cvelistv5 - CVE-2008-3076

CVE-2008-3076 (GCVE-0-2008-3076)

Vulnerability from cvelistv5 – Published: 2009-02-21 22:00 – Updated: 2024-08-07 09:21

Summary

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://marc.info/?l=oss-security&m=122416184431388&w=2	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2008/10/20/2	mailing-listx_refsource_MLIST
	http://www.rdancer.org/vulnerablevim-netrw.html	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2008-05…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/34418	third-party-advisoryx_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2008/07/07/1	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/bid/30115	vdb-entryx_refsource_BID
	http://www.rdancer.org/vulnerablevim-netrw.v2.html	x_refsource_MISC
	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=121494431426308&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.openwall.com/lists/oss-security/2008/0…	mailing-listx_refsource_MLIST
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.openwall.com/lists/oss-security/2008/07/07/4	mailing-listx_refsource_MLIST
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:21:35.108Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2009:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
          },
          {
            "name": "[oss-security] 20081016 CVE request - Vim netrw.plugin",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2"
          },
          {
            "name": "[oss-security] 20081020 CVE request (vim)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.rdancer.org/vulnerablevim-netrw.html"
          },
          {
            "name": "RHSA-2008:0580",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
          },
          {
            "name": "34418",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34418"
          },
          {
            "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
          },
          {
            "name": "30115",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30115"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
          },
          {
            "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
          },
          {
            "name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
          },
          {
            "name": "netrw-multiple-code-execution(43624)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43624"
          },
          {
            "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
          },
          {
            "name": "MDVSA-2008:236",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2009:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
        },
        {
          "name": "[oss-security] 20081016 CVE request - Vim netrw.plugin",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2"
        },
        {
          "name": "[oss-security] 20081020 CVE request (vim)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.rdancer.org/vulnerablevim-netrw.html"
        },
        {
          "name": "RHSA-2008:0580",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
        },
        {
          "name": "34418",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34418"
        },
        {
          "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
        },
        {
          "name": "30115",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30115"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
        },
        {
          "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
        },
        {
          "name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
        },
        {
          "name": "netrw-multiple-code-execution(43624)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43624"
        },
        {
          "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
        },
        {
          "name": "MDVSA-2008:236",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3076",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2009:007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
            },
            {
              "name": "[oss-security] 20081016 CVE request - Vim netrw.plugin",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2"
            },
            {
              "name": "[oss-security] 20081020 CVE request (vim)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
            },
            {
              "name": "http://www.rdancer.org/vulnerablevim-netrw.html",
              "refsource": "MISC",
              "url": "http://www.rdancer.org/vulnerablevim-netrw.html"
            },
            {
              "name": "RHSA-2008:0580",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
            },
            {
              "name": "34418",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34418"
            },
            {
              "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
            },
            {
              "name": "30115",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30115"
            },
            {
              "name": "http://www.rdancer.org/vulnerablevim-netrw.v2.html",
              "refsource": "MISC",
              "url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
            },
            {
              "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
            },
            {
              "name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
            },
            {
              "name": "netrw-multiple-code-execution(43624)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43624"
            },
            {
              "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
            },
            {
              "name": "MDVSA-2008:236",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3076",
    "datePublished": "2009-02-21T22:00:00",
    "dateReserved": "2008-07-08T00:00:00",
    "dateUpdated": "2024-08-07T09:21:35.108Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:7.2a.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82E3ADB1-C84F-49D9-81B5-7BCA9B96A3F0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.\"}, {\"lang\": \"es\", \"value\": \"El plugin Netrw 125 en netrw.vim en Vim 7.2a.10 permite a atacantes asistidos por el usuario ejecutar comandos de su elecci\\u00f3n a trav\\u00e9s de metacaracteres de l\\u00ednea de comandos en utilizados para ejecutar funciones de sistema dentro de los comandos (1) mz y (2) mc, como se demostro en los casos de prueba netrw.v2 y netrw.v3. NOTA: Esta informacion existe por el arreglo incompleto de CVE-2008-2712.\"}]",
      "id": "CVE-2008-3076",
      "lastModified": "2024-11-21T00:48:21.973",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-02-21T22:30:00.327",
      "references": "[{\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/34418\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:236\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/07/1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/07/4\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/08/12\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/10/20/2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.rdancer.org/vulnerablevim-netrw.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.rdancer.org/vulnerablevim-netrw.v2.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0580.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/30115\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43624\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/34418\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:236\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/07/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/07/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/08/12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/10/20/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.rdancer.org/vulnerablevim-netrw.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.rdancer.org/vulnerablevim-netrw.v2.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0580.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/30115\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43624\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Not vulnerable. This issue did not affect the versions of the Vim packages, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.\\n\\nNote: This CVE is mentioned in the text of RHSA-2008:0580 (https://rhn.redhat.com/errata/RHSA-2008-0580.html), as it was originally used to track multiple issues.  Issues that affected Vim packages in Red Hat Enterprise Linux 5 were later assigned separate CVE identifier - CVE-2008-6235.  Neither of issues currently covered by CVE-2008-3076 (insufficient shell escaping in mz and mc commands) affected Vim packages shipped with Red Hat Enterprise Linux 5.\", \"lastModified\": \"2009-02-25T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3076\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-02-21T22:30:00.327\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.\"},{\"lang\":\"es\",\"value\":\"El plugin Netrw 125 en netrw.vim en Vim 7.2a.10 permite a atacantes asistidos por el usuario ejecutar comandos de su elecci\u00f3n a trav\u00e9s de metacaracteres de l\u00ednea de comandos en utilizados para ejecutar funciones de sistema dentro de los comandos (1) mz y (2) mc, como se demostro en los casos de prueba netrw.v2 y netrw.v3. NOTA: Esta informacion existe por el arreglo incompleto de CVE-2008-2712.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:7.2a.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82E3ADB1-C84F-49D9-81B5-7BCA9B96A3F0\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/34418\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:236\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/07/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/07/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/08/12\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/10/20/2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.rdancer.org/vulnerablevim-netrw.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.rdancer.org/vulnerablevim-netrw.v2.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0580.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/30115\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43624\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/34418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:236\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/07/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/07/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/08/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/10/20/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.rdancer.org/vulnerablevim-netrw.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.rdancer.org/vulnerablevim-netrw.v2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0580.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/30115\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This issue did not affect the versions of the Vim packages, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.\\n\\nNote: This CVE is mentioned in the text of RHSA-2008:0580 (https://rhn.redhat.com/errata/RHSA-2008-0580.html), as it was originally used to track multiple issues.  Issues that affected Vim packages in Red Hat Enterprise Linux 5 were later assigned separate CVE identifier - CVE-2008-6235.  Neither of issues currently covered by CVE-2008-3076 (insufficient shell escaping in mz and mc commands) affected Vim packages shipped with Red Hat Enterprise Linux 5.\",\"lastModified\":\"2009-02-25T00:00:00\"}]}}"
  }
}

GHSA-F5QF-9PC8-PR89

Vulnerability from github – Published: 2022-05-01 23:56 – Updated: 2022-05-01 23:56

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-02-21T22:30:00Z",
    "severity": "HIGH"
  },
  "details": "The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.",
  "id": "GHSA-f5qf-9pc8-pr89",
  "modified": "2022-05-01T23:56:22Z",
  "published": "2022-05-01T23:56:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3076"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43624"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34418"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
    },
    {
      "type": "WEB",
      "url": "http://www.rdancer.org/vulnerablevim-netrw.html"
    },
    {
      "type": "WEB",
      "url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30115"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-101

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de vim permettent à un individu malintentionné d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités de vim ont été découvertes :

la première (CVE-2007-2953) concerne un défaut de validation des données fournies à la commande helptags ;
la seconde (CVE-2008-2712) concerne un défaut de validation d'arguments lors d'appel système par un script vim ;
la troisième (CVE-2008-3074) concerne un manque de validation des noms de fichier par l'extension tar de vim ;
la quatrième (CVE-2008-3075) concerne un manque de validation des noms de fichier par l'extension zip de vim ;
la cinquième (CVE-2008-3076 et CVE-2008-6235) concerne un manque de validation des noms de fichier par l'extension netrw de vim ;
la dernière (CVE-2008-4101) vient d'un défaut de contrôle des caractères par la fonctionnalité de recherche de mots clef.

