cvelistv5 - cve-2008-3294

CVE-2008-3294 (GCVE-0-2008-3294)

Vulnerability from cvelistv5 – Published: 2008-07-24 18:00 – Updated: 2024-08-07 09:37

Summary

src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://seclists.org/fulldisclosure/2008/Jul/0312.html	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/archive/1/494535/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/2146…	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/31681	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/494532/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/31159	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/32222	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/2780	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://support.apple.com/kb/HT3216	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/494736/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:37:25.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2008/Jul/0312.html"
          },
          {
            "name": "20080718 Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/494535/100/0/threaded"
          },
          {
            "name": "ADV-2008-2146",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2146/references"
          },
          {
            "name": "31681",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/494532/100/0/threaded"
          },
          {
            "name": "31159",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31159"
          },
          {
            "name": "32222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "name": "ADV-2008-2780",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3216"
          },
          {
            "name": "20080725 Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/494736/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2008/Jul/0312.html"
        },
        {
          "name": "20080718 Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/494535/100/0/threaded"
        },
        {
          "name": "ADV-2008-2146",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2146/references"
        },
        {
          "name": "31681",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31681"
        },
        {
          "name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/494532/100/0/threaded"
        },
        {
          "name": "31159",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31159"
        },
        {
          "name": "32222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32222"
        },
        {
          "name": "ADV-2008-2780",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2780"
        },
        {
          "name": "APPLE-SA-2008-10-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3216"
        },
        {
          "name": "20080725 Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/494736/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3294",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2008/Jul/0312.html"
            },
            {
              "name": "20080718 Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/494535/100/0/threaded"
            },
            {
              "name": "ADV-2008-2146",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2146/references"
            },
            {
              "name": "31681",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31681"
            },
            {
              "name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/494532/100/0/threaded"
            },
            {
              "name": "31159",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31159"
            },
            {
              "name": "32222",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32222"
            },
            {
              "name": "ADV-2008-2780",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2780"
            },
            {
              "name": "APPLE-SA-2008-10-09",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3216",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3216"
            },
            {
              "name": "20080725 Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/494736/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3294",
    "datePublished": "2008-07-24T18:00:00",
    "dateReserved": "2008-07-24T00:00:00",
    "dateUpdated": "2024-08-07T09:37:25.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F325C23E-BFBC-4371-AF74-E189FC2515F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2527B955-E25A-4A33-A6F4-27DEDA99C7F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEA82FC2-F2A3-4BE2-8EE2-5A3BC3555401\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"808C36C4-0523-4FBC-B3B7-3E6E29FF24EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"404E256E-B823-4BC4-8F29-C3724604F474\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75F0563C-7156-4166-87AA-4C122F26CABB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CDFBFEB-D79E-4CEB-905E-FA89A0F0D494\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:5.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAEC13F6-0526-47FB-BF98-D864CE297D60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:5.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"477A2C0C-5229-4A08-8AB1-B9C8C2D4F3FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9FE70D0-5931-49D1-A750-7D03C8C28228\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A08C510-8774-4FEB-BCA3-1868F692BF94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"464D5E9A-EB5A-47AB-8657-15A68AD30D59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F4F51CA-18C1-4043-B4E6-F1AD9D3C1346\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2BAA6B0-4956-4D98-872A-BCCBD0D4CE16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97CCAA40-55CE-4AB9-9268-AADA06E29B9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8C5B265-A7DD-4D24-864C-BF1FEEF8F138\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.\"}, {\"lang\": \"es\", \"value\": \"El archivo src/configure.in en Vim versiones 5.0 hasta 7.1, cuando es usado para una compilaci\\u00f3n con soporte de Python, no garantiza que el archivo temporal Makefile-conf tenga la propiedad y los permisos previstos, lo que permite a usuarios locales ejecutar c\\u00f3digo arbitrario mediante la modificaci\\u00f3n de este archivo durante una ventana de tiempo o cre\\u00e1ndolo de antemano con permisos que impiden su modificaci\\u00f3n al configurarlo.\"}]",
