CVE-2004-1138
CVSS7.2
发布时间 :2005-01-10 00:00:00
修订时间 :2016-10-17 22:51:38
NMCOS    

[原文]VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.


[CNNVD]Vim modeline 命令执行漏洞(CNNVD-200501-076)

        VIM是一个文本编辑器软件,在类Unix系统中使用较多。
        VIM 6.3和gVim 6.3之前的版本存在本地代码执行漏洞。
        本地用户可通过包含特定modeline的文件执行任意命令,使用以下选项查看文件时会导致命令执行:termcap、printdevice、titleold、filetype、syntax、backupext、keymap、patchmode或langmenu。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:vim_development_group:vim:6.3.025
cpe:/a:vim_development_group:vim:5.0
cpe:/a:vim_development_group:vim:5.3
cpe:/a:vim_development_group:vim:6.2
cpe:/a:vim_development_group:vim:5.4
cpe:/a:vim_development_group:vim:5.1
cpe:/a:vim_development_group:vim:6.0
cpe:/a:vim_development_group:vim:5.2
cpe:/a:vim_development_group:vim:6.1
cpe:/a:vim_development_group:vim:5.7
cpe:/a:vim_development_group:vim:5.8
cpe:/a:vim_development_group:vim:5.5
cpe:/a:vim_development_group:vim:5.6
cpe:/a:vim_development_group:vim:6.3.030
cpe:/a:vim_development_group:vim:6.3.011
cpe:/a:vim_development_group:vim:6.3.044

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9571VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1138
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1138
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-076
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110313588125609&w=2
(UNKNOWN)  OPENPKG  OpenPKG-SA-2004.052
http://www.gentoo.org/security/en/glsa/glsa-200412-10.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200412-10
http://www.redhat.com/support/errata/RHSA-2005-010.html
(UNKNOWN)  REDHAT  RHSA-2005:010
http://www.redhat.com/support/errata/RHSA-2005-036.html
(UNKNOWN)  REDHAT  RHSA-2005:036
http://xforce.iss.net/xforce/xfdb/18503
(UNKNOWN)  XF  vim-modeline-gain-privileges(18503)
https://bugzilla.fedora.us/show_bug.cgi?id=2343
(UNKNOWN)  FEDORA  FLSA:2343

- 漏洞信息

Vim modeline 命令执行漏洞
高危 输入验证
2005-01-10 00:00:00 2005-10-20 00:00:00
远程  
        VIM是一个文本编辑器软件,在类Unix系统中使用较多。
        VIM 6.3和gVim 6.3之前的版本存在本地代码执行漏洞。
        本地用户可通过包含特定modeline的文件执行任意命令,使用以下选项查看文件时会导致命令执行:termcap、printdevice、titleold、filetype、syntax、backupext、keymap、patchmode或langmenu。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://vim.sourceforge.net/download.php

- 漏洞信息

12420
Vim / Gvim Modelines Arbitrary Command Execution
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-12-15 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Vim Modelines Arbitrary Command Execution Variant Vulnerability
Input Validation Error 11941
Yes No
2004-12-15 12:00:00 2009-07-12 09:26:00
Discovery is credited to Ciaran McCreesh.

- 受影响的程序版本

VIM Development Group VIM 6.3 .044
+ OpenPKG OpenPKG Current
VIM Development Group VIM 6.3 .030
+ OpenPKG OpenPKG 2.2
VIM Development Group VIM 6.3 .025
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
VIM Development Group VIM 6.3 .011
+ OpenPKG OpenPKG 2.1
VIM Development Group VIM 6.2
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Red Hat Fedora Core1
+ SCO OpenLinux Server 3.1.1
+ SCO OpenLinux Workstation 3.1.1
VIM Development Group VIM 6.1
+ Conectiva Linux 8.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0
+ RedHat Linux for iSeries 7.1
+ RedHat Linux for pSeries 7.1
+ Sun Cobalt Qube 3
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ 550
+ Sun Cobalt RaQ XTR
+ Sun Linux 5.0.6
VIM Development Group VIM 6.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
VIM Development Group VIM 5.8
VIM Development Group VIM 5.7
+ Caldera OpenLinux 2.3
+ Red Hat Linux 6.2
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
+ RedHat Linux 5.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3
+ S.u.S.E. Linux 6.2
+ S.u.S.E. Linux 6.1
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
VIM Development Group VIM 5.6
VIM Development Group VIM 5.5
VIM Development Group VIM 5.4
VIM Development Group VIM 5.3
VIM Development Group VIM 5.2
VIM Development Group VIM 5.1
VIM Development Group VIM 5.0
SGI ProPack 3.0
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
IPCop IPCop 1.4.5
IPCop IPCop 1.4.4
IPCop IPCop 1.4.2
IPCop IPCop 1.4.1
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Network Routing
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya CVLAN
Avaya Converged Communications Server 2.0
VIM Development Group VIM 6.3 .045

- 不受影响的程序版本

VIM Development Group VIM 6.3 .045

- 漏洞讨论

Vim modelines is prone to a vulnerability that may permit execution of arbitrary commands. Reportedly, certain modelines options expose this issue. Exploitation could occur when a malicious file is opened in the editor and would occur in the context of the user opening the file.

This issue is similar to BID 6384.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

SGI has released advisory 20050102-01-U to address various issues in SGI Advanced Linux Environment 3. This advisory includes updated SGI ProPack 3 Service Pack 3 packages (patch10132.tar.gz). Please see the referenced advisory for more information.

Gentoo has released updates to address this issue. These updates may be applied by issuing the following commands for Vim and gVim respectively:

(vim)
emerge --sync
emerge --ask --oneshot --verbose ">=app-editors/vim-6.3-r2"

(gVim)
emerge --sync
emerge --ask --oneshot --verbose ">=app-editors/gvim-6.3-r2"

The vendor has addressed this issue in Vim 6.3.045 and later releases. An updated release may be obtained by download the latest 6.3 release from the vim.org downloads page or through CVS.

OpenPKG has released an advisory dealing with this issue. Please see the referenced advisory for more information.

Ubuntu has released an advisory dealing with this issue. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2005:010-05 to address this issue in Red Hat Enterprise Linux. Please see the advisory in Web references for more information.

Mandrake has released advisory MDKSA-2005:003 to address this vulnerability. Please see the attached advisory for details on obtaining and applying fixes.

Avaya has released advisory ASA-2005-020 to document the affected versions of Avaya products. Please see the referenced advisory for further information.

Fedora Legacy has released advisory FLSA:2343 to adress this issue for various Red Hat Linux releases and Fedora Core 1. Please see the referenced advisory for further information.

IPCop has released version 1.4.6 to address this issue.


IPCop IPCop 1.4.1

IPCop IPCop 1.4.2

IPCop IPCop 1.4.4

IPCop IPCop 1.4.5

SGI ProPack 3.0

VIM Development Group VIM 5.0

VIM Development Group VIM 5.1

VIM Development Group VIM 5.2

VIM Development Group VIM 5.3

VIM Development Group VIM 5.4

VIM Development Group VIM 5.5

VIM Development Group VIM 5.6

VIM Development Group VIM 5.7

VIM Development Group VIM 5.8

VIM Development Group VIM 6.0

VIM Development Group VIM 6.1

VIM Development Group VIM 6.2

VIM Development Group VIM 6.3 .030

VIM Development Group VIM 6.3 .025

VIM Development Group VIM 6.3 .011

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站