CVE - CVE-2008-4101

CVE-ID
CVE-2008-4101	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g] URL:http://www.securityfocus.com/archive/1/495662 BUGTRAQ:20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g] URL:http://www.securityfocus.com/archive/1/495703 BUGTRAQ:20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim URL:http://www.securityfocus.com/archive/1/502322/100/0/threaded MLIST:[oss-security] 20080911 Re: [oss-list] CVE request (vim) URL:http://www.openwall.com/lists/oss-security/2008/09/11/4 MLIST:[oss-security] 20080911 [oss-list] CVE request (vim) URL:http://www.openwall.com/lists/oss-security/2008/09/11/3 MLIST:[oss-security] 20080915 Re: [oss-list] CVE request (vim) URL:http://www.openwall.com/lists/oss-security/2008/09/16/5 MLIST:[oss-security] 20080915 Re: [oss-list] CVE request (vim) URL:http://www.openwall.com/lists/oss-security/2008/09/16/6 MLIST:[vim-dev] 20080903 Patch 7.2.010 URL:http://ftp.vim.org/pub/vim/patches/7.2/7.2.010 MLIST:[vim_dev] 20080824 Bug with v_K and potentially K command URL:http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33 MISC:http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2 MISC:http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2 MISC:http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e MISC:http://www.rdancer.org/vulnerablevim-K.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=461927 CONFIRM:http://support.apple.com/kb/HT3216 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0004.html CONFIRM:http://support.apple.com/kb/HT4077 APPLE:APPLE-SA-2008-10-09 URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html APPLE:APPLE-SA-2010-03-29-1 URL:http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html MANDRIVA:MDVSA-2008:236 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 REDHAT:RHSA-2008:0617 URL:http://www.redhat.com/support/errata/RHSA-2008-0617.html REDHAT:RHSA-2008:0580 URL:http://www.redhat.com/support/errata/RHSA-2008-0580.html REDHAT:RHSA-2008:0618 URL:http://www.redhat.com/support/errata/RHSA-2008-0618.html UBUNTU:USN-712-1 URL:http://www.ubuntu.com/usn/USN-712-1 BID:31681 URL:http://www.securityfocus.com/bid/31681 BID:30795 URL:http://www.securityfocus.com/bid/30795 OVAL:oval:org.mitre.oval:def:10894 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894 OVAL:oval:org.mitre.oval:def:5812 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812 SECUNIA:31592 URL:http://secunia.com/advisories/31592 SECUNIA:32858 URL:http://secunia.com/advisories/32858 SECUNIA:32864 URL:http://secunia.com/advisories/32864 VUPEN:ADV-2008-2780 URL:http://www.vupen.com/english/advisories/2008/2780 VUPEN:ADV-2009-0033 URL:http://www.vupen.com/english/advisories/2009/0033 SECUNIA:32222 URL:http://secunia.com/advisories/32222 SECUNIA:33410 URL:http://secunia.com/advisories/33410 VUPEN:ADV-2009-0904 URL:http://www.vupen.com/english/advisories/2009/0904 XF:vim-normal-command-execution(44626) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
Assigning CNA
N/A
Date Entry Created
20080915	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080915)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org