cvelistv5 - cve-2008-3075

CVE-2008-3075 (GCVE-0-2008-3075)

Vulnerability from cvelistv5 – Published: 2009-02-21 22:00 – Updated: 2024-08-07 09:21

Summary

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.rdancer.org/vulnerablevim.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2008/07/15/4	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2008/10/20/2	mailing-listx_refsource_MLIST
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.openwall.com/lists/oss-security/2008/07/13/1	mailing-listx_refsource_MLIST
	http://www.redhat.com/support/errata/RHSA-2008-05…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/34418	third-party-advisoryx_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2008/07/07/1	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2008/08/01/1	mailing-listx_refsource_MLIST
	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=121494431426308&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.openwall.com/lists/oss-security/2008/0…	mailing-listx_refsource_MLIST
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2008/07/10/7	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2008/07/07/4	mailing-listx_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=467432	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.securityfocus.com/bid/32463	vdb-entryx_refsource_BID
	http://www.openwall.com/lists/oss-security/2008/10/15/1	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:21:35.024Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2009:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.rdancer.org/vulnerablevim.html"
          },
          {
            "name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
          },
          {
            "name": "[oss-security] 20081020 CVE request (vim)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
          },
          {
            "name": "oval:org.mitre.oval:def:10246",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246"
          },
          {
            "name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
          },
          {
            "name": "RHSA-2008:0580",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
          },
          {
            "name": "34418",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34418"
          },
          {
            "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
          },
          {
            "name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
          },
          {
            "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
          },
          {
            "name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
          },
          {
            "name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
          },
          {
            "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
          },
          {
            "name": "MDVSA-2008:236",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
          },
          {
            "name": "32463",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32463"
          },
          {
            "name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.  NOTE: this issue has the same root cause as CVE-2008-3074.  NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2009:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.rdancer.org/vulnerablevim.html"
        },
        {
          "name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
        },
        {
          "name": "[oss-security] 20081020 CVE request (vim)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
        },
        {
          "name": "oval:org.mitre.oval:def:10246",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246"
        },
        {
          "name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
        },
        {
          "name": "RHSA-2008:0580",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
        },
        {
          "name": "34418",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34418"
        },
        {
          "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
        },
        {
          "name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
        },
        {
          "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
        },
        {
          "name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
        },
        {
          "name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
        },
        {
          "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
        },
        {
          "name": "MDVSA-2008:236",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
        },
        {
          "name": "32463",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32463"
        },
        {
          "name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3075",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.  NOTE: this issue has the same root cause as CVE-2008-3074.  NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2009:007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
            },
            {
              "name": "http://www.rdancer.org/vulnerablevim.html",
              "refsource": "MISC",
              "url": "http://www.rdancer.org/vulnerablevim.html"
            },
            {
              "name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
            },
            {
              "name": "[oss-security] 20081020 CVE request (vim)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
            },
            {
              "name": "oval:org.mitre.oval:def:10246",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246"
            },
            {
              "name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
            },
            {
              "name": "RHSA-2008:0580",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
            },
            {
              "name": "34418",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34418"
            },
            {
              "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
            },
            {
              "name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
            },
            {
              "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
            },
            {
              "name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
            },
            {
              "name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
            },
            {
              "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=467432",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
            },
            {
              "name": "MDVSA-2008:236",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
            },
            {
              "name": "32463",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32463"
            },
            {
              "name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3075",
    "datePublished": "2009-02-21T22:00:00",
    "dateReserved": "2008-07-08T00:00:00",
    "dateUpdated": "2024-08-07T09:21:35.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97CCAA40-55CE-4AB9-9268-AADA06E29B9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8C5B265-A7DD-4D24-864C-BF1FEEF8F138\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:7.1.266:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99E9ABC5-442C-4693-8F86-A969AD89A0C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:7.1.314:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12BE4D12-2B98-4617-ADE2-6E71552306A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3613F5F4-9B8C-4020-8550-23310A41C85C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:7.2a.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82E3ADB1-C84F-49D9-81B5-7BCA9B96A3F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:zipplugin.vim:v.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A65BA734-30C8-400C-AF02-EED915462E19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:zipplugin.vim:v.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17E163F7-65E4-4FA1-A8FF-8B78FB50C502\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:zipplugin.vim:v.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BE5C486-1D0D-4B43-8999-B08C817CC269\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:zipplugin.vim:v.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C077F94-D041-4871-A0C9-44E33BA01CC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:zipplugin.vim:v.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DC62FFD-E770-45A5-9CED-EC97B4C2C897\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:zipplugin.vim:v.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F20FFF3-B384-4B94-BDEF-938796D326F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:zipplugin.vim:v.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAFE185D-B714-4A46-A93F-D1E3AC28645E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:zipplugin.vim:v.