Boletines de Vulnerabilidades |
Ejecución remota de código en vim |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | vim 6.3 < 6.3.082 |
Descripción |
|
Se ha descubierto una vulnerabilidad en vim. La vulnerabilidad reside en la forma en la que se procesan las modelines. La explotación de esta vulnerabilidad podría permitir a atacantes remotos ejecutar código arbitrario mediante la construcción de ficheros de texto con modelines especialmente diseñadas. Es necesario que el usuario tenga modelines activadas para que se produzca esta situación. |
|
Solución |
|
Actualización de software Mandriva Linux Mandrakelinux 10.0/X86 10.0/RPMS/vim-X11-6.2-14.4.100mdk.i586.rpm 10.0/RPMS/vim-common-6.2-14.4.100mdk.i586.rpm 10.0/RPMS/vim-enhanced-6.2-14.4.100mdk.i586.rpm 10.0/RPMS/vim-minimal-6.2-14.4.100mdk.i586.rpm 10.0/SRPMS/vim-6.2-14.4.100mdk.src.rpm Mandrakelinux 10.0/AMD64 amd64/10.0/RPMS/vim-X11-6.2-14.4.100mdk.amd64.rpm amd64/10.0/RPMS/vim-common-6.2-14.4.100mdk.amd64.rpm amd64/10.0/RPMS/vim-enhanced-6.2-14.4.100mdk.amd64.rpm amd64/10.0/RPMS/vim-minimal-6.2-14.4.100mdk.amd64.rpm amd64/10.0/SRPMS/vim-6.2-14.4.100mdk.src.rpm Mandrakelinux 10.1/X86 10.1/RPMS/vim-X11-6.3-5.4.101mdk.i586.rpm 10.1/RPMS/vim-common-6.3-5.4.101mdk.i586.rpm 10.1/RPMS/vim-enhanced-6.3-5.4.101mdk.i586.rpm 10.1/RPMS/vim-minimal-6.3-5.4.101mdk.i586.rpm 10.1/SRPMS/vim-6.3-5.4.101mdk.src.rpm Mandrakelinux 10.1/X86_64 x86_64/10.1/RPMS/vim-X11-6.3-5.4.101mdk.x86_64.rpm x86_64/10.1/RPMS/vim-common-6.3-5.4.101mdk.x86_64.rpm x86_64/10.1/RPMS/vim-enhanced-6.3-5.4.101mdk.x86_64.rpm x86_64/10.1/RPMS/vim-minimal-6.3-5.4.101mdk.x86_64.rpm x86_64/10.1/SRPMS/vim-6.3-5.4.101mdk.src.rpm Corporate Server 2.1/X86 corporate/2.1/RPMS/vim-X11-6.1-34.5.C21mdk.i586.rpm corporate/2.1/RPMS/vim-common-6.1-34.5.C21mdk.i586.rpm corporate/2.1/RPMS/vim-enhanced-6.1-34.5.C21mdk.i586.rpm corporate/2.1/RPMS/vim-minimal-6.1-34.5.C21mdk.i586.rpm corporate/2.1/SRPMS/vim-6.1-34.5.C21mdk.src.rpm Corporate Server 2.1/X86_64 x86_64/corporate/2.1/RPMS/vim-X11-6.1-34.5.C21mdk.x86_64.rpm x86_64/corporate/2.1/RPMS/vim-common-6.1-34.5.C21mdk.x86_64.rpm x86_64/corporate/2.1/RPMS/vim-enhanced-6.1-34.5.C21mdk.x86_64.rpm x86_64/corporate/2.1/RPMS/vim-minimal-6.1-34.5.C21mdk.x86_64.rpm x86_64/corporate/2.1/SRPMS/vim-6.1-34.5.C21mdk.src.rpm Corporate Server 3.0/X86 corporate/3.0/RPMS/vim-X11-6.2-14.4.C30mdk.i586.rpm corporate/3.0/RPMS/vim-common-6.2-14.4.C30mdk.i586.rpm corporate/3.0/RPMS/vim-enhanced-6.2-14.4.C30mdk.i586.rpm corporate/3.0/RPMS/vim-minimal-6.2-14.4.C30mdk.i586.rpm corporate/3.0/SRPMS/vim-6.2-14.4.C30mdk.src.rpm Corporate Server 3.0/X86_64 x86_64/corporate/3.0/RPMS/vim-X11-6.2-14.4.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/vim-common-6.2-14.4.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/vim-enhanced-6.2-14.4.C30mdk.x86_64.rpm x86_64/corporate/3.0/RPMS/vim-minimal-6.2-14.4.C30mdk.x86_64.rpm x86_64/corporate/3.0/SRPMS/vim-6.2-14.4.C30mdk.src.rpm Multi Network Firewall 2.0/X86 mnf/2.0/RPMS/vim-common-6.2-14.4.M20mdk.i586.rpm mnf/2.0/RPMS/vim-enhanced-6.2-14.4.M20mdk.i586.rpm mnf/2.0/RPMS/vim-minimal-6.2-14.4.M20mdk.i586.rpm mnf/2.0/SRPMS/vim-6.2-14.4.M20mdk.src.rpm Mandrivalinux LE2005/X86 10.2/RPMS/vim-X11-6.3-12.1.102mdk.i586.rpm 10.2/RPMS/vim-common-6.3-12.1.102mdk.i586.rpm 10.2/RPMS/vim-enhanced-6.3-12.1.102mdk.i586.rpm 10.2/RPMS/vim-minimal-6.3-12.1.102mdk.i586.rpm 10.2/SRPMS/vim-6.3-12.1.102mdk.src.rpm Mandrivalinux LE2005/X86_64 x86_64/10.2/RPMS/vim-X11-6.3-12.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/vim-common-6.3-12.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/vim-enhanced-6.3-12.1.102mdk.x86_64.rpm x86_64/10.2/RPMS/vim-minimal-6.3-12.1.102mdk.x86_64.rpm x86_64/10.2/SRPMS/vim-6.3-12.1.102mdk.src.rpm Red Hat Linux Red Hat Desktop (v. 3)/SRPMS vim-6.3.046-0.30E.4.src.rpm Red Hat Desktop (v. 3)/IA-32 vim-X11-6.3.046-0.30E.4.i386.rpm vim-common-6.3.046-0.30E.4.i386.rpm vim-enhanced-6.3.046-0.30E.4.i386.rpm vim-minimal-6.3.046-0.30E.4.i386.rpm Red Hat Desktop (v. 3)/X86_64 vim-X11-6.3.046-0.30E.4.x86_64.rpm vim-common-6.3.046-0.30E.4.x86_64.rpm vim-enhanced-6.3.046-0.30E.4.x86_64.rpm vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Desktop (v. 4)/SRPMS vim-6.3.046-0.40E.7.src.rpm Red Hat Desktop (v. 4)/IA-32 vim-X11-6.3.046-0.40E.7.i386.rpm vim-common-6.3.046-0.40E.7.i386.rpm vim-enhanced-6.3.046-0.40E.7.i386.rpm vim-minimal-6.3.046-0.40E.7.i386.rpm Red Hat Desktop (v. 4)/x86_64 vim-X11-6.3.046-0.40E.7.x86_64.rpm vim-common-6.3.046-0.40E.7.x86_64.rpm vim-enhanced-6.3.046-0.40E.7.x86_64.rpm vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Enterprise Linux AS (v. 2.1)/SRPMS vim-6.0-7.22.src.rpm Red Hat Enterprise Linux AS (v. 2.1)/IA-32 vim-X11-6.0-7.22.i386.rpm vim-common-6.0-7.22.i386.rpm vim-enhanced-6.0-7.22.i386.rpm vim-minimal-6.0-7.22.i386.rpm Red Hat Enterprise Linux AS (v. 2.1)/IA-64 vim-X11-6.0-7.22.ia64.rpm vim-common-6.0-7.22.ia64.rpm vim-enhanced-6.0-7.22.ia64.rpm vim-minimal-6.0-7.22.ia64.rpm Red Hat Enterprise Linux AS (v. 3)/SRPMS vim-6.3.046-0.30E.4.src.rpm Red Hat Enterprise Linux AS (v. 3)/IA-32 vim-X11-6.3.046-0.30E.4.i386.rpm vim-common-6.3.046-0.30E.4.i386.rpm vim-enhanced-6.3.046-0.30E.4.i386.rpm vim-minimal-6.3.046-0.30E.4.i386.rpm Red Hat Enterprise Linux AS (v. 3)/IA-64 vim-X11-6.3.046-0.30E.4.ia64.rpm vim-common-6.3.046-0.30E.4.ia64.rpm vim-enhanced-6.3.046-0.30E.4.ia64.rpm vim-minimal-6.3.046-0.30E.4.ia64.rpm Red Hat Enterprise Linux AS (v. 3)/PPC vim-X11-6.3.046-0.30E.4.ppc.rpm vim-common-6.3.046-0.30E.4.ppc.rpm vim-enhanced-6.3.046-0.30E.4.ppc.rpm vim-minimal-6.3.046-0.30E.4.ppc.rpm Red Hat Enterprise Linux AS (v. 3)/s390 vim-X11-6.3.046-0.30E.4.s390.rpm vim-common-6.3.046-0.30E.4.s390.rpm vim-enhanced-6.3.046-0.30E.4.s390.rpm vim-minimal-6.3.046-0.30E.4.s390.rpm Red Hat Enterprise Linux AS (v. 3)/s390x vim-X11-6.3.046-0.30E.4.s390x.rpm vim-common-6.3.046-0.30E.4.s390x.rpm vim-enhanced-6.3.046-0.30E.4.s390x.rpm vim-minimal-6.3.046-0.30E.4.s390x.rpm Red Hat Enterprise Linux AS (v. 3)/x86_64 vim-X11-6.3.046-0.30E.4.x86_64.rpm vim-common-6.3.046-0.30E.4.x86_64.rpm vim-enhanced-6.3.046-0.30E.4.x86_64.rpm vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Enterprise Linux AS (v. 4)/SRPMS vim-6.3.046-0.40E.7.src.rpm Red Hat Enterprise Linux AS (v. 4)/IA-32 vim-X11-6.3.046-0.40E.7.i386.rpm vim-common-6.3.046-0.40E.7.i386.rpm vim-enhanced-6.3.046-0.40E.7.i386.rpm vim-minimal-6.3.046-0.40E.7.i386.rpm Red Hat Enterprise Linux AS (v. 4)/IA-64 vim-X11-6.3.046-0.40E.7.ia64.rpm vim-common-6.3.046-0.40E.7.ia64.rpm vim-enhanced-6.3.046-0.40E.7.ia64.rpm vim-minimal-6.3.046-0.40E.7.ia64.rpm Red Hat Enterprise Linux AS (v. 4)/PPC vim-X11-6.3.046-0.40E.7.ppc.rpm vim-common-6.3.046-0.40E.7.ppc.rpm vim-enhanced-6.3.046-0.40E.7.ppc.rpm vim-minimal-6.3.046-0.40E.7.ppc.rpm Red Hat Enterprise Linux AS (v. 4)/s390 vim-X11-6.3.046-0.40E.7.s390.rpm vim-common-6.3.046-0.40E.7.s390.rpm vim-enhanced-6.3.046-0.40E.7.s390.rpm vim-minimal-6.3.046-0.40E.7.s390.rpm Red Hat Enterprise Linux AS (v. 4)/390x vim-X11-6.3.046-0.40E.7.s390x.rpm vim-common-6.3.046-0.40E.7.s390x.rpm vim-enhanced-6.3.046-0.40E.7.s390x.rpm vim-minimal-6.3.046-0.40E.7.s390x.rpm Red Hat Enterprise Linux AS (v. 4)/x86_64 vim-X11-6.3.046-0.40E.7.x86_64.rpm vim-common-6.3.046-0.40E.7.x86_64.rpm vim-enhanced-6.3.046-0.40E.7.x86_64.rpm vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Enterprise Linux ES (v. 2.1)/SRPMS vim-6.0-7.22.src.rpm Red Hat Enterprise Linux ES (v. 2.1)/IA-32 vim-X11-6.0-7.22.i386.rpm vim-common-6.0-7.22.i386.rpm vim-enhanced-6.0-7.22.i386.rpm vim-minimal-6.0-7.22.i386.rpm Red Hat Enterprise Linux ES (v. 3)/SRPMS vim-6.3.046-0.30E.4.src.rpm Red Hat Enterprise Linux ES (v. 3)/IA-32 vim-X11-6.3.046-0.30E.4.i386.rpm vim-common-6.3.046-0.30E.4.i386.rpm vim-enhanced-6.3.046-0.30E.4.i386.rpm vim-minimal-6.3.046-0.30E.4.i386.rpm Red Hat Enterprise Linux ES (v. 3)/IA-64 vim-X11-6.3.046-0.30E.4.ia64.rpm vim-common-6.3.046-0.30E.4.ia64.rpm vim-enhanced-6.3.046-0.30E.4.ia64.rpm vim-minimal-6.3.046-0.30E.4.ia64.rpm Red Hat Enterprise Linux ES (v. 3)/x86_64 vim-X11-6.3.046-0.30E.4.x86_64.rpm vim-common-6.3.046-0.30E.4.x86_64.rpm vim-enhanced-6.3.046-0.30E.4.x86_64.rpm vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4)/SRPMS vim-6.3.046-0.40E.7.src.rpm Red Hat Enterprise Linux ES (v. 4)/IA-32 vim-X11-6.3.046-0.40E.7.i386.rpm vim-common-6.3.046-0.40E.7.i386.rpm vim-enhanced-6.3.046-0.40E.7.i386.rpm vim-minimal-6.3.046-0.40E.7.i386.rpm Red Hat Enterprise Linux ES (v. 4)/IA-64 vim-X11-6.3.046-0.40E.7.ia64.rpm vim-common-6.3.046-0.40E.7.ia64.rpm vim-enhanced-6.3.046-0.40E.7.ia64.rpm vim-minimal-6.3.046-0.40E.7.ia64.rpm Red Hat Enterprise Linux ES (v. 4)/x86_64 vim-X11-6.3.046-0.40E.7.x86_64.rpm vim-common-6.3.046-0.40E.7.x86_64.rpm vim-enhanced-6.3.046-0.40E.7.x86_64.rpm vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Enterprise Linux WS (v. 2.1)/SRPMS vim-6.0-7.22.src.rpm Red Hat Enterprise Linux WS (v. 2.1)/IA-32 vim-X11-6.0-7.22.i386.rpm vim-common-6.0-7.22.i386.rpm vim-enhanced-6.0-7.22.i386.rpm vim-minimal-6.0-7.22.i386.rpm Red Hat Enterprise Linux WS (v. 3)/SRPMS vim-6.3.046-0.30E.4.src.rpm Red Hat Enterprise Linux WS (v. 3)/IA-32 vim-X11-6.3.046-0.30E.4.i386.rpm vim-common-6.3.046-0.30E.4.i386.rpm vim-enhanced-6.3.046-0.30E.4.i386.rpm vim-minimal-6.3.046-0.30E.4.i386.rpm Red Hat Enterprise Linux WS (v. 3)/IA-64 vim-X11-6.3.046-0.30E.4.ia64.rpm vim-common-6.3.046-0.30E.4.ia64.rpm vim-enhanced-6.3.046-0.30E.4.ia64.rpm vim-minimal-6.3.046-0.30E.4.ia64.rpm Red Hat Enterprise Linux WS (v. 3)/x86_64 vim-X11-6.3.046-0.30E.4.x86_64.rpm vim-common-6.3.046-0.30E.4.x86_64.rpm vim-enhanced-6.3.046-0.30E.4.x86_64.rpm vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Enterprise Linux WS (v. 4)/SRPMS vim-6.3.046-0.40E.7.src.rpm Red Hat Enterprise Linux WS (v. 4)/IA-32 vim-X11-6.3.046-0.40E.7.i386.rpm vim-common-6.3.046-0.40E.7.i386.rpm vim-enhanced-6.3.046-0.40E.7.i386.rpm vim-minimal-6.3.046-0.40E.7.i386.rpm Red Hat Enterprise Linux WS (v. 4)/IA-64 vim-X11-6.3.046-0.40E.7.ia64.rpm vim-common-6.3.046-0.40E.7.ia64.rpm vim-enhanced-6.3.046-0.40E.7.ia64.rpm vim-minimal-6.3.046-0.40E.7.ia64.rpm Red Hat Enterprise Linux WS (v. 4)/x86_64 vim-X11-6.3.046-0.40E.7.x86_64.rpm vim-common-6.3.046-0.40E.7.x86_64.rpm vim-enhanced-6.3.046-0.40E.7.x86_64.rpm vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor/SRPMS vim-6.0-7.22.src.rpm Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor/IA-64 vim-X11-6.0-7.22.ia64.rpm vim-common-6.0-7.22.ia64.rpm vim-enhanced-6.0-7.22.ia64.rpm vim-minimal-6.0-7.22.ia64.rpm SGI SGI ProPack 3 Service Pack 6 Parche 10212 http://support.sgi.com/ SCO OpenServer 6.0.0 ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2005-2368 |
BID | 14374 |
Recursos adicionales |
|
Mandriva Security Advisories MDKSA-2005:148 http://www.mandriva.com/security/advisories?name=MDKSA-2005:148 Red Hat Security Advisory RHSA-2005:745-10 https://rhn.redhat.com/errata/RHSA-2005-745.html SGI Security advisory (20050901-01-U) ftp://patches.sgi.com/support/free/security/advisories/20050901-01-U.asc SCO Security Advisory (SCOSA-2006.13) ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.13/SCOSA-2006.13.txt |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2005-09-06 |
1.1 | Aviso emitido por SGI (20050901-01-U) | 2005-09-16 |
1.2 | Aviso emitido por SCO (SCOSA-2006.13) | 2006-03-17 |