Boletines de Vulnerabilidades

int(1776)

Boletines de Vulnerabilidades

Ejecución remota de código en vim
Clasificación de la vulnerabilidad
Propiedad	Valor
Nivel de Confianza	Oficial
Impacto	Obtener acceso
Dificultad	Experto
Requerimientos del atacante	Acceso remoto sin cuenta a un servicio exotico
Información sobre el sistema
Propiedad	Valor
Fabricante afectado	GNU/Linux
Software afectado	vim 6.3 < 6.3.082
Descripción
Se ha descubierto una vulnerabilidad en vim. La vulnerabilidad reside en la forma en la que se procesan las modelines. La explotación de esta vulnerabilidad podría permitir a atacantes remotos ejecutar código arbitrario mediante la construcción de ficheros de texto con modelines especialmente diseñadas. Es necesario que el usuario tenga modelines activadas para que se produzca esta situación.
Solución
Actualización de software Mandriva Linux Mandrakelinux 10.0/X86 10.0/RPMS/vim-X11-6.2-14.4.100mdk.i586.rpm 10.0/RPMS/vim-common-6.2-14.4.100mdk.i586.rpm 10.0/RPMS/vim-enhanced-6.2-14.4.100mdk.i586.rpm 10.0/RPMS/vim-minimal-6.2-14.4.100mdk.i586.rpm 10.0/SRPMS/vim-6.2-14.4.100mdk.src.rpm Mandrakelinux 10.0/AMD64 amd64/10.0/RPMS/vim-X11-6.2-14.4.100mdk.amd64.rpm amd64/10.0/RPMS/vim-common-6.2-14.4.100mdk.amd64.rpm amd64/10.0/RPMS/vim-enhanced-6.2-14.4.100mdk.amd64.rpm amd64/10.0/RPMS/vim-minimal-6.2-14.4.100mdk.amd64.rpm amd64/10.0/SRPMS/vim-6.2-14.4.100mdk.src.rpm Mandrakelinux 10.1/X86 10.1/RPMS/vim-X11-6.3-5.4.101mdk.i586.rpm 10.1/RPMS/vim-common-6.3-5.4.101mdk.i586.rpm 10.1/RPMS/vim-enhanced-6.3-5.4.101mdk.i586.rpm 10.1/RPMS/vim-minimal-6.3-5.4.101mdk.i586.rpm 10.1/SRPMS/vim-6.3-5.4.101mdk.src.rpm Mandrakelinux 10.1/X86_64 x86_64/10.1/RPMS/vim-X11-6.3-5.4.101mdk.x86_64.rpm x86_64/10.1/RPMS/vim-common-6.3-5.4.101mdk.x86_64.rpm x86_64/10.1/RPMS/vim-enhanced-6.3-5.4.101mdk.x86_64.rpm x86_64/10.1/RPMS/vim-minimal-6.3-5.4.101mdk.x86_64.rpm x86_64/10.1/SRPMS/vim-6.3-5.4.101mdk.src.rpm Corporate Server 2.1/X86 corporate/2.1/RPMS/vim-X11-6.1-34.5.C21mdk.i586.rpm corporate/2.1/RPMS/vim-common-6.1-34.5.C21mdk.i586.rpm corporate/2.1/RPMS/vim-enhanced-6.1-34.5.C21mdk.i586.rpm corporate/2.1/RPMS/vim-minimal-6.1-34.5.C21mdk.i586.rpm corporate/2.1/SRPMS/vim-6.1-34.5.C21mdk.src.rpm Corporate Server 2.1/X86_64 x86_64/corporate/2.1/RPMS/vim-X11-6.1-34.5.C21mdk.x86_64.rpm x86_64/corporate/2.1/RPMS/vim-common-6.1-34.5.C21mdk.x86_64.rpm x86_64/corporate/2.1/RPMS/vim-enhanced-6.1-34.5.C21mdk.x86_64.rpm x86_64/corporate/2.1/RPMS/vim-minimal-6.1-34.5.C21mdk.x86_64.rpm x86_64/corporate/2.1/SRPMS/vim-6.1-34.5.C21mdk.src.rpm Corporate Server 3.0/X86 corporate/3.0/RPMS/vim-X11-6.2-14.4.C30mdk.i586.rpm corporate/3.0/RPMS/vim-common-6.2-14.4.C30mdk.i586.rpm corporate/3.0/RPMS/vim-enhanced-6.2-14.4.C30mdk.i586.rpm corporate/3.0/RPMS/vim-minimal-6.2-14.4.C30mdk.i586.rpm corporate/3.0/SRPMS/vim-6.2-14.4.C30mdk.src.rpm Corporate Server 3.0/X86_64 x86_64/corporate/3.0/RPMS/vim-X11-6.2-14.4.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/vim-common-6.2-14.4.