Published: 21/02/2009 Updated: 08/08/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted malicious users to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vim vim 7.2a.10

Synopsis Moderate: vim security update Type/Severity Security Advisory: Moderate Topic Updated vim packages that fix security issues are now available for Red HatEnterprise Linux 5This update has been rated as having moderate security impact by the Red HatSecurity Response Team Description ...

Debian Bug report logs - #506919 vim: multiple vulnerabilities (CVE-2008-3074, CVE-2008-3075, and CVE-2008-3076) Package: vim; Maintainer for vim is Debian Vim Maintainers <team+vim@trackerdebianorg>; Source for vim is src:vim (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom> Dat ...

Several vulnerabilities have been found in vim, an enhanced vi editor The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-2712 Jan Minar discovered that vim did not properly sanitise inputs before invoking the execute or system functions inside vim scripts This could lead to the execution of a ...

source: wwwsecurityfocuscom/bid/30115/info Netrw is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application Netr ...

CWE-78 http://www.rdancer.org/vulnerablevim-netrw.v2.html http://marc.info/?l=oss-security&m=122416184431388&w=2 http://marc.info/?l=bugtraq&m=121494431426308&w=2 http://www.securityfocus.com/bid/30115 http://www.openwall.com/lists/oss-security/2008/07/07/1 http://www.openwall.com/lists/oss-security/2008/07/08/12 http://www.openwall.com/lists/oss-security/2008/10/20/2 http://www.rdancer.org/vulnerablevim-netrw.html http://www.openwall.com/lists/oss-security/2008/07/07/4 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919 http://www.redhat.com/support/errata/RHSA-2008-0580.html http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324 http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 http://secunia.com/advisories/34418 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html https://exchange.xforce.ibmcloud.com/vulnerabilities/43624 https://access.redhat.com/errata/RHSA-2008:0580 https://www.debian.org/security/./dsa-1733 https://nvd.nist.gov https://www.exploit-db.com/exploits/32012/

CVE-2008-3076

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect