Mandriva Linux Security Advisory 2008-236 - vim suffers from input sanitization, format string, and arbitrary code execution vulnerabilities.
165be09831b0a0e46b603c97fb0f80a49e7ef578c6376bb2360d775b3340c334
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:236
http://www.mandriva.com/security/
_______________________________________________________________________
Package : vim
Date : December 3, 2008
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Several vulnerabilities were found in the vim editor:
A number of input sanitization flaws were found in various vim
system functions. If a user were to open a specially crafted file,
it would be possible to execute arbitrary code as the user running vim
(CVE-2008-2712).
Ulf Härnhammar of Secunia Research found a format string flaw in
vim's help tags processor. If a user were tricked into executing the
helptags command on malicious data, it could result in the execution
of arbitrary code as the user running vim (CVE-2008-2953).
A flaw was found in how tar.vim handled TAR archive browsing. If a
user were to open a special TAR archive using the plugin, it could
result in the execution of arbitrary code as the user running vim
(CVE-2008-3074).
A flaw was found in how zip.vim handled ZIP archive browsing. If a
user were to open a special ZIP archive using the plugin, it could
result in the execution of arbitrary code as the user running vim
(CVE-2008-3075).
A number of security flaws were found in netrw.vim, the vim plugin
that provides the ability to read and write files over the network.
If a user opened a specially crafted file or directory with the netrw
plugin, it could result in the execution of arbitrary code as the
user running vim (CVE-2008-3076).
A number of input validation flaws were found in vim's keyword and
tag handling. If vim looked up a document's maliciously crafted
tag or keyword, it was possible to execute arbitary code as the user
running vim (CVE-2008-4101).
A vulnerability was found in certain versions of netrw.vim where it
would send FTP credentials stored for an FTP session to subsequent
FTP sessions to servers on different hosts, exposing FTP credentials
to remote hosts (CVE-2008-4677).
This update provides vim 7.2 (patchlevel 65) which corrects all of
these issues and introduces a number of new features and bug fixes.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4677
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
9687145d46a754a50f26498399e42f84 2008.0/i586/vim-common-7.2.065-9.2mdv2008.0.i586.rpm
5ab8b8d113ef693c07cd79f693d47638 2008.0/i586/vim-enhanced-7.2.065-9.2mdv2008.0.i586.rpm
cf40227e84aac1a17a1a2973685e6a1f 2008.0/i586/vim-minimal-7.2.065-9.2mdv2008.0.i586.rpm
bf9cb876e1958d7b215a7039e1c52975 2008.0/i586/vim-X11-7.2.065-9.2mdv2008.0.i586.rpm
7b1b039b2ba0233b6535775ecd200e6d 2008.0/SRPMS/vim-7.2.065-9.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
fa3479b036e054ce12a0e680e95f28f6 2008.0/x86_64/vim-common-7.2.065-9.2mdv2008.0.x86_64.rpm
d1e10ebfaa89c3ca0cc72624531c6950 2008.0/x86_64/vim-enhanced-7.2.065-9.2mdv2008.0.x86_64.rpm
a8961516b64c325bf6662b44e1384885 2008.0/x86_64/vim-minimal-7.2.065-9.2mdv2008.0.x86_64.rpm
eb6a696807d8a2e55d9a447266081bc4 2008.0/x86_64/vim-X11-7.2.065-9.2mdv2008.0.x86_64.rpm
7b1b039b2ba0233b6535775ecd200e6d 2008.0/SRPMS/vim-7.2.065-9.2mdv2008.0.src.rpm
Mandriva Linux 2008.1:
bf1bbb5c11dc18f5b626830f83324bab 2008.1/i586/vim-common-7.2.065-9.2mdv2008.1.i586.rpm
54426458bb7601d9b3fdfedfa16ee9c6 2008.1/i586/vim-enhanced-7.2.065-9.2mdv2008.1.i586.rpm
ca94206e37b639a4577272d05ef10489 2008.1/i586/vim-minimal-7.2.065-9.2mdv2008.1.i586.rpm
8b58cee3b8ccee24408c1ed78215cb89 2008.1/i586/vim-X11-7.2.065-9.2mdv2008.1.i586.rpm
2886ecd9e5117b6464dc82e12bc41ee6 2008.1/SRPMS/vim-7.2.065-9.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
