CVE编号
CVE-2008-2712利用情况
暂无补丁情况
官方补丁披露时间
2008-06-17漏洞描述
Vim 7.1.314,6.4和其他版本允许用户辅助的远程攻击者通过Vim脚本执行任意命令,这些脚本在调用执行或系统函数之前没有正确清理输入,如使用(1)filetype.vim,(3)所示xpm.vim,(4)gzip_vim,和(5)netrw所示。注意:最初报告的版本是7.1.314,但研究人员实际上在7.1.298中发现了这组问题。注意:zvelugin问题(此标识符中最初的向量2)已被CVE-2008-3075包含。解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | |
| http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | |
| http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html | |
| http://marc.info/?l=bugtraq&m=121494431426308&w=2 | |
| http://secunia.com/advisories/30731 | |
| http://secunia.com/advisories/32222 | |
| http://secunia.com/advisories/32858 | |
| http://secunia.com/advisories/32864 | |
| http://secunia.com/advisories/33410 | |
| http://secunia.com/advisories/34418 | |
| http://securityreason.com/securityalert/3951 | |
| http://support.apple.com/kb/HT3216 | |
| http://support.apple.com/kb/HT4077 | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm | |
| http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm | |
| http://wiki.rpath.com/Advisories:rPSA-2008-0247 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 | |
| http://www.openwall.com/lists/oss-security/2008/06/16/2 | |
| http://www.openwall.com/lists/oss-security/2008/10/15/1 | |
| http://www.rdancer.org/vulnerablevim.html | |
| http://www.redhat.com/support/errata/RHSA-2008-0580.html | |
| http://www.redhat.com/support/errata/RHSA-2008-0617.html | |
| http://www.redhat.com/support/errata/RHSA-2008-0618.html | |
| http://www.securityfocus.com/archive/1/493352/100/0/threaded | |
| http://www.securityfocus.com/archive/1/493353/100/0/threaded | |
| http://www.securityfocus.com/archive/1/495319/100/0/threaded | |
| http://www.securityfocus.com/archive/1/502322/100/0/threaded | |
| http://www.securityfocus.com/bid/29715 | |
| http://www.securityfocus.com/bid/31681 | |
| http://www.securitytracker.com/id?1020293 | |
| http://www.ubuntu.com/usn/USN-712-1 | |
| http://www.vmware.com/security/advisories/VMSA-2009-0004.html | |
| http://www.vupen.com/english/advisories/2008/1851/references | |
| http://www.vupen.com/english/advisories/2008/2780 | |
| http://www.vupen.com/english/advisories/2009/0033 | |
| http://www.vupen.com/english/advisories/2009/0904 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43083 | |
| https://issues.rpath.com/browse/RPL-2622 | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | vim | vim | * |
Up to (including) 6.4 |
|||||
| 运行在以下环境 | |||||||||
| 应用 | vim | vim | * |
From (including) 7.0 |
Up to (including) 7.1.314 |
||||
| 运行在以下环境 | |||||||||
| 系统 | centos_5 | vim | * |
Up to (excluding) 7.0.109-4.el5_2.4z |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_4.0 | vim | * |
Up to (excluding) 1:7.0-122+1etch5 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_5.0 | vim | * |
Up to (excluding) 1:7.1.293-3+lenny1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_5 | vim | * |
Up to (excluding) 7.0.109-4.el5_2.4z |
|||||
- 攻击路径 本地
- 攻击复杂度 N/A
- 权限要求 N/A
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 N/A
- 数据完整性 传输被破坏
- 服务器危害 N/A
- 全网数量 N/A
还没有评论,来说两句吧...