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/vim-enhanced-6.2-14.4.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/vim-minimal-6.2-14.4.C30mdk.x86_64.rpm x86_64/corporate/3.0/SRPMS/vim-6.2-14.4.C30mdk.src.rpm Multi Network Firewall 2.0/X86 mnf/2.0/RPMS/vim-common-6.2-14.4.M20mdk.i586.rpm mnf/2.0/RPMS/vim-enhanced-6.2-14.4.M20mdk.i586.rpm mnf/2.0/RPMS/vim-minimal-6.2-14.4.M20mdk.i586.rpm mnf/2.0/SRPMS/vim-6.2-14.4.M20mdk.src.rpm Mandrivalinux LE2005/X86 10.2/RPMS/vim-X11-6.3-12.1.102mdk.i586.rpm 10.2/RPMS/vim-common-6.3-12.1.102mdk.i586.rpm 10.2/RPMS/vim-enhanced-6.3-12.1.102mdk.i586.rpm 10.2/RPMS/vim-minimal-6.3-12.1.102mdk.i586.rpm 10.2/SRPMS/vim-6.3-12.1.102mdk.src.rpm Mandrivalinux LE2005/X86_64 x86_64/10.2/RPMS/vim-X11-6.3-12.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/vim-common-6.3-12.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/vim-enhanced-6.3-12.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/vim-minimal-6.3-12.1.102mdk.x86_64.rpm x86_64/10.2/SRPMS/vim-6.3-12.1.102mdk.src.rpm Red Hat Linux Red Hat Desktop (v. 3)/SRPMS vim-6.3.046-0.30E.4.src.rpm Red Hat Desktop (v. 3)/IA-32 vim-X11-6.3.046-0.30E.4.i386.rpm vim-common-6.3.046-0.30E.4.i386.rpm vim-enhanced-6.3.046-0.30E.4.i386.rpm vim-minimal-6.3.046-0.30E.4.i386.rpm Red Hat Desktop (v. 3)/X86_64 vim-X11-6.3.046-0.30E.4.x86_64.rpm vim-common-6.3.046-0.30E.4.x86_64.rpm vim-enhanced-6.3.046-0.30E.4.x86_64.rpm vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Desktop (v. 4)/SRPMS vim-6.3.046-0.40E.7.src.rpm Red Hat Desktop (v. 4)/IA-32 vim-X11-6.3.046-0.40E.7.i386.rpm vim-common-6.3.046-0.40E.7.i386.rpm vim-enhanced-6.3.046-0.40E.7.i386.rpm vim-minimal-6.3.046-0.40E.7.i386.rpm Red Hat Desktop (v. 4)/x86_64 vim-X11-6.3.046-0.40E.7.x86_64.rpm vim-common-6.3.046-0.40E.7.x86_64.rpm vim-enhanced-6.3.046-0.40E.7.x86_64.rpm vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Enterprise Linux AS (v. 2.1)/SRPMS vim-6.0-7.22.src.rpm Red Hat Enterprise Linux AS (v. 2.1)/IA-32 vim-X11-6.0-7.22.i386.rpm vim-common-6.0-7.22.i386.rpm vim-enhanced-6.0-7.22.i386.rpm vim-minimal-6.0-7.22.i386.rpm Red Hat Enterprise Linux AS (v. 2.1)/IA-64 vim-X11-6.0-7.22.ia64.rpm vim-common-6.0-7.22.ia64.rpm vim-enhanced-6.0-7.22.ia64.rpm vim-minimal-6.0-7.22.ia64.rpm Red Hat Enterprise Linux AS (v. 3)/SRPMS vim-6.3.046-0.30E.4.src.rpm Red Hat Enterprise Linux AS (v. 3)/IA-32 vim-X11-6.3.046-0.30E.4.i386.rpm vim-common-6.3.046-0.30E.4.i386.rpm vim-enhanced-6.3.046-0.30E.4.i386.rpm vim-minimal-6.3.046-0.30E.4.i386.rpm Red Hat Enterprise Linux AS (v. 3)/IA-64 vim-X11-6.3.046-0.30E.4.ia64.rpm vim-common-6.3.046-0.30E.4.ia64.rpm vim-enhanced-6.3.046-0.30E.4.ia64.rpm vim-minimal-6.3.046-0.30E.4.ia64.rpm Red Hat Enterprise Linux AS (v. 3)/PPC vim-X11-6.3.046-0.30E.4.ppc.rpm vim-common-6.3.046-0.30E.4.ppc.rpm vim-enhanced-6.3.046-0.30E.4.ppc.rpm vim-minimal-6.3.046-0.30E.4.ppc.rpm Red Hat Enterprise Linux AS (v. 3)/s390 vim-X11-6.3.046-0.30E.4.s390.rpm