Toutes ces vulnérabilités permettent à un individu malintentionné d'exécuter du code arbitraire à distance par le biais d'un fichier spécialement construit ou en invitant un utilisateur à exécuter des commandes vim spécifiques.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes les versions de vim antérieures à 7.2.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonce du lancement de la version 7.2 de vim du 09 août 2008	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2008:0580 du 25 novembre 2008 :	-	other
Annonce du lancement de la version 7.2 de vim du 09 août 2008 :	-	other
Bulletin de sécurité Debian DSA 1733 du 03 mars 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes les versions de vim ant\u00e9rieures  \u00e0 7.2.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de vim ont \u00e9t\u00e9 d\u00e9couvertes :\n\n-   la premi\u00e8re (CVE-2007-2953) concerne un d\u00e9faut de validation des\n    donn\u00e9es fournies \u00e0 la commande helptags ;\n-   la seconde (CVE-2008-2712) concerne un d\u00e9faut de validation\n    d\u0027arguments lors d\u0027appel syst\u00e8me par un script vim ;\n-   la troisi\u00e8me (CVE-2008-3074) concerne un manque de validation des\n    noms de fichier par l\u0027extension tar de vim ;\n-   la quatri\u00e8me (CVE-2008-3075) concerne un manque de validation des\n    noms de fichier par l\u0027extension zip de vim ;\n-   la cinqui\u00e8me (CVE-2008-3076 et CVE-2008-6235) concerne un manque de\n    validation des noms de fichier par l\u0027extension netrw de vim ;\n-   la derni\u00e8re (CVE-2008-4101) vient d\u0027un d\u00e9faut de contr\u00f4le des\n    caract\u00e8res par la fonctionnalit\u00e9 de recherche de mots clef.\n\nToutes ces vuln\u00e9rabilit\u00e9s permettent \u00e0 un individu malintentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un fichier\nsp\u00e9cialement construit ou en invitant un utilisateur \u00e0 ex\u00e9cuter des\ncommandes vim sp\u00e9cifiques.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-6235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6235"
    },
    {
      "name": "CVE-2008-3075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3075"
    },
    {
      "name": "CVE-2007-2953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2953"
    },
    {
      "name": "CVE-2008-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3074"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2008-3076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3076"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0580 du 25 novembre    2008 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0580.html"
    },
    {
      "title": "Annonce du lancement de la version 7.2 de vim du 09 ao\u00fbt    2008 :",
      "url": "http://groups.google.com/group/vim_announce/browse_thread/thread/2c89671dd928812f"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1733 du 03 mars 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1733"
    }
  ],
  "reference": "CERTA-2009-AVI-101",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de vim permettent \u00e0 un individu malintentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans vim",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce du lancement de la version 7.2 de vim du 09 ao\u00fbt 2008",
      "url": null
    }
  ]
}

CERTA-2009-AVI-101

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de vim permettent à un individu malintentionné d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités de vim ont été découvertes :

la première (CVE-2007-2953) concerne un défaut de validation des données fournies à la commande helptags ;
la seconde (CVE-2008-2712) concerne un défaut de validation d'arguments lors d'appel système par un script vim ;
la troisième (CVE-2008-3074) concerne un manque de validation des noms de fichier par l'extension tar de vim ;
la quatrième (CVE-2008-3075) concerne un manque de validation des noms de fichier par l'extension zip de vim ;
la cinquième (CVE-2008-3076 et CVE-2008-6235) concerne un manque de validation des noms de fichier par l'extension netrw de vim ;
la dernière (CVE-2008-4101) vient d'un défaut de contrôle des caractères par la fonctionnalité de recherche de mots clef.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes les versions de vim antérieures à 7.2.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonce du lancement de la version 7.2 de vim du 09 août 2008	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2008:0580 du 25 novembre 2008 :	-	other
Annonce du lancement de la version 7.2 de vim du 09 août 2008 :	-	other
Bulletin de sécurité Debian DSA 1733 du 03 mars 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes les versions de vim ant\u00e9rieures  \u00e0 7.2.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de vim ont \u00e9t\u00e9 d\u00e9couvertes :\n\n-   la premi\u00e8re (CVE-2007-2953) concerne un d\u00e9faut de validation des\n    donn\u00e9es fournies \u00e0 la commande helptags ;\n-   la seconde (CVE-2008-2712) concerne un d\u00e9faut de validation\n    d\u0027arguments lors d\u0027appel syst\u00e8me par un script vim ;\n-   la troisi\u00e8me (CVE-2008-3074) concerne un manque de validation des\n    noms de fichier par l\u0027extension tar de vim ;\n-   la quatri\u00e8me (CVE-2008-3075) concerne un manque de validation des\n    noms de fichier par l\u0027extension zip de vim ;\n-   la cinqui\u00e8me (CVE-2008-3076 et CVE-2008-6235) concerne un manque de\n    validation des noms de fichier par l\u0027extension netrw de vim ;\n-   la derni\u00e8re (CVE-2008-4101) vient d\u0027un d\u00e9faut de contr\u00f4le des\n    caract\u00e8res par la fonctionnalit\u00e9 de recherche de mots clef.\n\nToutes ces vuln\u00e9rabilit\u00e9s permettent \u00e0 un individu malintentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un fichier\nsp\u00e9cialement construit ou en invitant un utilisateur \u00e0 ex\u00e9cuter des\ncommandes vim sp\u00e9cifiques.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-6235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6235"
    },
    {
      "name": "CVE-2008-3075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3075"
    },
    {
      "name": "CVE-2007-2953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2953"
    },
    {
      "name": "CVE-2008-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3074"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2008-3076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3076"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0580 du 25 novembre    2008 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0580.html"
    },
    {
      "title": "Annonce du lancement de la version 7.2 de vim du 09 ao\u00fbt    2008 :",
      "url": "http://groups.google.com/group/vim_announce/browse_thread/thread/2c89671dd928812f"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1733 du 03 mars 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1733"
    }
  ],
  "reference": "CERTA-2009-AVI-101",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de vim permettent \u00e0 un individu malintentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans vim",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce du lancement de la version 7.2 de vim du 09 ao\u00fbt 2008",
      "url": null
    }
  ]
}

GSD-2008-3076

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-3076

Aliases

CVE-2008-3076

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3076",
    "description": "The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.",
    "id": "GSD-2008-3076",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-3076.html",
      "https://www.debian.org/security/2009/dsa-1733"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3076"
      ],
      "details": "The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.",
      "id": "GSD-2008-3076",
      "modified": "2023-12-13T01:23:05.552953Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-3076",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SUSE-SR:2009:007",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
          },
          {
            "name": "[oss-security] 20081016 CVE request - Vim netrw.plugin",
            "refsource": "MLIST",
            "url": "http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2"
          },
          {
            "name": "[oss-security] 20081020 CVE request (vim)",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
          },
          {
            "name": "http://www.rdancer.org/vulnerablevim-netrw.html",
            "refsource": "MISC",
            "url": "http://www.rdancer.org/vulnerablevim-netrw.html"
          },
          {
            "name": "RHSA-2008:0580",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
          },
          {
            "name": "34418",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34418"
          },
          {
            "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
          },
          {
            "name": "30115",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/30115"
          },
          {
            "name": "http://www.rdancer.org/vulnerablevim-netrw.v2.html",
            "refsource": "MISC",
            "url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
          },
          {
            "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
          },
          {
            "name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
          },
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919",
            "refsource": "CONFIRM",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
          },
          {
            "name": "netrw-multiple-code-execution(43624)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43624"
          },
          {
            "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
          },
          {
            "name": "MDVSA-2008:236",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:7.2a.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3076"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.rdancer.org/vulnerablevim-netrw.v2.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"
            },
            {
              "name": "[oss-security] 20081016 CVE request - Vim netrw.plugin",
              "refsource": "MLIST",
              "tags": [
                "Exploit"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2"
            },
            {
              "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
            },
            {
              "name": "30115",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/30115"
            },
            {
              "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
            },
            {
              "name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
            },
            {
              "name": "[oss-security] 20081020 CVE request (vim)",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
            },
            {
              "name": "http://www.rdancer.org/vulnerablevim-netrw.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.rdancer.org/vulnerablevim-netrw.html"
            },
            {
              "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
            },
            {
              "name": "RHSA-2008:0580",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
            },
            {
              "name": "MDVSA-2008:236",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
            },
            {
              "name": "34418",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34418"
            },
            {
              "name": "SUSE-SR:2009:007",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
            },
            {
              "name": "netrw-multiple-code-execution(43624)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43624"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-08T01:31Z",
      "publishedDate": "2009-02-21T22:30Z"
    }
  }
}

FKIE_CVE-2008-3076

Vulnerability from fkie_nvd - Published: 2009-02-21 22:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=121494431426308&w=2
cve@mitre.org	http://marc.info/?l=oss-security&m=122416184431388&w=2	Exploit
cve@mitre.org	http://secunia.com/advisories/34418
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/07/07/1	Exploit
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/07/07/4	Exploit, Patch
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/07/08/12
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/10/20/2
cve@mitre.org	http://www.rdancer.org/vulnerablevim-netrw.html	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www.rdancer.org/vulnerablevim-netrw.v2.html	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0580.html
cve@mitre.org	http://www.securityfocus.com/bid/30115	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/43624
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=121494431426308&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=oss-security&m=122416184431388&w=2	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34418
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/07/07/1	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/07/07/4	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/07/08/12
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/10/20/2
af854a3a-2127-422b-91ae-364da2661108	http://www.rdancer.org/vulnerablevim-netrw.html	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.rdancer.org/vulnerablevim-netrw.v2.html	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0580.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30115	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/43624

Impacted products

	Vendor	Product	Version
	vim	vim	7.2a.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vim:vim:7.2a.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E3ADB1-C84F-49D9-81B5-7BCA9B96A3F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712."
    },
    {
      "lang": "es",
      "value": "El plugin Netrw 125 en netrw.vim en Vim 7.2a.10 permite a atacantes asistidos por el usuario ejecutar comandos de su elecci\u00f3n a trav\u00e9s de metacaracteres de l\u00ednea de comandos en utilizados para ejecutar funciones de sistema dentro de los comandos (1) mz y (2) mc, como se demostro en los casos de prueba netrw.v2 y netrw.v3. NOTA: Esta informacion existe por el arreglo incompleto de CVE-2008-2712."
    }
  ],
  "id": "CVE-2008-3076",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-02-21T22:30:00.327",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34418"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.rdancer.org/vulnerablevim-netrw.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/30115"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://marc.info/?l=oss-security\u0026m=122416184431388\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.rdancer.org/vulnerablevim-netrw.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/30115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43624"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of the Vim packages, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.\n\nNote: This CVE is mentioned in the text of RHSA-2008:0580 (https://rhn.redhat.com/errata/RHSA-2008-0580.html), as it was originally used to track multiple issues.  Issues that affected Vim packages in Red Hat Enterprise Linux 5 were later assigned separate CVE identifier - CVE-2008-6235.  Neither of issues currently covered by CVE-2008-3076 (insufficient shell escaping in mz and mc commands) affected Vim packages shipped with Red Hat Enterprise Linux 5.",
      "lastModified": "2009-02-25T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-3076 (GCVE-0-2008-3076)

GHSA-F5QF-9PC8-PR89

CERTA-2009-AVI-101

Description

Solution

CERTA-2009-AVI-101

Description

Solution

GSD-2008-3076

FKIE_CVE-2008-3076

Tags

Sightings

Nomenclature