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D747F46B-8F8D-465A-984C-AD4FCBEA5354\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:zipplugin.vim:v.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30B87583-F00F-489D-9BBD-1D64A0595C92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:zipplugin.vim:v.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A7C5390-527E-470B-9F64-7BF16F1C09F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:zipplugin.vim:v.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"287EF92F-5067-41BA-88BE-20A57E9A1AE5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \\\"!\\\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.  NOTE: this issue has the same root cause as CVE-2008-3074.  NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.\"}, {\"lang\": \"es\", \"value\": \"La funcion shellescape en Vim v7.0 hasta v7.2, incluida la v7.2a.10, permite atacantes asistidos por el usuario ejecutar codigo a su eleccion a traves del metacaracter \\\"!\\\" (exclamacion) en la linea de comandos en (1)El nombre de fichero de un archivo ZIP y posiblemente (2)el nombre del primer fichero de un archivo ZIP, el cual no es manejado adecuadamente por zip.vim en el plugin ZIP VIM (zipPlugin.vim) v.11 hasta v.21, como se ha demostrado en los casos de prueba zipplugin y zipplugin.v2. NOTA: Esta informacion es debido al arreglo incompleto de CVE-2008-3074. NOTA: Debido a la complejidad de los hechos relacionados y la incompleta informacion sobre este, probablemente existen inexactitudes en la descripcion de esta vulnerabilidad.\"}]",
      "id": "CVE-2008-3075",
      "lastModified": "2024-11-21T00:48:21.820",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-02-21T22:30:00.313",
      "references": "[{\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/34418\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:236\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/07/1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/07/4\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/08/12\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/10/7\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/13/1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/15/4\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/08/01/1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/10/15/1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/10/20/2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.rdancer.org/vulnerablevim.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0580.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/32463\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=467432\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/34418\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:236\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/07/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/07/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/08/12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/10/7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/13/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/07/15/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/08/01/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/10/15/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/10/20/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.rdancer.org/vulnerablevim.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0580.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/32463\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=467432\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3075\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-02-21T22:30:00.313\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \\\"!\\\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.  NOTE: this issue has the same root cause as CVE-2008-3074.  NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.\"},{\"lang\":\"es\",\"value\":\"La funcion shellescape en Vim v7.0 hasta v7.2, incluida la v7.2a.10, permite atacantes asistidos por el usuario ejecutar codigo a su eleccion a traves del metacaracter \\\"!\\\" (exclamacion) en la linea de comandos en (1)El nombre de fichero de un archivo ZIP y posiblemente (2)el nombre del primer fichero de un archivo ZIP, el cual no es manejado adecuadamente por zip.vim en el plugin ZIP VIM (zipPlugin.vim) v.11 hasta v.21, como se ha demostrado en los casos de prueba zipplugin y zipplugin.v2. NOTA: Esta informacion es debido al arreglo incompleto de CVE-2008-3074. NOTA: Debido a la complejidad de los hechos relacionados y la incompleta informacion sobre este, probablemente existen inexactitudes en la descripcion de esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97CCAA40-55CE-4AB9-9268-AADA06E29B9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8C5B265-A7DD-4D24-864C-BF1FEEF8F138\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:7.1.266:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E9ABC5-442C-4693-8F86-A969AD89A0C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:7.1.314:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12BE4D12-2B98-4617-ADE2-6E71552306A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3613F5F4-9B8C-4020-8550-23310A41C85C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:7.2a.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82E3ADB1-C84F-49D9-81B5-7BCA9B96A3F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:zipplugin.vim:v.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A65BA734-30C8-400C-AF02-EED915462E19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:zipplugin.vim:v.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17E163F7-65E4-4FA1-A8FF-8B78FB50C502\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:zipplugin.vim:v.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BE5C486-1D0D-4B43-8999-B08C817CC269\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:zipplugin.vim:v.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C077F94-D041-4871-A0C9-44E33BA01CC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:zipplugin.vim:v.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DC62FFD-E770-45A5-9CED-EC97B4C2C897\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:zipplugin.vim:v.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F20FFF3-B384-4B94-BDEF-938796D326F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:zipplugin.vim:v.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAFE185D-B714-4A46-A93F-D1E3AC28645E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:zipplugin.vim:v.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D747F46B-8F8D-465A-984C-AD4FCBEA5354\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:zipplugin.vim:v.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30B87583-F00F-489D-9BBD-1D64A0595C92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:zipplugin.vim:v.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A7C5390-527E-470B-9F64-7BF16F1C09F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:zipplugin.vim:v.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"287EF92F-5067-41BA-88BE-20A57E9A1AE5\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34418\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:236\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/07/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/07/4\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/08/12\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/10/7\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/13/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/15/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/08/01/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/10/15/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/10/20/2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.rdancer.org/vulnerablevim.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0580.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/32463\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=467432\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:236\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/07/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/07/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/08/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/10/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/13/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/15/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/08/01/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/10/15/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/10/20/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.rdancer.org/vulnerablevim.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0580.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/32463\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=467432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2008-3075