      "id": "CVE-2008-3294",
      "lastModified": "2024-11-21T00:48:54.347",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 3.7, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 1.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2008-07-24T18:41:00.000",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2008/Jul/0312.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31159\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/32222\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT3216\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/494532/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/494535/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/494736/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/31681\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2146/references\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2780\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2008/Jul/0312.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/31159\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/32222\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT3216\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/494532/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/494535/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/494736/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/31681\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2146/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2780\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"This issue can only be exploited during the package build and it does not affect users of pre-built packages distributed with Red Hat Enterprise Linux. Therefore, we do not plan to backport a fix for this issue to already released version of Red Hat Enterprise Linux 2.1, 3, 4, and 5.\", \"lastModified\": \"2008-07-25T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3294\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-07-24T18:41:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.\"},{\"lang\":\"es\",\"value\":\"El archivo src/configure.in en Vim versiones 5.0 hasta 7.1, cuando es usado para una compilaci\u00f3n con soporte de Python, no garantiza que el archivo temporal Makefile-conf tenga la propiedad y los permisos previstos, lo que permite a usuarios locales ejecutar c\u00f3digo arbitrario mediante la modificaci\u00f3n de este archivo durante una ventana de tiempo o cre\u00e1ndolo de antemano con permisos que impiden su modificaci\u00f3n al configurarlo.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":3.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":1.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F325C23E-BFBC-4371-AF74-E189FC2515F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2527B955-E25A-4A33-A6F4-27DEDA99C7F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEA82FC2-F2A3-4BE2-8EE2-5A3BC3555401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"808C36C4-0523-4FBC-B3B7-3E6E29FF24EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"404E256E-B823-4BC4-8F29-C3724604F474\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75F0563C-7156-4166-87AA-4C122F26CABB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CDFBFEB-D79E-4CEB-905E-FA89A0F0D494\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAEC13F6-0526-47FB-BF98-D864CE297D60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"477A2C0C-5229-4A08-8AB1-B9C8C2D4F3FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9FE70D0-5931-49D1-A750-7D03C8C28228\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A08C510-8774-4FEB-BCA3-1868F692BF94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"464D5E9A-EB5A-47AB-8657-15A68AD30D59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F4F51CA-18C1-4043-B4E6-F1AD9D3C1346\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2BAA6B0-4956-4D98-872A-BCCBD0D4CE16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97CCAA40-55CE-4AB9-9268-AADA06E29B9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8C5B265-A7DD-4D24-864C-BF1FEEF8F138\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2008/Jul/0312.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31159\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32222\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3216\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/494532/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/494535/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/494736/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/31681\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2146/references\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2780\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2008/Jul/0312.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/494532/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/494535/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/494736/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/31681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2146/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"This issue can only be exploited during the package build and it does not affect users of pre-built packages distributed with Red Hat Enterprise Linux. Therefore, we do not plan to backport a fix for this issue to already released version of Red Hat Enterprise Linux 2.1, 3, 4, and 5.\",\"lastModified\":\"2008-07-25T00:00:00\"}]}}"
  }
}

