CVE-2002-1377
CVSS4.6
发布时间 :2002-12-23 00:00:00
修订时间 :2016-10-17 22:26:33
NMCOS    

[原文]vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.


[CNNVD]VIM ModeLines本地任意命令执行漏洞(CNNVD-200212-060)

        
        VIM是一款免费开放源代码文本编辑器,可使用在Unix/Linux操作系统下。
        VIM的modelines功能对用户输入缺少正确过滤,本地攻击者可以利用这个漏洞通过modeline功能执行任意命令。
        根据报告VIM的modelines功能存在问题,Modelines功能允许在文本文件开头结尾放置指令来指定编辑器怎样处理文件中的部分元素,但是由于输入处理不正确,通过在文本文件中设置恶意标记,诱使用户打开时以其他用户权限执行任意命令。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:vim_development_group:vim:5.0
cpe:/a:vim_development_group:vim:5.3
cpe:/a:vim_development_group:vim:5.4
cpe:/a:vim_development_group:vim:5.1
cpe:/a:vim_development_group:vim:6.0
cpe:/a:vim_development_group:vim:5.2
cpe:/a:vim_development_group:vim:6.1
cpe:/a:vim_development_group:vim:5.7
cpe:/a:vim_development_group:vim:5.8
cpe:/a:vim_development_group:vim:5.5
cpe:/a:vim_development_group:vim:5.6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1377
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1377
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-060
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812
(UNKNOWN)  CONECTIVA  CLA-2004:812
http://lists.grok.org.uk/pipermail/full-disclosure/2002-December/002948.html
(UNKNOWN)  FULLDISC  20021213 Some vim problems, yet still vim much better than windows
http://marc.info/?l=bugtraq&m=108077992208690&w=2
(UNKNOWN)  BUGTRAQ  20040331 OpenLinux: vim arbitrary commands execution through modelines
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700
(UNKNOWN)  SUNALERT  55700
http://www.guninski.com/vim1.html
(VENDOR_ADVISORY)  MISC  http://www.guninski.com/vim1.html
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:012
(UNKNOWN)  MANDRAKE  MDKSA-2003:012
http://www.redhat.com/support/errata/RHSA-2002-297.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2002:297
http://www.redhat.com/support/errata/RHSA-2002-302.html
(UNKNOWN)  REDHAT  RHSA-2002:302
http://www.securityfocus.com/bid/6384
(UNKNOWN)  BID  6384
http://xforce.iss.net/xforce/xfdb/10835
(VENDOR_ADVISORY)  XF  vim-modeline-command-execution(10835)

- 漏洞信息

VIM ModeLines本地任意命令执行漏洞
中危 输入验证
2002-12-23 00:00:00 2005-05-13 00:00:00
本地  
        
        VIM是一款免费开放源代码文本编辑器,可使用在Unix/Linux操作系统下。
        VIM的modelines功能对用户输入缺少正确过滤,本地攻击者可以利用这个漏洞通过modeline功能执行任意命令。
        根据报告VIM的modelines功能存在问题,Modelines功能允许在文本文件开头结尾放置指令来指定编辑器怎样处理文件中的部分元素,但是由于输入处理不正确,通过在文本文件中设置恶意标记,诱使用户打开时以其他用户权限执行任意命令。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 关闭Modelines功能:
        更改user-level ~/.vimrc文件,进行如下设置:
        set modelines=0
        厂商补丁:
        VIM Development Group
        ---------------------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.vim.org/

- 漏洞信息

8648
Vim libcall Command Execution

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-12-12 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

VIM ModeLines Arbitrary Command Execution Vulnerability
Input Validation Error 6384
No Yes
2002-12-12 12:00:00 2009-07-11 07:16:00
Vulnerability discovery credited to a source that has requested not to be credited in this database.

- 受影响的程序版本

VIM Development Group VIM 6.2
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Red Hat Fedora Core1
+ SCO OpenLinux Server 3.1.1
+ SCO OpenLinux Workstation 3.1.1
VIM Development Group VIM 6.1
+ Conectiva Linux 8.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0
+ RedHat Linux for iSeries 7.1
+ RedHat Linux for pSeries 7.1
+ Sun Cobalt Qube 3
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ 550
+ Sun Cobalt RaQ XTR
+ Sun Linux 5.0.6
VIM Development Group VIM 6.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
VIM Development Group VIM 5.8
VIM Development Group VIM 5.7
+ Caldera OpenLinux 2.3
+ Red Hat Linux 6.2
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
+ RedHat Linux 5.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3
+ S.u.S.E. Linux 6.2
+ S.u.S.E. Linux 6.1
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
VIM Development Group VIM 5.6
VIM Development Group VIM 5.5
VIM Development Group VIM 5.4
VIM Development Group VIM 5.3
VIM Development Group VIM 5.2
VIM Development Group VIM 5.1
VIM Development Group VIM 5.0
Sun Cobalt RaQ XTR
Sun Cobalt RaQ 4
SCO OpenLinux Workstation 3.1.1
SCO OpenLinux Server 3.1.1

- 漏洞讨论

vim is a freely available, open source text editor. It is available for Unix, Linux, and Microsoft Operating Systems.

It has been reported that a problem exists in vim with modelines. Modelines are instructions placed at the beginning and end of text files to instruct the editor on how to handle certain elements of the file. Due to insufficent handling of input, it may be possible to execute arbitrary commands through the modelines function.

**A conceptual worm has been reported that explicitly illustrates how this vulnerability could be futher exploited to act as a mass mailing worm.

- 漏洞利用

An exploit has been reported as available.

- 解决方案

Gentoo Linux has released an advisory. Users who have installed app-editos/vim-core, app-editos/vim, or app-editos/gvim are advised to upgrade their systems by issuing the following commands:

emerge sync
emerge -u vim-core
emerge -u vim
emerge -u gvim
emerge clean

Mandrake has released an advisory (MDKSA-2003:012) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Sun Microsystems has made fixes available for this issue.

Conectiva has released advisory CLA-2004:812 with fixes to address this issue.

SCO OpenLinux has released advisory CSSA-2004-015.0 and fixes dealing with this issue.

The following fixes are available:


Sun Cobalt RaQ XTR

Sun Cobalt RaQ 4

VIM Development Group VIM 5.7

VIM Development Group VIM 6.0

VIM Development Group VIM 6.1

VIM Development Group VIM 6.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站