7.6
CVSSv2

CVE-2007-2438

Published: 02/05/2007 Updated: 16/10/2018
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
VMScore: 676
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Summary

The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted malicious users to execute shell commands and write files via modelines.

Vulnerability Trend

Affected Products

Vendor Product Versions
Vim Development GroupVim7.0

Vendor Advisories

Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges ...
Debian Bug report logs - #435401 sandbox for vim allows attackers to execute shell commands and write files via modelines Package: vim; Maintainer for vim is Debian Vim Maintainers <team+vim@trackerdebianorg>; Source for vim is src:vim (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> ...
Several vulnerabilities have been discovered in the vim editor The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2953 Ulf Härnhammar discovered that a format string flaw in helptags_one() from src/ex_cmdsc (triggered through the helptags command) can lead to the execution of arbitrary code ...

Github Repositories

Список полезных команд Linux Вывод версии дистрибутива Дерево процессов Поиск процесса занимающего порт Фоновый процесс Работа с фоновыми процессами Ctrl + Z - приостановить и свернуть задачу Добавление для ${

References

NVD-CWE-Otherhttp://attrition.org/pipermail/vim/2007-May/001614.htmlhttp://marc.info/?l=vim-dev&m=117762581821298&w=2http://marc.info/?l=vim-dev&m=117778983714029&w=2http://osvdb.org/36250http://secunia.com/advisories/25024http://secunia.com/advisories/25159http://secunia.com/advisories/25182http://secunia.com/advisories/25255http://secunia.com/advisories/25367http://secunia.com/advisories/25432http://secunia.com/advisories/26653http://tech.groups.yahoo.com/group/vimannounce/message/178http://tech.groups.yahoo.com/group/vimdev/message/46627http://tech.groups.yahoo.com/group/vimdev/message/46645http://tech.groups.yahoo.com/group/vimdev/message/46658http://www.attrition.org/pipermail/vim/2007-August/001770.htmlhttp://www.debian.org/security/2007/dsa-1364http://www.mandriva.com/security/advisories?name=MDKSA-2007:101http://www.novell.com/linux/security/advisories/2007_12_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0346.htmlhttp://www.securityfocus.com/archive/1/467202/100/0/threadedhttp://www.securityfocus.com/bid/23725http://www.securitytracker.com/id?1018035http://www.trustix.org/errata/2007/0017/http://www.ubuntu.com/usn/usn-463-1http://www.vim.org/news/news.phphttp://www.vupen.com/english/advisories/2007/1599https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238259https://exchange.xforce.ibmcloud.com/vulnerabilities/34012https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9876https://github.com/finagin/encyclopediahttps://www.rapid7.com/db/vulnerabilities/suse-cve-2007-2438https://usn.ubuntu.com/463-1/https://nvd.nist.govhttps://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2007-0346http://tools.cisco.com/security/center/viewAlert.x?alertId=13223