GHSA-2P55-MR3X-RQXJ

Vulnerability from github – Published: 2022-05-01 23:58 – Updated: 2022-05-01 23:58

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3294"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-07-24T18:41:00Z",
    "severity": "LOW"
  },
  "details": "src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.",
  "id": "GHSA-2p55-mr3x-rqxj",
  "modified": "2022-05-01T23:58:44Z",
  "published": "2022-05-01T23:58:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3294"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2008/Jul/0312.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31159"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/494532/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/494535/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/494736/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2146/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-3294

Vulnerability from fkie_nvd - Published: 2008-07-24 18:41 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
cve@mitre.org	http://seclists.org/fulldisclosure/2008/Jul/0312.html
cve@mitre.org	http://secunia.com/advisories/31159	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/32222	Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT3216
cve@mitre.org	http://www.securityfocus.com/archive/1/494532/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/494535/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/494736/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/31681
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2146/references	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2780	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2008/Jul/0312.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31159	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32222	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3216
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/494532/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/494535/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/494736/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31681
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2146/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2780	Vendor Advisory

Impacted products

Vendor	Product	Version
vim	vim	5.0
vim	vim	5.1
vim	vim	5.2
vim	vim	5.3
vim	vim	5.4
vim	vim	5.5
vim	vim	5.6
vim	vim	5.7
vim	vim	5.8
vim	vim	6.0
vim	vim	6.1
vim	vim	6.2
vim	vim	6.3
vim	vim	6.4
vim	vim	7.0
vim	vim	7.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F325C23E-BFBC-4371-AF74-E189FC2515F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2527B955-E25A-4A33-A6F4-27DEDA99C7F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEA82FC2-F2A3-4BE2-8EE2-5A3BC3555401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "808C36C4-0523-4FBC-B3B7-3E6E29FF24EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "404E256E-B823-4BC4-8F29-C3724604F474",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75F0563C-7156-4166-87AA-4C122F26CABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CDFBFEB-D79E-4CEB-905E-FA89A0F0D494",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAEC13F6-0526-47FB-BF98-D864CE297D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "477A2C0C-5229-4A08-8AB1-B9C8C2D4F3FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9FE70D0-5931-49D1-A750-7D03C8C28228",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A08C510-8774-4FEB-BCA3-1868F692BF94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "464D5E9A-EB5A-47AB-8657-15A68AD30D59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F4F51CA-18C1-4043-B4E6-F1AD9D3C1346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BAA6B0-4956-4D98-872A-BCCBD0D4CE16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CCAA40-55CE-4AB9-9268-AADA06E29B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8C5B265-A7DD-4D24-864C-BF1FEEF8F138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure."
    },
    {
      "lang": "es",
      "value": "El archivo src/configure.in en Vim versiones 5.0 hasta 7.1, cuando es usado para una compilaci\u00f3n con soporte de Python, no garantiza que el archivo temporal Makefile-conf tenga la propiedad y los permisos previstos, lo que permite a usuarios locales ejecutar c\u00f3digo arbitrario mediante la modificaci\u00f3n de este archivo durante una ventana de tiempo o cre\u00e1ndolo de antemano con permisos que impiden su modificaci\u00f3n al configurarlo."
    }
  ],
  "id": "CVE-2008-3294",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-07-24T18:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2008/Jul/0312.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31159"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/494532/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/494535/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/494736/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2146/references"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2008/Jul/0312.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/494532/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/494535/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/494736/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2146/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "This issue can only be exploited during the package build and it does not affect users of pre-built packages distributed with Red Hat Enterprise Linux. Therefore, we do not plan to backport a fix for this issue to already released version of Red Hat Enterprise Linux 2.1, 3, 4, and 5.",
      "lastModified": "2008-07-25T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2008-3294

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-3294

Aliases

CVE-2008-3294

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3294",
    "description": "src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.",
    "id": "GSD-2008-3294"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3294"
      ],
      "details": "src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.",
      "id": "GSD-2008-3294",
      "modified": "2023-12-13T01:23:05.310431Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-3294",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2008/Jul/0312.html"
          },
          {
            "name": "20080718 Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/494535/100/0/threaded"
          },
          {
            "name": "ADV-2008-2146",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2146/references"
          },
          {
            "name": "31681",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/494532/100/0/threaded"
          },
          {
            "name": "31159",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31159"
          },
          {
            "name": "32222",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "name": "ADV-2008-2780",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT3216",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3216"
          },
          {
            "name": "20080725 Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/494736/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3294"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2008/Jul/0312.html"
            },
            {
              "name": "31159",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31159"
            },
            {
              "name": "31681",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/31681"
            },
            {
              "name": "APPLE-SA-2008-10-09",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
            },
            {
              "name": "32222",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32222"
            },
            {
              "name": "http://support.apple.com/kb/HT3216",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3216"
            },
            {
              "name": "ADV-2008-2146",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2146/references"
            },
            {
              "name": "ADV-2008-2780",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2780"
            },
            {
              "name": "20080725 Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/494736/100/0/threaded"
            },
            {
              "name": "20080718 Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/494535/100/0/threaded"
            },
            {
              "name": "20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/494532/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.7,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 1.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T20:47Z",
      "publishedDate": "2008-07-24T18:41Z"
    }
  }
}

CERTA-2008-AVI-492

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités affectant Apple Mac Os X permettent à une personne malveillante d'effectuer une exécution de code arbitraire, de provoquer un déni de service à distance, de contourner la politique de sécurité, de porter atteinte à la confidentialité des données et d'élever ses privilèges sur le système.

