Debian Bug report logs -
#506919
vim: multiple vulnerabilities (CVE-2008-3074, CVE-2008-3075, and CVE-2008-3076)
Reported by: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
Date: Tue, 25 Nov 2008 22:33:01 UTC
Severity: grave
Tags: fixed, security
Found in version vim/1:6.4-000+1
Fixed in versions vim/2:7.2.010-1, vim/1:7.1.314-3+lenny1
Done: James Vega <jamessan@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian Vim Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>:
Bug#506919; Package vim.
(Tue, 25 Nov 2008 22:33:04 GMT) (full text, mbox, link).
Acknowledgement sent
to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian Vim Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>.
(Tue, 25 Nov 2008 22:33:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: vim
Version: 1:7.0.109
Severity: grave
Tags: security
Justification: user security hole
redhat has just released an update that fixes multiple security flaws in
vim [1]. these issues are currently reserved in the CVE tracker, but
redhat describes the probems as:
Multiple security flaws were found in netrw.vim, the Vim plug-in providing
file reading and writing over the network. If a user opened a specially
crafted file or directory with the netrw plug-in, it could result in
arbitrary code execution as the user running Vim. (CVE-2008-3076)
A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,
it could result in arbitrary code execution as the user running Vim.
(CVE-2008-3075)
A security flaw was found in tar.vim, the Vim plug-in which handles TAR
archive browsing. If a user opened a TAR archive using the tar.vim plug-in,
it could result in arbitrary code execution as the user runnin Vim.
(CVE-2008-3074)
versions affected are unclear from the redhat notice, but the problem at
least applies to vim version 7.0.109, which they have fixed in rhel5.
thanks for working to keep debian secure.
[1] https://rhn.redhat.com/errata/RHSA-2008-0580.html
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages vim depends on:
ii libacl1 2.2.47-2 Access control list shared library
ii libc6 2.7-16 GNU C Library: Shared libraries
ii libgpm2 1.20.4-3 General Purpose Mouse - shared lib
ii libncurses5 5.6+20080830-1 shared libraries for terminal hand
ii libselinux1 2.0.65-5 SELinux shared libraries
ii vim-common 1:7.1.314-3+lenny2 Vi IMproved - Common files
ii vim-runtime 1:7.1.314-3+lenny2 Vi IMproved - Runtime files
vim recommends no packages.
Versions of packages vim suggests:
pn ctags <none> (no description available)
pn vim-doc <none> (no description available)
pn vim-scripts <none> (no description available)
-- no debconf information
Tags added: fixed
Request was from James Vega <jamessan@debian.org>
to control@bugs.debian.org.
(Tue, 25 Nov 2008 23:30:04 GMT) (full text, mbox, link).
Tags added: fixed
Request was from James Vega <jamessan@debian.org>
to control@bugs.debian.org.
(Tue, 25 Nov 2008 23:30:05 GMT) (full text, mbox, link).
Reply sent
to James Vega <jamessan@debian.org>:
You have taken responsibility.
(Tue, 25 Nov 2008 23:30:09 GMT) (full text, mbox, link).
Notification sent
to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer.
(Tue, 25 Nov 2008 23:30:09 GMT) (full text, mbox, link).
Message #14 received at 506919-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tag 506919 fixed 2:7.2.010-1
tag 506919 fixed 1:7.1.314-3+lenny1
thanks
On Tue, Nov 25, 2008 at 05:31:36PM -0500, Michael S. Gilbert wrote:
> redhat has just released an update that fixes multiple security flaws in
> vim [1]. these issues are currently reserved in the CVE tracker, but
> redhat describes the probems as:
>
> Multiple security flaws were found in netrw.vim, the Vim plug-in providing
> file reading and writing over the network. If a user opened a specially
> crafted file or directory with the netrw plug-in, it could result in
> arbitrary code execution as the user running Vim. (CVE-2008-3076)
>
> A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
> archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,
> it could result in arbitrary code execution as the user running Vim.
> (CVE-2008-3075)
>
> A security flaw was found in tar.vim, the Vim plug-in which handles TAR
> archive browsing. If a user opened a TAR archive using the tar.vim plug-in,
> it could result in arbitrary code execution as the user runnin Vim.
> (CVE-2008-3074)
>
> versions affected are unclear from the redhat notice, but the problem at
> least applies to vim version 7.0.109, which they have fixed in rhel5.
These are basically split out versions of previously released
vulnerabilities. They're fixed in the above mentioned versions.
--
James
GPG Key: 1024D/61326D40 2003-09-02 James Vega <jamessan@debian.org>
[signature.asc (application/pgp-signature, inline)]
Bug no longer marked as found in version 1:7.0.109.
Request was from James Vega <jamessan@debian.org>
to control@bugs.debian.org.
(Wed, 26 Nov 2008 00:09:02 GMT) (full text, mbox, link).
Bug marked as found in version 1:6.4-000+1 and reopened.
Request was from James Vega <jamessan@debian.org>
to control@bugs.debian.org.
(Wed, 26 Nov 2008 00:09:03 GMT) (full text, mbox, link).
Bug marked as fixed in version 2:7.2.010-1.
Request was from James Vega <jamessan@debian.org>
to control@bugs.debian.org.
(Wed, 26 Nov 2008 00:12:06 GMT) (full text, mbox, link).
Bug marked as fixed in version 1:7.1.314-3+lenny1.
Request was from James Vega <jamessan@debian.org>
to control@bugs.debian.org.
(Wed, 26 Nov 2008 00:12:06 GMT) (full text, mbox, link).
Bug closed, send any further explanations to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
Request was from James Vega <jamessan@debian.org>
to control@bugs.debian.org.
(Wed, 26 Nov 2008 00:18:05 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 16 Feb 2009 07:52:01 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:53:09 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon