CVE-2007-2438 - Secunia Advisories - Vulnerability Intelligence - Secunia.com

Vulnerability Intelligence

Vulnerability Scanning

Corporate Information

Secunia Advisories

Secunia Research

Binary Analysis

Home > Vulnerability Intelligence > Secunia Advisories > CVE-2007-2438

Secunia Advisories

Advisories by Product

Advisories by Vendor

Historic Advisories

Mailing Lists & RSS

Report Vulnerability

Business Solutions Restricted

Restricted

Partner Solutions Restricted

Restricted

CVE Reference: CVE-2007-2438
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-2438

Description: The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/34012 VIM http://attrition.org/pipermail/vim/2007-May/001614.html http://www.attrition.org/pipermail/vim/2007-August/001770.html UBUNTU http://www.ubuntu.com/usn/usn-463-1 TRUSTIX http://www.trustix.org/errata/2007/0017/ SUSE http://www.novell.com/linux/security/advisories/2007_12_sr.html ST 1018035 SAID Secunia Advisory: SA25159 Secunia Advisory: SA25182 Secunia Advisory: SA25255 Secunia Advisory: SA25024 Secunia Advisory: SA25367 Secunia Advisory: SA25432 Secunia Advisory: SA26653 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0346.html MLIST http://tech.groups.yahoo.com/group/vimannounce/message/178 http://marc.info/?l=vim-dev&m=117778983714029&w=2 http://marc.info/?l=vim-dev&m=117762581821298&w=2 MISC http://tech.groups.yahoo.com/group/vimdev/message/46627 http://tech.groups.yahoo.com/group/vimdev/message/46658 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:101 DEBIAN http://www.debian.org/security/2007/dsa-1364 CONFIRM http://www.vim.org/news/news.php http://tech.groups.yahoo.com/group/vimdev/message/46645 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/467202/100/0/threaded BID 23725

Return to the previous page.

Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2009