Description

De multiples vulnérabilités ont été découvertes dans Apple Mac OS X. Ces dernières affectent entre autres :

ColorSync ;
CUPS ;
Finder ;
Postfix ;
Networking ;
...

Elles permettent à une personne malintentionnée d'effectuer une exécution de code arbitraire , de provoquer un déni de service à distance, de contourner la politique de sécurité, de porter atteinte à la confidentialité des données et d'élever ses privilèges sur le système.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Mac OS X 10.4.11 ;
	N/A	N/A	Mac OS X 10.5.5.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3216 du 09 octobre 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.5.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple Mac OS X. Ces\nderni\u00e8res affectent entre autres :\n\n-   ColorSync ;\n-   CUPS ;\n-   Finder ;\n-   Postfix ;\n-   Networking ;\n-   ...\n\nElles permettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une\nex\u00e9cution de code arbitraire , de provoquer un d\u00e9ni de service \u00e0\ndistance, de contourner la politique de s\u00e9curit\u00e9, de porter atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et d\u0027\u00e9lever ses privil\u00e8ges sur le\nsyst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1678"
    },
    {
      "name": "CVE-2008-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3643"
    },
    {
      "name": "CVE-2008-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0226"
    },
    {
      "name": "CVE-2008-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3642"
    },
    {
      "name": "CVE-2008-4212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4212"
    },
    {
      "name": "CVE-2008-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
    },
    {
      "name": "CVE-2008-4215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4215"
    },
    {
      "name": "CVE-2007-6420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6420"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-0674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0674"
    },
    {
      "name": "CVE-2007-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5969"
    },
    {
      "name": "CVE-2008-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3646"
    },
    {
      "name": "CVE-2008-3912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3912"
    },
    {
      "name": "CVE-2008-3914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3914"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2008-3432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3432"
    },
    {
      "name": "CVE-2008-2079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2079"
    },
    {
      "name": "CVE-2008-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1389"
    },
    {
      "name": "CVE-2008-1232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
    },
    {
      "name": "CVE-2008-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2008-1947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
    },
    {
      "name": "CVE-2007-4850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4850"
    },
    {
      "name": "CVE-2007-2691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2691"
    },
    {
      "name": "CVE-2007-6286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6286"
    },
    {
      "name": "CVE-2008-3641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3641"
    },
    {
      "name": "CVE-2008-3913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3913"
    },
    {
      "name": "CVE-2008-3294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3294"
    },
    {
      "name": "CVE-2008-3645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3645"
    },
    {
      "name": "CVE-2008-3647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3647"
    },
    {
      "name": "CVE-2007-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
    },
    {
      "name": "CVE-2008-2364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
    },
    {
      "name": "CVE-2008-4214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4214"
    },
    {
      "name": "CVE-2008-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1767"
    },
    {
      "name": "CVE-2008-2938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
    },
    {
      "name": "CVE-2008-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0227"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2008-4211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4211"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-492",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant Apple Mac Os X permettent \u00e0 une\npersonne malveillante d\u0027effectuer une ex\u00e9cution de code arbitraire, de\nprovoquer un d\u00e9ni de service \u00e0 distance, de contourner la politique de\ns\u00e9curit\u00e9, de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nd\u0027\u00e9lever ses privil\u00e8ges sur le syst\u00e8me.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3216 du 09 octobre 2008",
      "url": "http://support.apple.com/kb/HT3216"
    }
  ]
}

CERTA-2008-AVI-492

Vulnerability from certfr_avis - Published: - Updated:

Description

De multiples vulnérabilités ont été découvertes dans Apple Mac OS X. Ces dernières affectent entre autres :

ColorSync ;
CUPS ;
Finder ;
Postfix ;
Networking ;
...

