CVE-2008-3432

Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
ftp://ftp.vim.org/pub/vim/patches/6.2.429
ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	Patch Vendor Advisory
http://secunia.com/advisories/32222	Vendor Advisory
http://secunia.com/advisories/32858
http://secunia.com/advisories/33410
http://support.apple.com/kb/HT3216	Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
http://www.openwall.com/lists/oss-security/2008/07/15/4
http://www.openwall.com/lists/oss-security/2008/08/01/1
http://www.redhat.com/support/errata/RHSA-2008-0617.html
http://www.securityfocus.com/archive/1/502322/100/0/threaded
http://www.securityfocus.com/bid/30648
http://www.securityfocus.com/bid/31681	Patch
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/0033
http://www.vupen.com/english/advisories/2009/0904
https://bugzilla.redhat.com/show_bug.cgi?id=455455
https://exchange.xforce.ibmcloud.com/vulnerabilities/44722
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987
ftp://ftp.vim.org/pub/vim/patches/6.2.429
ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	Patch Vendor Advisory
http://secunia.com/advisories/32222	Vendor Advisory
http://secunia.com/advisories/32858
http://secunia.com/advisories/33410
http://support.apple.com/kb/HT3216	Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
http://www.openwall.com/lists/oss-security/2008/07/15/4
http://www.openwall.com/lists/oss-security/2008/08/01/1
http://www.redhat.com/support/errata/RHSA-2008-0617.html
http://www.securityfocus.com/archive/1/502322/100/0/threaded
http://www.securityfocus.com/bid/30648
http://www.securityfocus.com/bid/31681	Patch
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/0033
http://www.vupen.com/english/advisories/2009/0904
https://bugzilla.redhat.com/show_bug.cgi?id=455455
https://exchange.xforce.ibmcloud.com/vulnerabilities/44722
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vim:vim:6.2:::::::*
	cpe:2.3:a:vim:vim:6.3:::::::*

History

21 Nov 2024, 00:49

Information

Published : 2008-10-10 10:30

Updated : 2024-11-21 00:49

NVD link : CVE-2008-3432

Mitre link : CVE-2008-3432

CVE.ORG link : CVE-2008-3432

JSON object : View

Products Affected

vim

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2008-3432", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-10-10T10:30:03.043", "references": [{"url": "ftp://ftp.vim.org/pub/vim/patches/6.2.429", "source": "secalert@redhat.com"}, {"url": "ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059", "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/32222", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/32858", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/33410", "source": "secalert@redhat.com"}, {"url": "http://support.apple.com/kb/HT3216", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/30648", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/31681", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2008/2780", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2009/0033", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2009/0904", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=455455", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44722", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987", "source": "secalert@redhat.com"}, {"url": "ftp://ftp.vim.org/pub/vim/patches/6.2.429", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/32222", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/32858", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/33410", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.apple.com/kb/HT3216", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/30648", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/31681", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/2780", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/0033", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/0904", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=455455", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44722", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n mch_expand_wildcard en os_unix.c en Vim v6.2 y v6.3 permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante metacaracteres del interprete de comandos en el nombre de los ficheros, como se ha demostrado por el caso de prueba netrw.v3."}], "lastModified": "2024-11-21T00:49:14.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "464D5E9A-EB5A-47AB-8657-15A68AD30D59"}, {"criteria": "cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F4F51CA-18C1-4043-B4E6-F1AD9D3C1346"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

6.8 /10