vim-common-6.3.046-0.30E.4.s390.rpm vim-enhanced-6.3.046-0.30E.4.s390.rpm vim-minimal-6.3.046-0.30E.4.s390.rpm Red Hat Enterprise Linux AS (v. 3)/s390x vim-X11-6.3.046-0.30E.4.s390x.rpm vim-common-6.3.046-0.30E.4.s390x.rpm vim-enhanced-6.3.046-0.30E.4.s390x.rpm vim-minimal-6.3.046-0.30E.4.s390x.rpm Red Hat Enterprise Linux AS (v. 3)/x86_64 vim-X11-6.3.046-0.30E.4.x86_64.rpm vim-common-6.3.046-0.30E.4.x86_64.rpm vim-enhanced-6.3.046-0.30E.4.x86_64.rpm vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Enterprise Linux AS (v. 4)/SRPMS vim-6.3.046-0.40E.7.src.rpm Red Hat Enterprise Linux AS (v. 4)/IA-32 vim-X11-6.3.046-0.40E.7.i386.rpm vim-common-6.3.046-0.40E.7.i386.rpm vim-enhanced-6.3.046-0.40E.7.i386.rpm vim-minimal-6.3.046-0.40E.7.i386.rpm Red Hat Enterprise Linux AS (v. 4)/IA-64 vim-X11-6.3.046-0.40E.7.ia64.rpm vim-common-6.3.046-0.40E.7.ia64.rpm vim-enhanced-6.3.046-0.40E.7.ia64.rpm vim-minimal-6.3.046-0.40E.7.ia64.rpm Red Hat Enterprise Linux AS (v. 4)/PPC vim-X11-6.3.046-0.40E.7.ppc.rpm vim-common-6.3.046-0.40E.7.ppc.rpm vim-enhanced-6.3.046-0.40E.7.ppc.rpm vim-minimal-6.3.046-0.40E.7.ppc.rpm Red Hat Enterprise Linux AS (v. 4)/s390 vim-X11-6.3.046-0.40E.7.s390.rpm vim-common-6.3.046-0.40E.7.s390.rpm vim-enhanced-6.3.046-0.40E.7.s390.rpm vim-minimal-6.3.046-0.40E.7.s390.rpm Red Hat Enterprise Linux AS (v. 4)/390x vim-X11-6.3.046-0.40E.7.s390x.rpm vim-common-6.3.046-0.40E.7.s390x.rpm vim-enhanced-6.3.046-0.40E.7.s390x.rpm vim-minimal-6.3.046-0.40E.7.s390x.rpm Red Hat Enterprise Linux AS (v. 4)/x86_64 vim-X11-6.3.046-0.40E.7.x86_64.rpm vim-common-6.3.046-0.40E.7.x86_64.rpm vim-enhanced-6.3.046-0.40E.7.x86_64.rpm vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Enterprise Linux ES (v. 2.1)/SRPMS vim-6.0-7.22.src.rpm Red Hat Enterprise Linux ES (v. 2.1)/IA-32 vim-X11-6.0-7.22.i386.rpm vim-common-6.0-7.22.i386.rpm vim-enhanced-6.0-7.22.i386.rpm vim-minimal-6.0-7.22.i386.rpm Red Hat Enterprise Linux ES (v. 3)/SRPMS vim-6.3.046-0.30E.4.src.rpm Red Hat Enterprise Linux ES (v. 3)/IA-32 vim-X11-6.3.046-0.30E.4.i386.rpm vim-common-6.3.046-0.30E.4.i386.rpm vim-enhanced-6.3.046-0.30E.4.i386.rpm vim-minimal-6.3.046-0.30E.4.i386.rpm Red Hat Enterprise Linux ES (v. 3)/IA-64 vim-X11-6.3.046-0.30E.4.ia64.rpm vim-common-6.3.046-0.30E.4.ia64.rpm vim-enhanced-6.3.046-0.30E.4.ia64.rpm vim-minimal-6.3.046-0.30E.4.ia64.rpm Red Hat Enterprise Linux ES (v. 3)/x86_64 vim-X11-6.3.046-0.30E.4.x86_64.rpm vim-common-6.3.046-0.30E.4.x86_64.rpm vim-enhanced-6.3.046-0.30E.4.x86_64.rpm vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4)/SRPMS vim-6.3.046-0.40E.7.src.rpm Red Hat Enterprise Linux ES (v. 4)/IA-32 vim-X11-6.3.046-0.40E.7.i386.rpm vim-common-6.3.046-0.40E.7.i386.rpm vim-enhanced-6.3.046-0.40E.7.i386.rpm vim-minimal-6.3.046-0.40E.7.i386.rpm Red Hat Enterprise Linux ES (v. 4)/IA-64 vim-X11-6.3.046-0.40E.7.ia64.rpm vim-common-6.3.046-0.40E.7.ia64.rpm vim-enhanced-6.3.046-0.40E.7.ia64.rpm vim-minimal-6.3.046-0.40E.7.ia64.rpm Red Hat