Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en vim y gvim |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado |
vim 6.x gvim 6.x |
Descripción |
|
Existen varias vulnerabilidades en algunas opciones ("termcap", "printdevice", "titleold", "filetype", "syntax", "backupext", "keymap", "patchmode" o "langmenu") de los editores de texto vim y gvim. Mediante un archivo especialmente de diseñado que sea visualizado por la víctima, un usuario local podría escalar privilegios y ejecutar comandos arbitrarios. Estas vulnerabilidades solo afectarán a los sistemas que tengan activadas las opciones anteriormente indicadas. |
|
Solución |
|
Actualización de software Red Hat Linux Red Hat Desktop (v. 3) / SRPMS: vim-6.3.046-0.30E.1.src.rpm Red Hat Desktop (v. 3) / IA-32: vim-X11-6.3.046-0.30E.1.i386.rpm vim-common-6.3.046-0.30E.1.i386.rpm vim-enhanced-6.3.046-0.30E.1.i386.rpm vim-minimal-6.3.046-0.30E.1.i386.rpm Red Hat Desktop (v. 3) / x86_64: vim-X11-6.3.046-0.30E.1.x86_64.rpm vim-common-6.3.046-0.30E.1.x86_64.rpm vim-enhanced-6.3.046-0.30E.1.x86_64.rpm vim-minimal-6.3.046-0.30E.1.x86_64.rpm Red Hat Enterprise Linux AS (v. 2.1) / SRPMS: vim-6.0-7.19.src.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-32: vim-X11-6.0-7.19.i386.rpm vim-common-6.0-7.19.i386.rpm vim-enhanced-6.0-7.19.i386.rpm vim-minimal-6.0-7.19.i386.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-64: vim-X11-6.0-7.19.ia64.rpm vim-common-6.0-7.19.ia64.rpm vim-enhanced-6.0-7.19.ia64.rpm vim-minimal-6.0-7.19.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / SRPMS: vim-6.3.046-0.30E.1.src.rpm Red Hat Enterprise Linux AS (v. 3) / IA-32: vim-X11-6.3.046-0.30E.1.i386.rpm vim-common-6.3.046-0.30E.1.i386.rpm vim-enhanced-6.3.046-0.30E.1.i386.rpm vim-minimal-6.3.046-0.30E.1.i386.rpm Red Hat Enterprise Linux AS (v. 3) / IA-64: vim-X11-6.3.046-0.30E.1.ia64.rpm vim-common-6.3.046-0.30E.1.ia64.rpm vim-enhanced-6.3.046-0.30E.1.ia64.rpm vim-minimal-6.3.046-0.30E.1.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / PPC: vim-X11-6.3.046-0.30E.1.ppc.rpm vim-common-6.3.046-0.30E.1.ppc.rpm vim-enhanced-6.3.046-0.30E.1.ppc.rpm vim-minimal-6.3.046-0.30E.1.ppc.rpm Red Hat Enterprise Linux AS (v. 3) / s390: vim-X11-6.3.046-0.30E.1.s390.rpm vim-common-6.3.046-0.30E.1.s390.rpm vim-enhanced-6.3.046-0.30E.1.s390.rpm vim-minimal-6.3.046-0.30E.1.s390.rpm Red Hat Enterprise Linux AS (v. 3) / s390x: vim-X11-6.3.046-0.30E.1.s390x.rpm vim-common-6.3.046-0.30E.1.s390x.rpm vim-enhanced-6.3.046-0.30E.1.s390x.rpm vim-minimal-6.3.046-0.30E.1.s390x.rpm Red Hat Enterprise Linux AS (v. 3) / x86_64: vim-X11-6.3.046-0.30E.1.x86_64.rpm vim-common-6.3.046-0.30E.1.x86_64.rpm vim-enhanced-6.3.046-0.30E.1.x86_64.rpm vim-minimal-6.3.046-0.30E.1.x86_64.rpm Red Hat Enterprise Linux ES (v. 2.1) / SRPMS: vim-6.0-7.19.src.rpm Red Hat Enterprise Linux AS (v. 3) / IA-32: vim-X11-6.0-7.19.i386.rpm vim-common-6.0-7.19.i386.rpm vim-enhanced-6.0-7.19.i386.rpm vim-minimal-6.0-7.19.i386.rpm Red Hat Enterprise Linux ES (v. 3) / SRPMS: vim-6.3.046-0.30E.1.src.rpm Red Hat Enterprise Linux ES (v. 3) / IA-32: vim-X11-6.3.046-0.30E.1.i386.rpm vim-common-6.3.046-0.30E.1.i386.rpm vim-enhanced-6.3.046-0.30E.1.i386.rpm vim-minimal-6.3.046-0.30E.1.i386.rpm Red Hat Enterprise Linux ES (v. 3) / IA-64: vim-X11-6.3.046-0.30E.1.ia64.rpm vim-common-6.3.046-0.30E.1.ia64.rpm vim-enhanced-6.3.046-0.30E.1.ia64.rpm vim-minimal-6.3.046-0.30E.1.ia64.rpm Red Hat Enterprise Linux ES (v. 3) / x86_64: vim-X11-6.3.046-0.30E.1.x86_64.rpm vim-common-6.3.046-0.30E.1.x86_64.rpm vim-enhanced-6.3.046-0.30E.1.x86_64.rpm vim-minimal-6.3.046-0.30E.1.x86_64.rpm Red Hat Enterprise Linux WS (v. 2.1) / SRPMS: vim-6.0-7.19.src.rpm Red Hat Enterprise Linux WS (v. 2.1) / IA-32: vim-X11-6.0-7.19.i386.rpm vim-common-6.0-7.19.i386.rpm vim-enhanced-6.0-7.19.i386.rpm vim-minimal-6.0-7.19.i386.rpm Red Hat Enterprise Linux WS (v. 3) / SRPMS: vim-6.3.046-0.30E.1.src.rpm Red Hat Enterprise Linux WS (v. 3) / IA-32: vim-X11-6.3.046-0.30E.1.i386.rpm vim-common-6.3.046-0.30E.1.i386.rpm vim-enhanced-6.3.046-0.30E.1.i386.rpm vim-minimal-6.3.046-0.30E.1.i386.rpm Red Hat Enterprise Linux WS (v. 3) / IA-64: vim-X11-6.3.046-0.30E.1.ia64.rpm vim-common-6.3.046-0.30E.1.ia64.rpm vim-enhanced-6.3.046-0.30E.1.ia64.rpm vim-minimal-6.3.046-0.30E.1.ia64.rpm Red Hat Enterprise Linux WS (v. 3) / x86_64: vim-X11-6.3.046-0.30E.1.x86_64.rpm vim-common-6.3.046-0.30E.1.x86_64.rpm vim-enhanced-6.3.046-0.30E.1.x86_64.rpm vim-minimal-6.3.046-0.30E.1.x86_64.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor / SRPMS: vim-6.0-7.19.src.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor / IA-64: vim-X11-6.0-7.19.ia64.rpm vim-common-6.0-7.19.ia64.rpm vim-enhanced-6.0-7.19.ia64.rpm vim-minimal-6.0-7.19.ia64.rpm http://rhn.redhat.com/ Mandrake Linux Mandrake Linux 9.2 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/vim-X11-6.2-11.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/vim-common-6.2-11.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/vim-enhanced-6.2-11.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/vim-minimal-6.2-11.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/vim-6.2-11.1.92mdk.src.rpm Mandrake Linux 9.2/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/vim-X11-6.2-11.