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-3075

Aliases

CVE-2008-3075

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3075",
    "description": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.  NOTE: this issue has the same root cause as CVE-2008-3074.  NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
    "id": "GSD-2008-3075",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-3075.html",
      "https://www.debian.org/security/2009/dsa-1733",
      "https://access.redhat.com/errata/RHSA-2008:0580",
      "https://linux.oracle.com/cve/CVE-2008-3075.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3075"
      ],
      "details": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.  NOTE: this issue has the same root cause as CVE-2008-3074.  NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
      "id": "GSD-2008-3075",
      "modified": "2023-12-13T01:23:05.599029Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-3075",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.  NOTE: this issue has the same root cause as CVE-2008-3074.  NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SUSE-SR:2009:007",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
          },
          {
            "name": "http://www.rdancer.org/vulnerablevim.html",
            "refsource": "MISC",
            "url": "http://www.rdancer.org/vulnerablevim.html"
          },
          {
            "name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
          },
          {
            "name": "[oss-security] 20081020 CVE request (vim)",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
          },
          {
            "name": "oval:org.mitre.oval:def:10246",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246"
          },
          {
            "name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
          },
          {
            "name": "RHSA-2008:0580",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
          },
          {
            "name": "34418",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34418"
          },
          {
            "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
          },
          {
            "name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
          },
          {
            "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
          },
          {
            "name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
          },
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919",
            "refsource": "CONFIRM",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
          },
          {
            "name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
          },
          {
            "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=467432",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
          },
          {
            "name": "MDVSA-2008:236",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
          },
          {
            "name": "32463",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/32463"
          },
          {
            "name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:7.1.266:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:7.1.314:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:zipplugin.vim:v.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:zipplugin.vim:v.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:7.2a.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:zipplugin.vim:v.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:zipplugin.vim:v.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:zipplugin.vim:v.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:zipplugin.vim:v.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:zipplugin.vim:v.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:zipplugin.vim:v.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:zipplugin.vim:v.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:zipplugin.vim:v.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:zipplugin.vim:v.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3075"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.  NOTE: this issue has the same root cause as CVE-2008-3074.  NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20080708 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
            },
            {
              "name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
            },
            {
              "name": "http://www.rdancer.org/vulnerablevim.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.rdancer.org/vulnerablevim.html"
            },
            {
              "name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
            },
            {
              "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
            },
            {
              "name": "[oss-security] 20080713 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
            },
            {
              "name": "[oss-security] 20080707 Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
            },
            {
              "name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
            },
            {
              "name": "[oss-security] 20080710 Re: Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
            },
            {
              "name": "[oss-security] 20081020 CVE request (vim)",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
            },
            {
              "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
            },
            {
              "name": "RHSA-2008:0580",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
            },
            {
              "name": "MDVSA-2008:236",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=467432",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
            },
            {
              "name": "32463",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/32463"
            },
            {
              "name": "SUSE-SR:2009:007",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
            },
            {
              "name": "34418",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34418"
            },
            {
              "name": "oval:org.mitre.oval:def:10246",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-29T01:31Z",
      "publishedDate": "2009-02-21T22:30Z"
    }
  }
}

CERTA-2009-AVI-101

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de vim permettent à un individu malintentionné d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités de vim ont été découvertes :

la première (CVE-2007-2953) concerne un défaut de validation des données fournies à la commande helptags ;
la seconde (CVE-2008-2712) concerne un défaut de validation d'arguments lors d'appel système par un script vim ;
la troisième (CVE-2008-3074) concerne un manque de validation des noms de fichier par l'extension tar de vim ;
la quatrième (CVE-2008-3075) concerne un manque de validation des noms de fichier par l'extension zip de vim ;
la cinquième (CVE-2008-3076 et CVE-2008-6235) concerne un manque de validation des noms de fichier par l'extension netrw de vim ;
la dernière (CVE-2008-4101) vient d'un défaut de contrôle des caractères par la fonctionnalité de recherche de mots clef.

Toutes ces vulnérabilités permettent à un individu malintentionné d'exécuter du code arbitraire à distance par le biais d'un fichier spécialement construit ou en invitant un utilisateur à exécuter des commandes vim spécifiques.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes les versions de vim antérieures à 7.2.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonce du lancement de la version 7.2 de vim du 09 août 2008	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2008:0580 du 25 novembre 2008 :	-	other
Annonce du lancement de la version 7.2 de vim du 09 août 2008 :	-	other
Bulletin de sécurité Debian DSA 1733 du 03 mars 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes les versions de vim ant\u00e9rieures  \u00e0 7.2.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de vim ont \u00e9t\u00e9 d\u00e9couvertes :\n\n-   la premi\u00e8re (CVE-2007-2953) concerne un d\u00e9faut de validation des\n    donn\u00e9es fournies \u00e0 la commande helptags ;\n-   la seconde (CVE-2008-2712) concerne un d\u00e9faut de validation\n    d\u0027arguments lors d\u0027appel syst\u00e8me par un script vim ;\n-   la troisi\u00e8me (CVE-2008-3074) concerne un manque de validation des\n    noms de fichier par l\u0027extension tar de vim ;\n-   la quatri\u00e8me (CVE-2008-3075) concerne un manque de validation des\n    noms de fichier par l\u0027extension zip de vim ;\n-   la cinqui\u00e8me (CVE-2008-3076 et CVE-2008-6235) concerne un manque de\n    validation des noms de fichier par l\u0027extension netrw de vim ;\n-   la derni\u00e8re (CVE-2008-4101) vient d\u0027un d\u00e9faut de contr\u00f4le des\n    caract\u00e8res par la fonctionnalit\u00e9 de recherche de mots clef.\n\nToutes ces vuln\u00e9rabilit\u00e9s permettent \u00e0 un individu malintentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un fichier\nsp\u00e9cialement construit ou en invitant un utilisateur \u00e0 ex\u00e9cuter des\ncommandes vim sp\u00e9cifiques.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-6235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6235"
    },
    {
      "name": "CVE-2008-3075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3075"
    },
    {
      "name": "CVE-2007-2953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2953"
    },
    {
      "name": "CVE-2008-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3074"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2008-3076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3076"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0580 du 25 novembre    2008 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0580.html"
    },
    {
      "title": "Annonce du lancement de la version 7.2 de vim du 09 ao\u00fbt    2008 :",
      "url": "http://groups.google.com/group/vim_announce/browse_thread/thread/2c89671dd928812f"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1733 du 03 mars 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1733"
    }
  ],
  "reference": "CERTA-2009-AVI-101",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de vim permettent \u00e0 un individu malintentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans vim",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce du lancement de la version 7.2 de vim du 09 ao\u00fbt 2008",
      "url": null
    }
  ]
}

CERTA-2009-AVI-101

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de vim permettent à un individu malintentionné d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités de vim ont été découvertes :

la première (CVE-2007-2953) concerne un défaut de validation des données fournies à la commande helptags ;
la seconde (CVE-2008-2712) concerne un défaut de validation d'arguments lors d'appel système par un script vim ;
la troisième (CVE-2008-3074) concerne un manque de validation des noms de fichier par l'extension tar de vim ;
la quatrième (CVE-2008-3075) concerne un manque de validation des noms de fichier par l'extension zip de vim ;
la cinquième (CVE-2008-3076 et CVE-2008-6235) concerne un manque de validation des noms de fichier par l'extension netrw de vim ;
la dernière (CVE-2008-4101) vient d'un défaut de contrôle des caractères par la fonctionnalité de recherche de mots clef.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes les versions de vim antérieures à 7.2.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonce du lancement de la version 7.2 de vim du 09 août 2008	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2008:0580 du 25 novembre 2008 :	-	other
Annonce du lancement de la version 7.2 de vim du 09 août 2008 :	-	other
Bulletin de sécurité Debian DSA 1733 du 03 mars 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes les versions de vim ant\u00e9rieures  \u00e0 7.2.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de vim ont \u00e9t\u00e9 d\u00e9couvertes :\n\n-   la premi\u00e8re (CVE-2007-2953) concerne un d\u00e9faut de validation des\n    donn\u00e9es fournies \u00e0 la commande helptags ;\n-   la seconde (CVE-2008-2712) concerne un d\u00e9faut de validation\n    d\u0027arguments lors d\u0027appel syst\u00e8me par un script vim ;\n-   la troisi\u00e8me (CVE-2008-3074) concerne un manque de validation des\n    noms de fichier par l\u0027extension tar de vim ;\n-   la quatri\u00e8me (CVE-2008-3075) concerne un manque de validation des\n    noms de fichier par l\u0027extension zip de vim ;\n-   la cinqui\u00e8me (CVE-2008-3076 et CVE-2008-6235) concerne un manque de\n    validation des noms de fichier par l\u0027extension netrw de vim ;\n-   la derni\u00e8re (CVE-2008-4101) vient d\u0027un d\u00e9faut de contr\u00f4le des\n    caract\u00e8res par la fonctionnalit\u00e9 de recherche de mots clef.\n\nToutes ces vuln\u00e9rabilit\u00e9s permettent \u00e0 un individu malintentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un fichier\nsp\u00e9cialement construit ou en invitant un utilisateur \u00e0 ex\u00e9cuter des\ncommandes vim sp\u00e9cifiques.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-6235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6235"
    },
    {
      "name": "CVE-2008-3075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3075"
    },
    {
      "name": "CVE-2007-2953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2953"
    },
    {
      "name": "CVE-2008-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3074"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2008-3076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3076"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0580 du 25 novembre    2008 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0580.html"
    },
    {
      "title": "Annonce du lancement de la version 7.2 de vim du 09 ao\u00fbt    2008 :",
      "url": "http://groups.google.com/group/vim_announce/browse_thread/thread/2c89671dd928812f"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1733 du 03 mars 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1733"
    }
  ],
  "reference": "CERTA-2009-AVI-101",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de vim permettent \u00e0 un individu malintentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans vim",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce du lancement de la version 7.2 de vim du 09 ao\u00fbt 2008",
      "url": null
    }
  ]
}

GHSA-WQMG-Q854-X6X6

Vulnerability from github – Published: 2022-05-01 23:56 – Updated: 2022-05-01 23:56

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3075"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-02-21T22:30:00Z",
    "severity": "HIGH"
  },
  "details": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.  NOTE: this issue has the same root cause as CVE-2008-3074.  NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
  "id": "GHSA-wqmg-q854-x6x6",
  "modified": "2022-05-01T23:56:22Z",
  "published": "2022-05-01T23:56:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3075"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34418"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
    },
    {
      "type": "WEB",
      "url": "http://www.rdancer.org/vulnerablevim.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32463"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

RHSA-2008:0580

Vulnerability from csaf_redhat - Published: 2008-11-25 08:41 - Updated: 2025-11-21 17:33

Summary

Red Hat Security Advisory: vim security update

Notes

Topic

Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) Multiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3076) A security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075) A security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf Härnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated vim packages that fix security issues are now available for Red Hat\nEnterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim\u0027s keyword and tag\nhandling. If Vim looked up a document\u0027s maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\nVim\u0027s help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0580",
        "url": "https://access.redhat.com/errata/RHSA-2008:0580"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "248542",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=248542"
      },
      {
        "category": "external",
        "summary": "451759",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451759"
      },
      {
        "category": "external",
        "summary": "461927",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
      },
      {
        "category": "external",
        "summary": "467428",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
      },
      {
        "category": "external",
        "summary": "467432",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
      },
      {
        "category": "external",
        "summary": "467439",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467439"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0580.json"
      }
    ],
    "title": "Red Hat Security Advisory: vim security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:33:32+00:00",
      "generator": {
        "date": "2025-11-21T17:33:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2008:0580",
      "initial_release_date": "2008-11-25T08:41:00+00:00",
      "revision_history": [
        {
          "date": "2008-11-25T08:41:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-11-25T03:41:07+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:33:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
                "product": {
                  "name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
                "product": {
                  "name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_id": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
                "product": {
                  "name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_id": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
                "product": {
                  "name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
                  "product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
                  "product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
                  "product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-4.el5_2.4z.i386",
                "product": {
                  "name": "vim-common-2:7.0.109-4.el5_2.4z.i386",
                  "product_id": "vim-common-2:7.0.109-4.el5_2.4z.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
                "product": {
                  "name": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
                  "product_id": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-2:7.0.109-4.el5_2.4z.src",
                "product": {
                  "name": "vim-2:7.0.109-4.el5_2.4z.src",
                  "product_id": "vim-2:7.0.109-4.el5_2.4z.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim@7.0.109-4.el5_2.4z?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
                "product": {
                  "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
                  "product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
                  "product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
                  "product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
                "product": {
                  "name": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
                  "product_id": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
                "product": {
                  "name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
                  "product_id": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
                "product": {
                  "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
                  "product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
                  "product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
                  "product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
                "product": {
                  "name": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
                  "product_id": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
                "product": {
                  "name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
                  "product_id": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
                "product": {
                  "name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
                  "product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
                  "product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
                  "product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
                "product": {
                  "name": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
                  "product_id": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
                "product": {
                  "name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
                  "product_id": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-2:7.0.109-4.el5_2.4z.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-2:7.0.109-4.el5_2.4z.src"
        },
        "product_reference": "vim-2:7.0.109-4.el5_2.4z.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-2:7.0.109-4.el5_2.4z.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-2:7.0.109-4.el5_2.4z.src"
        },
        "product_reference": "vim-2:7.0.109-4.el5_2.4z.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-2953",
