CVE-2008-3076 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-3076
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-3076

Description: The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/43624 SUSE http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html SAID Secunia Advisory: SA34418 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0580.html MLIST http://www.openwall.com/lists/oss-security/2008/10/20/2 http://marc.info/?l=oss-security&m=122416184431388&w=2 http://www.openwall.com/lists/oss-security/2008/07/08/12 http://www.openwall.com/lists/oss-security/2008/07/07/4 http://www.openwall.com/lists/oss-security/2008/07/07/1 MISC http://www.rdancer.org/vulnerablevim-netrw.v2.html http://www.rdancer.org/vulnerablevim-netrw.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919 BUGTRAQ http://marc.info/?l=bugtraq&m=121494431426308&w=2 BID 30115

Return to the previous page.