f56a2879dfbca889824074338eca652c 2008.1/x86_64/vim-common-7.2.065-9.2mdv2008.1.x86_64.rpm
e813a7a4126f4b5413b6a3517bb57c97 2008.1/x86_64/vim-enhanced-7.2.065-9.2mdv2008.1.x86_64.rpm
cfc262ca8e4995d5b648c282d05f9261 2008.1/x86_64/vim-minimal-7.2.065-9.2mdv2008.1.x86_64.rpm
dce8110e159fe8b767d596346514d1e9 2008.1/x86_64/vim-X11-7.2.065-9.2mdv2008.1.x86_64.rpm
2886ecd9e5117b6464dc82e12bc41ee6 2008.1/SRPMS/vim-7.2.065-9.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
b94e841258ba0053a8c2e1c61d378ff4 2009.0/i586/vim-common-7.2.065-9.2mdv2009.0.i586.rpm
53b66549200b5a8a3374de12c56ca3c4 2009.0/i586/vim-enhanced-7.2.065-9.2mdv2009.0.i586.rpm
a412c994a7d9f3111e2dfd4d629de72c 2009.0/i586/vim-minimal-7.2.065-9.2mdv2009.0.i586.rpm
f1a2096a8b72c74ed3ef7df984491b66 2009.0/i586/vim-X11-7.2.065-9.2mdv2009.0.i586.rpm
49185b01a1d717513902ba49235023a0 2009.0/SRPMS/vim-7.2.065-9.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
dce4c150ca5f8beed2e6ec917ee8f36d 2009.0/x86_64/vim-common-7.2.065-9.2mdv2009.0.x86_64.rpm
8351ee5ccbbf039649c830befb16c8b6 2009.0/x86_64/vim-enhanced-7.2.065-9.2mdv2009.0.x86_64.rpm
25abc823231a1242ec9e00e08aeea08b 2009.0/x86_64/vim-minimal-7.2.065-9.2mdv2009.0.x86_64.rpm
8f18e3bf52e528294a8c027227163ea0 2009.0/x86_64/vim-X11-7.2.065-9.2mdv2009.0.x86_64.rpm
49185b01a1d717513902ba49235023a0 2009.0/SRPMS/vim-7.2.065-9.2mdv2009.0.src.rpm
Corporate 3.0:
57eb3da62007c67d4dfff2184712e723 corporate/3.0/i586/vim-common-7.2.065-9.2.C30mdk.i586.rpm
cd32782aeb6a12ff17d63436cf1b5bdd corporate/3.0/i586/vim-enhanced-7.2.065-9.2.C30mdk.i586.rpm
5fe6219ae51f930a61ac7719d483c4d2 corporate/3.0/i586/vim-minimal-7.2.065-9.2.C30mdk.i586.rpm
ad522f08a5c827dc68c1c3d80dc96c05 corporate/3.0/i586/vim-X11-7.2.065-9.2.C30mdk.i586.rpm
5056d9e1057c60b0cc2514cfb14f6aef corporate/3.0/SRPMS/vim-7.2.065-9.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
934038cf8d1a329cf8020895ed3db7c3 corporate/3.0/x86_64/vim-common-7.2.065-9.2.C30mdk.x86_64.rpm
65d64cc850ebdcb6a47905c94df19437 corporate/3.0/x86_64/vim-enhanced-7.2.065-9.2.C30mdk.x86_64.rpm
138427402ee4d0dba3931861f43b17af corporate/3.0/x86_64/vim-minimal-7.2.065-9.2.C30mdk.x86_64.rpm
23ab99b940c3150ea185cbe0cf7a536a corporate/3.0/x86_64/vim-X11-7.2.065-9.2.C30mdk.x86_64.rpm
5056d9e1057c60b0cc2514cfb14f6aef corporate/3.0/SRPMS/vim-7.2.065-9.2.C30mdk.src.rpm
Corporate 4.0:
ccad6e665824b0af02d7cf6dc244800f corporate/4.0/i586/vim-common-7.2.065-8.2.20060mlcs4.i586.rpm
6259e89fdff3af4591f00aee85f6408d corporate/4.0/i586/vim-enhanced-7.2.065-8.2.20060mlcs4.i586.rpm
a1899ec82783d087a67e598440c7d97b corporate/4.0/i586/vim-minimal-7.2.065-8.2.20060mlcs4.i586.rpm
1628ebe4b6bd2c0398689d8b63059ad4 corporate/4.0/i586/vim-X11-7.2.065-8.2.20060mlcs4.i586.rpm
ff5ce0745012df27dba7c628be9696c2 corporate/4.0/SRPMS/vim-7.2.065-8.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
2cc05e275dfda62016b2ca250bc7abac corporate/4.0/x86_64/vim-common-7.2.065-8.2.20060mlcs4.x86_64.rpm
12628db58e590955b4fc52b9b9da35f2 corporate/4.0/x86_64/vim-enhanced-7.2.065-8.2.20060mlcs4.x86_64.rpm
81d3a71d955ef44e9adf0087a38b2048 corporate/4.0/x86_64/vim-minimal-7.2.065-8.2.20060mlcs4.x86_64.rpm
01db91a3cd0d64fba00beb7ac29121ab corporate/4.0/x86_64/vim-X11-7.2.065-8.2.20060mlcs4.x86_64.rpm
ff5ce0745012df27dba7c628be9696c2 corporate/4.0/SRPMS/vim-7.2.065-8.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
17e4eff8ebdba9763a278a2d0e2f4ca3 mnf/2.0/i586/vim-common-7.2.065-9.2.C30mdk.i586.rpm
a32e43b8fd1beaa139c108a14685b357 mnf/2.0/i586/vim-enhanced-7.2.065-9.2.C30mdk.i586.rpm
ccd9d76b31b85005d465a11113db862e mnf/2.0/i586/vim-minimal-7.2.065-9.2.C30mdk.i586.rpm
27bd018672a8bc5aa5d15a7bc6e64dc0 mnf/2.0/SRPMS/vim-7.2.065-9.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJNyr0mqjQ0CJFipgRAvZIAKCt0kqq89JAQAR+RIP90e6/NLuz/gCgsJpo
KAmfiIoMaojFy7qpIqRnGw4=
=Cl2x
-----END PGP SIGNATURE-----