      "discovery_date": "2007-07-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "248542"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vim format string flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248542\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:vim-2:7.0.109-4.el5_2.4z.src",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-2:7.0.109-4.el5_2.4z.src",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2953"
        },
        {
          "category": "external",
          "summary": "RHBZ#248542",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=248542"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2953",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2953"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2953",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2953"
        }
      ],
      "release_date": "2007-07-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-25T08:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:vim-2:7.0.109-4.el5_2.4z.src",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-2:7.0.109-4.el5_2.4z.src",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0580"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "vim format string flaw"
    },
    {
      "cve": "CVE-2008-2712",
      "discovery_date": "2008-06-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "451759"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.  NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298.  NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vim: command execution via scripts not sanitizing inputs to execute and system",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:vim-2:7.0.109-4.el5_2.4z.src",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-2:7.0.109-4.el5_2.4z.src",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2712"
        },
        {
          "category": "external",
          "summary": "RHBZ#451759",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451759"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2712",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2712",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2712"
        }
      ],
      "release_date": "2008-06-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-25T08:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:vim-2:7.0.109-4.el5_2.4z.src",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-2:7.0.109-4.el5_2.4z.src",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0580"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vim: command execution via scripts not sanitizing inputs to execute and system"
    },
    {
      "cve": "CVE-2008-3074",
      "discovery_date": "2008-07-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "467428"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075.  NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "plugin: improper Implementation of shellescape() (arbitrary code execution)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:vim-2:7.0.109-4.el5_2.4z.src",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-2:7.0.109-4.el5_2.4z.src",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3074"
        },
        {
          "category": "external",
          "summary": "RHBZ#467428",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3074",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3074"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3074",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3074"
        }
      ],
      "release_date": "2008-07-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-25T08:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:vim-2:7.0.109-4.el5_2.4z.src",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-2:7.0.109-4.el5_2.4z.src",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0580"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "plugin: improper Implementation of shellescape() (arbitrary code execution)"
    },
    {
      "cve": "CVE-2008-3075",
      "discovery_date": "2008-07-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "467432"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.  NOTE: this issue has the same root cause as CVE-2008-3074.  NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "plugin: improper Implementation of shellescape() (arbitrary code execution)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:vim-2:7.0.109-4.el5_2.4z.src",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-2:7.0.109-4.el5_2.4z.src",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3075"
        },
        {
          "category": "external",
          "summary": "RHBZ#467432",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3075",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3075"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3075",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3075"
        }
      ],
      "release_date": "2008-07-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-25T08:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:vim-2:7.0.109-4.el5_2.4z.src",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-2:7.0.109-4.el5_2.4z.src",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0580"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "plugin: improper Implementation of shellescape() (arbitrary code execution)"
    },
    {
      "cve": "CVE-2008-4101",
      "discovery_date": "2008-08-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "461927"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vim: arbitrary code execution in commands: K, Control-], g]",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:vim-2:7.0.109-4.el5_2.4z.src",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-2:7.0.109-4.el5_2.4z.src",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-4101"
        },
        {
          "category": "external",
          "summary": "RHBZ#461927",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-4101",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4101",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4101"
        }
      ],
      "release_date": "2008-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-25T08:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:vim-2:7.0.109-4.el5_2.4z.src",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-2:7.0.109-4.el5_2.4z.src",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0580"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vim: arbitrary code execution in commands: K, Control-], g]"
    },
    {
      "cve": "CVE-2008-6235",
      "discovery_date": "2008-07-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "467439"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) \"D\" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:vim-2:7.0.109-4.el5_2.4z.src",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-2:7.0.109-4.el5_2.4z.src",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-6235"
        },
        {
          "category": "external",
          "summary": "RHBZ#467439",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467439"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-6235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-6235"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-6235",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6235"
        }
      ],
      "release_date": "2008-07-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-25T08:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:vim-2:7.0.109-4.el5_2.4z.src",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-2:7.0.109-4.el5_2.4z.src",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0580"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution"
    }
  ]
}

