-0.30E.4.ia64.rpm vim-enhanced-6.3.046-0.30E.4.ia64.rpm vim-minimal-6.3.046-0.30E.4.ia64.rpm Red Hat Enterprise Linux ES (v. 3)/x86_64 vim-X11-6.3.046-0.30E.4.x86_64.rpm vim-common-6.3.046-0.30E.4.x86_64.rpm vim-enhanced-6.3.046-0.30E.4.x86_64.rpm vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4)/SRPMS vim-6.3.046-0.40E.7.src.rpm Red Hat Enterprise Linux ES (v. 4)/IA-32 vim-X11-6.3.046-0.40E.7.i386.rpm vim-common-6.3.046-0.40E.7.i386.rpm vim-enhanced-6.3.046-0.40E.7.i386.rpm vim-minimal-6.3.046-0.40E.7.i386.rpm Red Hat Enterprise Linux ES (v. 4)/IA-64 vim-X11-6.3.046-0.40E.7.ia64.rpm vim-common-6.3.046-0.40E.7.ia64.rpm vim-enhanced-6.3.046-0.40E.7.ia64.rpm vim-minimal-6.3.046-0.40E.7.ia64.rpm Red Hat Enterprise Linux ES (v. 4)/x86_64 vim-X11-6.3.046-0.40E.7.x86_64.rpm vim-common-6.3.046-0.40E.7.x86_64.rpm vim-enhanced-6.3.046-0.40E.7.x86_64.rpm vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Enterprise Linux WS (v. 2.1)/SRPMS vim-6.0-7.22.src.rpm Red Hat Enterprise Linux WS (v. 2.1)/IA-32 vim-X11-6.0-7.22.i386.rpm vim-common-6.0-7.22.i386.rpm vim-enhanced-6.0-7.22.i386.rpm vim-minimal-6.0-7.22.i386.rpm Red Hat Enterprise Linux WS (v. 3)/SRPMS vim-6.3.046-0.30E.4.src.rpm Red Hat Enterprise Linux WS (v. 3)/IA-32 vim-X11-6.3.046-0.30E.4.i386.rpm vim-common-6.3.046-0.30E.4.i386.rpm vim-enhanced-6.3.046-0.30E.4.i386.rpm vim-minimal-6.3.046-0.30E.4.i386.rpm Red Hat Enterprise Linux WS (v. 3)/IA-64 vim-X11-6.3.046-0.30E.4.ia64.rpm vim-common-6.3.046-0.30E.4.ia64.rpm vim-enhanced-6.3.046-0.30E.4.ia64.rpm vim-minimal-6.3.046-0.30E.4.ia64.rpm Red Hat Enterprise Linux WS (v. 3)/x86_64 vim-X11-6.3.046-0.30E.4.x86_64.rpm vim-common-6.3.046-0.30E.4.x86_64.rpm vim-enhanced-6.3.046-0.30E.4.x86_64.rpm vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Enterprise Linux WS (v. 4)/SRPMS vim-6.3.046-0.40E.7.src.rpm Red Hat Enterprise Linux WS (v. 4)/IA-32 vim-X11-6.3.046-0.40E.7.i386.rpm vim-common-6.3.046-0.40E.7.i386.rpm vim-enhanced-6.3.046-0.40E.7.i386.rpm vim-minimal-6.3.046-0.40E.7.i386.rpm Red Hat Enterprise Linux WS (v. 4)/IA-64 vim-X11-6.3.046-0.40E.7.ia64.rpm vim-common-6.3.046-0.40E.7.ia64.rpm vim-enhanced-6.3.046-0.40E.7.ia64.rpm vim-minimal-6.3.046-0.40E.7.ia64.rpm Red Hat Enterprise Linux WS (v. 4)/x86_64 vim-X11-6.3.046-0.40E.7.x86_64.rpm vim-common-6.3.046-0.40E.7.x86_64.rpm vim-enhanced-6.3.046-0.40E.7.x86_64.rpm vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor/SRPMS vim-6.0-7.22.src.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor/IA-64 vim-X11-6.0-7.22.ia64.rpm vim-common-6.0-7.22.ia64.rpm vim-enhanced-6.0-7.22.ia64.rpm vim-minimal-6.0-7.22.ia64.rpm SGI SGI ProPack 3 Service Pack 6 Parche 10212 http://support.sgi.com/ SCO OpenServer 6.0.0 ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso
Standar resources
Property	Value
CVE	CAN-2005-2368
BID	14374
Other resources
Mandriva Security Advisories MDKSA-2005:148 http://www.mandriva.com/security/advisories?name=MDKSA-2005:148 Red Hat Security Advisory RHSA-2005:745-10 https://rhn.redhat.com/errata/RHSA-2005-745.html SGI Security advisory (20050901-01-U) ftp://patches.sgi.com/support/free/security/advisories/20050901-01-U.asc SCO Security Advisory (SCOSA-2006.13) ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.13/SCOSA-2006.13.txt

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-09-06
1.1	Aviso emitido por SGI (20050901-01-U)	2005-09-16
1.2	Aviso emitido por SCO (SCOSA-2006.13)	2006-03-17

Vulnerability Bulletins

Ejecución remota de código en vim

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history