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/vim-common-6.2-11.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/vim-enhanced-6.2-11.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/vim-minimal-6.2-11.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/vim-6.2-11.1.92mdk.src.rpm Mandrake Linux 10.0 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/vim-X11-6.2-14.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/vim-common-6.2-14.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/vim-enhanced-6.2-14.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/vim-minimal-6.2-14.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/vim-6.2-14.1.100mdk.src.rpm Mandrake Linux 10.0/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/vim-X11-6.2-14.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/vim-common-6.2-14.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/vim-enhanced-6.2-14.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/vim-minimal-6.2-14.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/vim-6.2-14.1.100mdk.src.rpm Mandrake Linux 10.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/vim-X11-6.3-5.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/vim-common-6.3-5.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/vim-enhanced-6.3-5.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/vim-minimal-6.3-5.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/vim-6.3-5.1.101mdk.src.rpm Mandrake Linux 10.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/vim-X11-6.3-5.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/vim-common-6.3-5.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/vim-enhanced-6.3-5.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/vim-minimal-6.3-5.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/vim-6.3-5.1.101mdk.src.rpm Corporate Server 2.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/vim-X11-6.1-34.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/vim-common-6.1-34.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/vim-enhanced-6.1-34.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/vim-minimal-6.1-34.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/vim-6.1-34.2.C21mdk.src.rpm Corporate Server 2.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/vim-X11-6.1-34.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/vim-common-6.1-34.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/vim-enhanced-6.1-34.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/vim-minimal-6.1-34.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/vim-6.1-34.2.C21mdk.src.rpm Fedora Linux Fedora Linux Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/SRPMS/vim-6.3.054-0.fc2.1.src.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/vim-common-6.3.054-0.fc2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/vim-minimal-6.3.054-0.fc2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/vim-enhanced-6.3.054-0.fc2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/vim-X11-6.3.054-0.fc2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/debug/vim-debuginfo-6.3.054-0.fc2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/vim-common-6.3.054-0.fc2.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/vim-minimal-6.3.054-0.fc2.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/vim-enhanced-6.3.054-0.fc2.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/vim-X11-6.3.054-0.fc2.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/debug/vim-debuginfo-6.3.054-0.fc2.1.i386.rpm Fedora Linux Core 3 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/SRPMS/vim-6.3.054-0.fc3.1.src.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/vim-common-6.3.054-0.fc3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/vim-minimal-6.3.054-0.fc3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/vim-enhanced-6.3.054-0.fc3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/vim-X11-6.3.054-0.fc3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/debug/vim-debuginfo-6.3.054-0.fc3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/vim-common-6.3.054-0.fc3.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/vim-minimal-6.3.054-0.fc3.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/vim-enhanced-6.3.054-0.fc3.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/vim-X11-6.3.054-0.fc3.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/debug/vim-debuginfo-6.3.054-0.fc3.1.i386.rpm Red Hat Linux Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2004-1138 |
BID | |
Recursos adicionales |
|
Red Hat Linux Security Advisory RHSA-2005:010-05 http://rhn.redhat.com/errata/RHSA-2005-010.html Mandrakesoft Security Advisories MDKSA-2005:003 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:003 Fedora Update Notification FEDORA-2005-017 http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00041.html Fedora Update Notification FEDORA-2005-018 http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00042.html Red Hat Security Advisory RHSA-2005:036-10 https://rhn.redhat.com/errata/RHSA-2005-036.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2005-01-10 |
1.1 | Avisos emitidos por Fedora Linux (FEDORA-2005-017) y (FEDORA-2005-018) | 2005-01-13 |
1.2 | Aviso emitido por Red Hat (RHSA-2005:036-10) | 2005-02-16 |