RHSA-2008_0580

Vulnerability from csaf_redhat - Published: 2008-11-25 08:41 - Updated: 2024-11-22 02:08

Summary

Red Hat Security Advisory: vim security update

Notes

Topic

Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated vim packages that fix security issues are now available for Red Hat\nEnterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim\u0027s keyword and tag\nhandling. If Vim looked up a document\u0027s maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H\u00e4rnhammar, of Secunia Research, discovered a format string flaw in\nVim\u0027s help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0580",
        "url": "https://access.redhat.com/errata/RHSA-2008:0580"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "248542",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=248542"
      },
      {
        "category": "external",
        "summary": "451759",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451759"
      },
      {
        "category": "external",
        "summary": "461927",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
      },
      {
        "category": "external",
        "summary": "467428",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
      },
      {
        "category": "external",
        "summary": "467432",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
      },
      {
        "category": "external",
        "summary": "467439",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467439"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0580.json"
      }
    ],
    "title": "Red Hat Security Advisory: vim security update",
    "tracking": {
      "current_release_date": "2024-11-22T02:08:04+00:00",
      "generator": {
        "date": "2024-11-22T02:08:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2008:0580",
      "initial_release_date": "2008-11-25T08:41:00+00:00",
      "revision_history": [
        {
          "date": "2008-11-25T08:41:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-11-25T03:41:07+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T02:08:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
                "product": {
                  "name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
                "product": {
                  "name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_id": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
                "product": {
                  "name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_id": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
                "product": {
                  "name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
                  "product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
                  "product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
                  "product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-4.el5_2.4z.i386",
                "product": {
                  "name": "vim-common-2:7.0.109-4.el5_2.4z.i386",
                  "product_id": "vim-common-2:7.0.109-4.el5_2.4z.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
                "product": {
                  "name": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
                  "product_id": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=i386\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-2:7.0.109-4.el5_2.4z.src",
                "product": {
                  "name": "vim-2:7.0.109-4.el5_2.4z.src",
                  "product_id": "vim-2:7.0.109-4.el5_2.4z.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim@7.0.109-4.el5_2.4z?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
                "product": {
                  "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
                  "product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
                  "product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
                  "product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
                "product": {
                  "name": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
                  "product_id": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
                "product": {
                  "name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
                  "product_id": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=ia64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
                "product": {
                  "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
                  "product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
                  "product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
                  "product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
                "product": {
                  "name": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
                  "product_id": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
                "product": {
                  "name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
                  "product_id": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=ppc\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
                "product": {
                  "name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
                  "product_id": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
                  "product_id": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
                  "product_id": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
                "product": {
                  "name": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
                  "product_id": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
                "product": {
                  "name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
                  "product_id": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-4.el5_2.4z?arch=s390x\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-2:7.0.109-4.el5_2.4z.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-2:7.0.109-4.el5_2.4z.src"
        },
        "product_reference": "vim-2:7.0.109-4.el5_2.4z.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-2:7.0.109-4.el5_2.4z.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-2:7.0.109-4.el5_2.4z.src"
        },
        "product_reference": "vim-2:7.0.109-4.el5_2.4z.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-common-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        },
        "product_reference": "vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-2953",
      "discovery_date": "2007-07-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "248542"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vim format string flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248542\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:vim-2:7.0.109-4.el5_2.4z.src",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-2:7.0.109-4.el5_2.4z.src",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2953"
        },
        {
          "category": "external",
          "summary": "RHBZ#248542",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=248542"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2953",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2953"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2953",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2953"
        }
      ],
      "release_date": "2007-07-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-25T08:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:vim-2:7.0.109-4.el5_2.4z.src",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-2:7.0.109-4.el5_2.4z.src",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0580"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "vim format string flaw"
    },
    {
      "cve": "CVE-2008-2712",
      "discovery_date": "2008-06-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "451759"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.  NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298.  NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vim: command execution via scripts not sanitizing inputs to execute and system",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:vim-2:7.0.109-4.el5_2.4z.src",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-2:7.0.109-4.el5_2.4z.src",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2712"
        },
        {
          "category": "external",
          "summary": "RHBZ#451759",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451759"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2712",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2712",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2712"
        }
      ],
      "release_date": "2008-06-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-25T08:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:vim-2:7.0.109-4.el5_2.4z.src",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-2:7.0.109-4.el5_2.4z.src",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0580"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vim: command execution via scripts not sanitizing inputs to execute and system"
    },
    {
      "cve": "CVE-2008-3074",
      "discovery_date": "2008-07-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "467428"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075.  NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "plugin: improper Implementation of shellescape() (arbitrary code execution)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:vim-2:7.0.109-4.el5_2.4z.src",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-2:7.0.109-4.el5_2.4z.src",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3074"
        },
        {
          "category": "external",
          "summary": "RHBZ#467428",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467428"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3074",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3074"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3074",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3074"
        }
      ],
      "release_date": "2008-07-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-25T08:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:vim-2:7.0.109-4.el5_2.4z.src",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-2:7.0.109-4.el5_2.4z.src",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0580"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "plugin: improper Implementation of shellescape() (arbitrary code execution)"
    },
    {
      "cve": "CVE-2008-3075",
      "discovery_date": "2008-07-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "467432"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.  NOTE: this issue has the same root cause as CVE-2008-3074.  NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "plugin: improper Implementation of shellescape() (arbitrary code execution)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:vim-2:7.0.109-4.el5_2.4z.src",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-2:7.0.109-4.el5_2.4z.src",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3075"
        },
        {
          "category": "external",
          "summary": "RHBZ#467432",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3075",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3075"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3075",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3075"
        }
      ],
      "release_date": "2008-07-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-25T08:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:vim-2:7.0.109-4.el5_2.4z.src",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-2:7.0.109-4.el5_2.4z.src",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0580"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "plugin: improper Implementation of shellescape() (arbitrary code execution)"
    },
    {
      "cve": "CVE-2008-4101",
      "discovery_date": "2008-08-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "461927"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vim: arbitrary code execution in commands: K, Control-], g]",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:vim-2:7.0.109-4.el5_2.4z.src",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-2:7.0.109-4.el5_2.4z.src",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-4101"
        },
        {
          "category": "external",
          "summary": "RHBZ#461927",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-4101",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4101",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4101"
        }
      ],
      "release_date": "2008-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-25T08:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:vim-2:7.0.109-4.el5_2.4z.src",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-2:7.0.109-4.el5_2.4z.src",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0580"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vim: arbitrary code execution in commands: K, Control-], g]"
    },
    {
      "cve": "CVE-2008-6235",
      "discovery_date": "2008-07-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "467439"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) \"D\" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:vim-2:7.0.109-4.el5_2.4z.src",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-2:7.0.109-4.el5_2.4z.src",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
          "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-6235"
        },
        {
          "category": "external",
          "summary": "RHBZ#467439",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467439"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-6235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-6235"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-6235",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6235"
        }
      ],
      "release_date": "2008-07-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-25T08:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:vim-2:7.0.109-4.el5_2.4z.src",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Client:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-2:7.0.109-4.el5_2.4z.src",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-X11-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-common-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-debuginfo-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-enhanced-2:7.0.109-4.el5_2.4z.x86_64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.i386",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ia64",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.ppc",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.s390x",
            "5Server:vim-minimal-2:7.0.109-4.el5_2.4z.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0580"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution"
    }
  ]
}