Enterprise Linux ES (v. 4)/x86_64 vim-X11-6.3.046-0.40E.7.x86_64.rpm vim-common-6.3.046-0.40E.7.x86_64.rpm vim-enhanced-6.3.046-0.40E.7.x86_64.rpm vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Enterprise Linux WS (v. 2.1)/SRPMS vim-6.0-7.22.src.rpm Red Hat Enterprise Linux WS (v. 2.1)/IA-32 vim-X11-6.0-7.22.i386.rpm vim-common-6.0-7.22.i386.rpm vim-enhanced-6.0-7.22.i386.rpm vim-minimal-6.0-7.22.i386.rpm Red Hat Enterprise Linux WS (v. 3)/SRPMS vim-6.3.046-0.30E.4.src.rpm Red Hat Enterprise Linux WS (v. 3)/IA-32 vim-X11-6.3.046-0.30E.4.i386.rpm vim-common-6.3.046-0.30E.4.i386.rpm vim-enhanced-6.3.046-0.30E.4.i386.rpm vim-minimal-6.3.046-0.30E.4.i386.rpm Red Hat Enterprise Linux WS (v. 3)/IA-64 vim-X11-6.3.046-0.30E.4.ia64.rpm vim-common-6.3.046-0.30E.4.ia64.rpm vim-enhanced-6.3.046-0.30E.4.ia64.rpm vim-minimal-6.3.046-0.30E.4.ia64.rpm Red Hat Enterprise Linux WS (v. 3)/x86_64 vim-X11-6.3.046-0.30E.4.x86_64.rpm vim-common-6.3.046-0.30E.4.x86_64.rpm vim-enhanced-6.3.046-0.30E.4.x86_64.rpm vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Enterprise Linux WS (v. 4)/SRPMS vim-6.3.046-0.40E.7.src.rpm Red Hat Enterprise Linux WS (v. 4)/IA-32 vim-X11-6.3.046-0.40E.7.i386.rpm vim-common-6.3.046-0.40E.7.i386.rpm vim-enhanced-6.3.046-0.40E.7.i386.rpm vim-minimal-6.3.046-0.40E.7.i386.rpm Red Hat Enterprise Linux WS (v. 4)/IA-64 vim-X11-6.3.046-0.40E.7.ia64.rpm vim-common-6.3.046-0.40E.7.ia64.rpm vim-enhanced-6.3.046-0.40E.7.ia64.rpm vim-minimal-6.3.046-0.40E.7.ia64.rpm Red Hat Enterprise Linux WS (v. 4)/x86_64 vim-X11-6.3.046-0.40E.7.x86_64.rpm vim-common-6.3.046-0.40E.7.x86_64.rpm vim-enhanced-6.3.046-0.40E.7.x86_64.rpm vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor/SRPMS vim-6.0-7.22.src.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor/IA-64 vim-X11-6.0-7.22.ia64.rpm vim-common-6.0-7.22.ia64.rpm vim-enhanced-6.0-7.22.ia64.rpm vim-minimal-6.0-7.22.ia64.rpm SGI SGI ProPack 3 Service Pack 6 Parche 10212 http://support.sgi.com/ SCO OpenServer 6.0.0 ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso
Identificadores estándar
Propiedad	Valor
CVE	CAN-2005-2368
BID	14374
Recursos adicionales
Mandriva Security Advisories MDKSA-2005:148 http://www.mandriva.com/security/advisories?name=MDKSA-2005:148 Red Hat Security Advisory RHSA-2005:745-10 https://rhn.redhat.com/errata/RHSA-2005-745.html SGI Security advisory (20050901-01-U) ftp://patches.sgi.com/support/free/security/advisories/20050901-01-U.asc SCO Security Advisory (SCOSA-2006.13) ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.13/SCOSA-2006.13.txt

Histórico de versiones
Versión	Comentario	Fecha
1.0	Aviso emitido	2005-09-06
1.1	Aviso emitido por SGI (20050901-01-U)	2005-09-16
1.2	Aviso emitido por SCO (SCOSA-2006.13)	2006-03-17

Boletines de Vulnerabilidades

Ejecución remota de código en vim

Clasificación de la vulnerabilidad

Información sobre el sistema

Descripción

Solución

Identificadores estándar

Recursos adicionales

Histórico de versiones