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Mac OS X 10.4.11 ;
	N/A	N/A	Mac OS X 10.5.5.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3216 du 09 octobre 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.5.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple Mac OS X. Ces\nderni\u00e8res affectent entre autres :\n\n-   ColorSync ;\n-   CUPS ;\n-   Finder ;\n-   Postfix ;\n-   Networking ;\n-   ...\n\nElles permettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une\nex\u00e9cution de code arbitraire , de provoquer un d\u00e9ni de service \u00e0\ndistance, de contourner la politique de s\u00e9curit\u00e9, de porter atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et d\u0027\u00e9lever ses privil\u00e8ges sur le\nsyst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1678"
    },
    {
      "name": "CVE-2008-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3643"
    },
    {
      "name": "CVE-2008-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0226"
    },
    {
      "name": "CVE-2008-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3642"
    },
    {
      "name": "CVE-2008-4212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4212"
    },
    {
      "name": "CVE-2008-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
    },
    {
      "name": "CVE-2008-4215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4215"
    },
    {
      "name": "CVE-2007-6420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6420"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-0674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0674"
    },
    {
      "name": "CVE-2007-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5969"
    },
    {
      "name": "CVE-2008-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3646"
    },
    {
      "name": "CVE-2008-3912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3912"
    },
    {
      "name": "CVE-2008-3914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3914"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2008-3432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3432"
    },
    {
      "name": "CVE-2008-2079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2079"
    },
    {
      "name": "CVE-2008-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1389"
    },
    {
      "name": "CVE-2008-1232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
    },
    {
      "name": "CVE-2008-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2008-1947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
    },
    {
      "name": "CVE-2007-4850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4850"
    },
    {
      "name": "CVE-2007-2691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2691"
    },
    {
      "name": "CVE-2007-6286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6286"
    },
    {
      "name": "CVE-2008-3641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3641"
    },
    {
      "name": "CVE-2008-3913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3913"
    },
    {
      "name": "CVE-2008-3294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3294"
    },
    {
      "name": "CVE-2008-3645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3645"
    },
    {
      "name": "CVE-2008-3647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3647"
    },
    {
      "name": "CVE-2007-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
    },
    {
      "name": "CVE-2008-2364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
    },
    {
      "name": "CVE-2008-4214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4214"
    },
    {
      "name": "CVE-2008-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1767"
    },
    {
      "name": "CVE-2008-2938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
    },
    {
      "name": "CVE-2008-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0227"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2008-4211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4211"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-492",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant Apple Mac Os X permettent \u00e0 une\npersonne malveillante d\u0027effectuer une ex\u00e9cution de code arbitraire, de\nprovoquer un d\u00e9ni de service \u00e0 distance, de contourner la politique de\ns\u00e9curit\u00e9, de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nd\u0027\u00e9lever ses privil\u00e8ges sur le syst\u00e8me.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3216 du 09 octobre 2008",
      "url": "http://support.apple.com/kb/HT3216"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Vendor	Product	Version
vim	vim	5.0
vim	vim	5.1
vim	vim	5.2
vim	vim	5.3
vim	vim	5.4
vim	vim	5.5
vim	vim	5.6
vim	vim	5.7
vim	vim	5.8
vim	vim	6.0
vim	vim	6.1
vim	vim	6.2
vim	vim	6.3
vim	vim	6.4
vim	vim	7.0
vim	vim	7.1

Vendor	Product	Version
vim	vim	5.0
vim	vim	5.1
vim	vim	5.2
vim	vim	5.3
vim	vim	5.4
vim	vim	5.5
vim	vim	5.6
vim	vim	5.7
vim	vim	5.8
vim	vim	6.0
vim	vim	6.1
vim	vim	6.2
vim	vim	6.3
vim	vim	6.4
vim	vim	7.0
vim	vim	7.1

Action not permitted

CVE-2008-3294 (GCVE-0-2008-3294)

GHSA-2P55-MR3X-RQXJ

FKIE_CVE-2008-3294

GSD-2008-3294

CERTA-2008-AVI-492

Description

Solution

CERTA-2008-AVI-492

Description

Solution

Tags

Sightings

Nomenclature

Vendor	Product	Version
vim	vim	5.0
vim	vim	5.1
vim	vim	5.2
vim	vim	5.3
vim	vim	5.4
vim	vim	5.5
vim	vim	5.6
vim	vim	5.7
vim	vim	5.8
vim	vim	6.0
vim	vim	6.1
vim	vim	6.2
vim	vim	6.3
vim	vim	6.4
vim	vim	7.0
vim	vim	7.1