FKIE_CVE-2008-3075

Vulnerability from fkie_nvd - Published: 2009-02-21 22:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=121494431426308&w=2
cve@mitre.org	http://secunia.com/advisories/34418
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/07/07/1	Exploit
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/07/07/4
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/07/08/12
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/07/10/7
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/07/13/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/07/15/4	Patch
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/08/01/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/10/15/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/10/20/2
cve@mitre.org	http://www.rdancer.org/vulnerablevim.html	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0580.html
cve@mitre.org	http://www.securityfocus.com/bid/32463
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=467432
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=121494431426308&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34418
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/07/07/1	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/07/07/4
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/07/08/12
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/07/10/7
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/07/13/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/07/15/4	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/08/01/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/10/15/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/10/20/2
af854a3a-2127-422b-91ae-364da2661108	http://www.rdancer.org/vulnerablevim.html	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0580.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32463
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=467432
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246

Impacted products

Vendor	Product	Version
vim	vim	7.0
vim	vim	7.1
vim	vim	7.1.266
vim	vim	7.1.314
vim	vim	7.2
vim	vim	7.2a.10
vim	zipplugin.vim	v.11
vim	zipplugin.vim	v.12
vim	zipplugin.vim	v.13
vim	zipplugin.vim	v.14
vim	zipplugin.vim	v.15
vim	zipplugin.vim	v.16
vim	zipplugin.vim	v.17
vim	zipplugin.vim	v.18
vim	zipplugin.vim	v.19
vim	zipplugin.vim	v.20
vim	zipplugin.vim	v.21

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CCAA40-55CE-4AB9-9268-AADA06E29B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8C5B265-A7DD-4D24-864C-BF1FEEF8F138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:7.1.266:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E9ABC5-442C-4693-8F86-A969AD89A0C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:7.1.314:*:*:*:*:*:*:*",
              "matchCriteriaId": "12BE4D12-2B98-4617-ADE2-6E71552306A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3613F5F4-9B8C-4020-8550-23310A41C85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:7.2a.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E3ADB1-C84F-49D9-81B5-7BCA9B96A3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:zipplugin.vim:v.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65BA734-30C8-400C-AF02-EED915462E19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:zipplugin.vim:v.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E163F7-65E4-4FA1-A8FF-8B78FB50C502",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:zipplugin.vim:v.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BE5C486-1D0D-4B43-8999-B08C817CC269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:zipplugin.vim:v.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C077F94-D041-4871-A0C9-44E33BA01CC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:zipplugin.vim:v.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC62FFD-E770-45A5-9CED-EC97B4C2C897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:zipplugin.vim:v.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F20FFF3-B384-4B94-BDEF-938796D326F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:zipplugin.vim:v.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAFE185D-B714-4A46-A93F-D1E3AC28645E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:zipplugin.vim:v.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "D747F46B-8F8D-465A-984C-AD4FCBEA5354",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:zipplugin.vim:v.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B87583-F00F-489D-9BBD-1D64A0595C92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:zipplugin.vim:v.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A7C5390-527E-470B-9F64-7BF16F1C09F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:zipplugin.vim:v.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "287EF92F-5067-41BA-88BE-20A57E9A1AE5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.  NOTE: this issue has the same root cause as CVE-2008-3074.  NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier."
    },
    {
      "lang": "es",
      "value": "La funcion shellescape en Vim v7.0 hasta v7.2, incluida la v7.2a.10, permite atacantes asistidos por el usuario ejecutar codigo a su eleccion a traves del metacaracter \"!\" (exclamacion) en la linea de comandos en (1)El nombre de fichero de un archivo ZIP y posiblemente (2)el nombre del primer fichero de un archivo ZIP, el cual no es manejado adecuadamente por zip.vim en el plugin ZIP VIM (zipPlugin.vim) v.11 hasta v.21, como se ha demostrado en los casos de prueba zipplugin y zipplugin.v2. NOTA: Esta informacion es debido al arreglo incompleto de CVE-2008-3074. NOTA: Debido a la complejidad de los hechos relacionados y la incompleta informacion sobre este, probablemente existen inexactitudes en la descripcion de esta vulnerabilidad."
    }
  ],
  "id": "CVE-2008-3075",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-02-21T22:30:00.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34418"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.rdancer.org/vulnerablevim.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32463"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/07/07/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/07/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/08/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/10/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/13/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.rdancer.org/vulnerablevim.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-3075 (GCVE-0-2008-3075)

GSD-2008-3075

CERTA-2009-AVI-101

Description

Solution

CERTA-2009-AVI-101

Description

Solution

GHSA-WQMG-Q854-X6X6

RHSA-2008:0580

RHSA-2008_0580

FKIE_CVE-2008-3075

Tags

Sightings

Nomenclature