CVE - CVE-2008-3432

CVE-ID
CVE-2008-3432	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim URL:http://www.securityfocus.com/archive/1/502322/100/0/threaded MLIST:[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw URL:http://www.openwall.com/lists/oss-security/2008/07/15/4 MLIST:[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw URL:http://www.openwall.com/lists/oss-security/2008/08/01/1 CONFIRM:ftp://ftp.vim.org/pub/vim/patches/6.2.429 CONFIRM:ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059 CONFIRM:http://support.apple.com/kb/HT3216 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=455455 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0004.html APPLE:APPLE-SA-2008-10-09 URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html REDHAT:RHSA-2008:0617 URL:http://www.redhat.com/support/errata/RHSA-2008-0617.html BID:30648 URL:http://www.securityfocus.com/bid/30648 BID:31681 URL:http://www.securityfocus.com/bid/31681 OVAL:oval:org.mitre.oval:def:11203 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203 OVAL:oval:org.mitre.oval:def:5987 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987 SECUNIA:32858 URL:http://secunia.com/advisories/32858 VUPEN:ADV-2008-2780 URL:http://www.vupen.com/english/advisories/2008/2780 VUPEN:ADV-2009-0033 URL:http://www.vupen.com/english/advisories/2009/0033 SECUNIA:32222 URL:http://secunia.com/advisories/32222 SECUNIA:33410 URL:http://secunia.com/advisories/33410 VUPEN:ADV-2009-0904 URL:http://www.vupen.com/english/advisories/2009/0904 XF:vim-mchexpandwildcards-bo(44722) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44722
Assigning CNA
N/A
Date Entry Created
20080731	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080731)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org