Vim 输入验证漏洞

漏洞信息详情

Vim 输入验证漏洞

• CNNVD编号：CNNVD-200809-244
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2008-4101
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2007-05-16
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2009-04-16
  
• 厂        商：
  
  vim
• 漏洞来源：
  Luigi Auriemma※ al…

Vim 存在输入验证漏洞。由于没有正确的过滤转义字符，攻击者可以(1)借助点击键盘上的K键执行任意shell命令，或，(2)按Ctrl 键或(3)\”g]\”序列后执行一个参数输入任意Ex命令。

来源: MLIST

名称: [vim_dev] 20080824 Bug with v_K and potentially K command

链接:http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33

来源: MISC

链接:http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2

来源: bugzilla.redhat.com

链接:https://bugzilla.redhat.com/show_bug.cgi?id=461927

来源: XF

名称: vim-normal-command-execution(44626)

链接:http://xforce.iss.net/xforce/xfdb/44626

来源: VUPEN

名称: ADV-2009-0904

链接:http://www.vupen.com/english/advisories/2009/0904

来源: www.vmware.com

链接:http://www.vmware.com/security/advisories/VMSA-2009-0004.html

来源: UBUNTU

名称: USN-712-1

链接:http://www.ubuntu.com/usn/USN-712-1

来源: BID

名称: 31681

链接:http://www.securityfocus.com/bid/31681

来源: BID

名称: 30795

链接:http://www.securityfocus.com/bid/30795

来源: BUGTRAQ

名称: 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim

链接:http://www.securityfocus.com/archive/1/archive/1/502322/100/0/threaded

来源: BUGTRAQ

名称: 20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g]

链接:http://www.securityfocus.com/archive/1/495703

来源: BUGTRAQ

名称: 20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g]

链接:http://www.securityfocus.com/archive/1/495662

来源: REDHAT

名称: RHSA-2008:0617

链接:http://www.redhat.com/support/errata/RHSA-2008-0617.html

来源: REDHAT

名称: RHSA-2008:0580

链接:http://www.redhat.com/support/errata/RHSA-2008-0580.html

来源: MISC

链接:http://www.rdancer.org/vulnerablevim-K.html

来源: MLIST

名称: [oss-security] 20080915 Re: [oss-list] CVE request (vim)

链接:http://www.openwall.com/lists/oss-security/2008/09/16/6

来源: MLIST

名称: [oss-security] 20080915 Re: [oss-list] CVE request (vim)

链接:http://www.openwall.com/lists/oss-security/2008/09/16/5

来源: MLIST

名称: [oss-security] 20080911 Re: [oss-list] CVE request (vim)

链接:http://www.openwall.com/lists/oss-security/2008/09/11/4

来源: MLIST

名称: [oss-security] 20080911 [oss-list] CVE request (vim)

链接:http://www.openwall.com/lists/oss-security/2008/09/11/3

来源: MANDRIVA

名称: MDVSA-2008:236

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:236

来源: VUPEN

名称: ADV-2009-0033

链接:http://www.frsirt.com/english/advisories/2009/0033

来源: VUPEN

名称: ADV-2008-2780

链接:http://www.frsirt.com/english/advisories/2008/2780

来源: support.avaya.com

链接:http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm

来源: support.avaya.com

链接:http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm

来源: support.apple.com

链接:http://support.apple.com/kb/HT3216

来源: SECUNIA

名称: 33410

链接:http://secunia.com/advisories/33410

来源: SECUNIA

名称: 32222

链接:http://secunia.com/advisories/32222

来源: SECUNIA

名称: 31592

链接:http://secunia.com/advisories/31592

来源: APPLE

名称: APPLE-SA-2008-10-09

链接:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

来源: MISC

链接:http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e

来源: MISC

链接:http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2

来源: MLIST

名称: [vim-dev] 20080903 Patch 7.2.010

链接:http://ftp.vim.org/pub/vim/patches/7.2/7.2.010