Boletines de Vulnerabilidades

int(1260)

Boletines de Vulnerabilidades

Múltiples vulnerabilidades en vim y gvim
Clasificación de la vulnerabilidad
Propiedad	Valor
Nivel de Confianza	Oficial
Impacto	Obtener acceso
Dificultad	Experto
Requerimientos del atacante	Acceso remoto con cuenta
Información sobre el sistema
Propiedad	Valor
Fabricante afectado	GNU/Linux
Software afectado	vim 6.x gvim 6.x
Descripción
Existen varias vulnerabilidades en algunas opciones ("termcap", "printdevice", "titleold", "filetype", "syntax", "backupext", "keymap", "patchmode" o "langmenu") de los editores de texto vim y gvim. Mediante un archivo especialmente de diseñado que sea visualizado por la víctima, un usuario local podría escalar privilegios y ejecutar comandos arbitrarios. Estas vulnerabilidades solo afectarán a los sistemas que tengan activadas las opciones anteriormente indicadas.
Solución
Actualización de software Red Hat Linux Red Hat Desktop (v. 3) / SRPMS: vim-6.3.046-0.30E.1.src.rpm Red Hat Desktop (v. 3) / IA-32: vim-X11-6.3.046-0.30E.1.i386.rpm vim-common-6.3.046-0.30E.1.i386.rpm vim-enhanced-6.3.046-0.30E.1.i386.rpm vim-minimal-6.3.046-0.30E.1.i386.rpm Red Hat Desktop (v. 3) / x86_64: vim-X11-6.3.046-0.30E.1.x86_64.rpm vim-common-6.3.046-0.30E.1.x86_64.rpm vim-enhanced-6.3.046-0.30E.1.x86_64.rpm vim-minimal-6.3.046-0.30E.1.x86_64.rpm Red Hat Enterprise Linux AS (v. 2.1) / SRPMS: vim-6.0-7.19.src.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-32: vim-X11-6.0-7.19.i386.rpm vim-common-6.0-7.19.i386.rpm vim-enhanced-6.0-7.19.i386.rpm vim-minimal-6.0-7.19.i386.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-64: vim-X11-6.0-7.19.ia64.rpm vim-common-6.0-7.19.ia64.rpm vim-enhanced-6.0-7.19.ia64.rpm vim-minimal-6.0-7.19.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / SRPMS: vim-6.3.046-0.30E.1.src.rpm Red Hat Enterprise Linux AS (v. 3) / IA-32: vim-X11-6.3.046-0.30E.1.i386.rpm vim-common-6.3.046-0.30E.1.i386.rpm vim-enhanced-6.3.046-0.30E.1.i386.rpm vim-minimal-6.3.046-0.30E.1.i386.rpm Red Hat Enterprise Linux AS (v. 3) / IA-64: vim-X11-6.3.046-0.30E.1.ia64.rpm vim-common-6.3.046-0.30E.1.ia64.rpm vim-enhanced-6.3.046-0.30E.1.ia64.rpm vim-minimal-6.3.046-0.30E.1.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / PPC: vim-X11-6.3.046-0.30E.1.ppc.rpm vim-common-6.3.046-0.30E.1.ppc.rpm vim-enhanced-6.3.046-0.30E.1.ppc.rpm vim-minimal-6.3.046-0.30E.1.ppc.rpm Red Hat Enterprise Linux AS (v. 3) / s390: vim-X11-6.3.046-0.30E.1.s390.rpm vim-common-6.3.046-0.30E.1.s390.rpm vim-enhanced-6.3.046-0.30E.1.s390.rpm vim-minimal-6.3.046-0.30E.1.s390.rpm Red Hat Enterprise Linux AS (v. 3) / s390x: vim-X11-6.3.046-0.30E.1.s390x.rpm vim-common-6.3.046-0.30E.1.s390x.rpm vim-enhanced-6.3.046-0.30E.1.s390x.rpm vim-minimal-6.3.046-0.30E.1.s390x.rpm Red Hat Enterprise Linux AS (v. 3) / x86_64: vim-X11-6.3.046-0.30E.1.x86_64.rpm vim-common-6.3.046-0.30E.1.x86_64.rpm vim-enhanced-6.3.046-0.30E.1.x86_64.rpm vim-minimal-6.3.046-0.30E.1.x86_64.rpm Red Hat Enterprise Linux ES (v. 2.1) / SRPMS: vim-6.0-7.19.src.rpm Red Hat Enterprise Linux AS (v. 3) / IA-32: vim-X11-6.0-7.19.i386.rpm vim-common-6.0-7.19.i386.rpm vim-enhanced-6.0-7.19.i386.rpm vim-minimal-6.0-7.19.i386.rpm Red Hat Enterprise Linux ES (v. 3) / SRPMS: vim-6.3.046-0.30E.1.src.rpm Red Hat Enterprise Linux ES (v. 3) / IA-32: vim-X11-6.3.046-0.30E.1.i386.rpm vim-common-6.3.046-0.30E.1.i386.rpm vim-enhanced-6.3.046-0.30E.1.i386.rpm vim-minimal-6.3.046-0.30E.1.i386.rpm Red Hat Enterprise Linux ES (v. 3) / IA-64: vim-X11-6.3.046-0.30E.1.ia64.rpm vim-common-6.3.046-0.30E.1.ia64.rpm vim-enhanced-6.3.046-0.30E.1.ia64.rpm vim-minimal-6.3.046-0.30E.1.ia64.rpm Red Hat Enterprise Linux ES (v. 3) / x86_64: vim-X11-6.3.046-0.30E.1.x86_64.rpm vim-common-6.3.046-0.30E.1.x86_64.rpm vim-enhanced-6.3.046-0.30E.1.x86_64.rpm vim-minimal-6.3.046-0.30E.1.x86_64.rpm Red Hat Enterprise Linux WS (v. 2.1) / SRPMS: vim-6.0-7.19.src.rpm Red Hat Enterprise Linux WS (v. 2.1) / IA-32: vim-X11-6.0-7.19.i386.rpm vim-common-6.0-7.19.i386.rpm vim-enhanced-6.0-7.19.i386.rpm vim-minimal-6.0-7.19.i386.rpm Red Hat Enterprise Linux WS (v. 3) / SRPMS: vim-6.3.046-0.30E.1.src.rpm Red Hat Enterprise Linux WS (v. 3) / IA-32: vim-X11-6.3.046-0.30E.1.i386.rpm vim-common-6.3.046-0.30E.1.i386.rpm vim-enhanced-6.3.046-0.30E.1.i386.rpm vim-minimal-6.3.046-0.30E.1.i386.rpm Red Hat Enterprise Linux WS (v. 3) / IA-64: vim-X11-6.3.046-0.30E.1.ia64.rpm vim-common-6.3.046-0.30E.1.ia64.rpm vim-enhanced-6.3.046-0.30E.1.ia64.rpm vim-minimal-6.3.046-0.30E.1.ia64.rpm Red Hat Enterprise Linux WS (v. 3) / x86_64: vim-X11-6.3.046-0.30E.1.x86_64.rpm vim-common-6.3.046-0.30E.1.x86_64.rpm vim-enhanced-6.3.046-0.30E.1.x86_64.rpm vim-minimal-6.3.046-0.30E.1.x86_64.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor / SRPMS: vim-6.0-7.19.src.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor / IA-64: vim-X11-6.0-7.19.ia64.rpm vim-common-6.0-7.19.ia64.rpm vim-enhanced-6.0-7.19.ia64.rpm vim-minimal-6.0-7.19.ia64.rpm http://rhn.redhat.com/ Mandrake Linux Mandrake Linux 9.2 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/vim-X11-6.2-11.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/vim-common-6.2-11.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/vim-enhanced-6.2-11.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/vim-minimal-6.2-11.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/vim-6.2-11.1.92mdk.src.rpm Mandrake Linux 9.2/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/vim-X11-6.2-11.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/vim-common-6.2-11.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/vim-enhanced-6.2-11.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/vim-minimal-6.2-11.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/vim-6.2-11.1.92mdk.src.rpm Mandrake Linux 10.0 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/vim-X11-6.2-14.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/vim-common-6.2-14.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/vim-enhanced-6.2-14.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/vim-minimal-6.2-14.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/vim-6.2-14.1.100mdk.src.rpm Mandrake Linux 10.0/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/vim-X11-6.2-14.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/vim-common-6.2-14.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/vim-enhanced-6.2-14.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/vim-minimal-6.2-14.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/vim-6.2-14.1.100mdk.src.rpm Mandrake Linux 10.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/vim-X11-6.3-5.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/vim-common-6.3-5.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/vim-enhanced-6.3-5.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/vim-minimal-6.3-5.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/vim-6.3-5.1.101mdk.src.rpm Mandrake Linux 10.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/vim-X11-6.3-5.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/vim-common-6.3-5.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/vim-enhanced-6.3-5.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/vim-minimal-6.3-5.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/vim-6.3-5.1.101mdk.src.rpm Corporate Server 2.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/vim-X11-6.1-34.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/vim-common-6.1-34.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/vim-enhanced-6.1-34.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/vim-minimal-6.1-34.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/vim-6.1-34.2.C21mdk.src.rpm Corporate Server 2.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/vim-X11-6.1-34.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/vim-common-6.1-34.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/vim-enhanced-6.1-34.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/vim-minimal-6.1-34.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/vim-6.1-34.2.C21mdk.src.rpm Fedora Linux Fedora Linux Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/SRPMS/vim-6.3.054-0.fc2.1.src.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/vim-common-6.3.054-0.fc2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/vim-minimal-6.3.054-0.fc2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/vim-enhanced-6.3.054-0.fc2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/vim-X11-6.3.054-0.fc2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/debug/vim-debuginfo-6.3.054-0.fc2.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/vim-common-6.3.054-0.fc2.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/vim-minimal-6.3.054-0.fc2.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/vim-enhanced-6.3.054-0.fc2.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/vim-X11-6.3.054-0.fc2.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/debug/vim-debuginfo-6.3.054-0.fc2.1.i386.rpm Fedora Linux Core 3 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/SRPMS/vim-6.3.054-0.fc3.1.src.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/vim-common-6.3.054-0.fc3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/vim-minimal-6.3.054-0.fc3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/vim-enhanced-6.3.054-0.fc3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/vim-X11-6.3.054-0.fc3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/debug/vim-debuginfo-6.3.054-0.fc3.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/vim-common-6.3.054-0.fc3.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/vim-minimal-6.3.054-0.fc3.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/vim-enhanced-6.3.054-0.fc3.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/vim-X11-6.3.054-0.fc3.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/debug/vim-debuginfo-6.3.054-0.fc3.1.i386.rpm Red Hat Linux Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/
Identificadores estándar
Propiedad	Valor
CVE	CAN-2004-1138
BID
Recursos adicionales
Red Hat Linux Security Advisory RHSA-2005:010-05 http://rhn.redhat.com/errata/RHSA-2005-010.html Mandrakesoft Security Advisories MDKSA-2005:003 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:003 Fedora Update Notification FEDORA-2005-017 http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00041.html Fedora Update Notification FEDORA-2005-018 http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00042.html Red Hat Security Advisory RHSA-2005:036-10 https://rhn.redhat.com/errata/RHSA-2005-036.html

Histórico de versiones
Versión	Comentario	Fecha
1.0	Aviso emitido	2005-01-10
1.1	Avisos emitidos por Fedora Linux (FEDORA-2005-017) y (FEDORA-2005-018)	2005-01-13
1.2	Aviso emitido por Red Hat (RHSA-2005:036-10)	2005-02-16

Boletines de Vulnerabilidades

Múltiples vulnerabilidades en vim y gvim

Clasificación de la vulnerabilidad

Información sobre el sistema

Descripción

Solución

Identificadores estándar

Recursos adicionales

Histórico de versiones