FKIE_CVE-2008-3294

Vulnerability from fkie_nvd - Published: 2008-07-24 18:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.
References
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
cve@mitre.orghttp://seclists.org/fulldisclosure/2008/Jul/0312.html
cve@mitre.orghttp://secunia.com/advisories/31159Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/32222Vendor Advisory
cve@mitre.orghttp://support.apple.com/kb/HT3216
cve@mitre.orghttp://www.securityfocus.com/archive/1/494532/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/494535/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/494736/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/31681
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2146/referencesVendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2780Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2008/Jul/0312.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31159Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32222Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3216
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/494532/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/494535/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/494736/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31681
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2146/referencesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2780Vendor Advisory
Impacted products
Vendor Product Version
vim vim 5.0
vim vim 5.1
vim vim 5.2
vim vim 5.3
vim vim 5.4
vim vim 5.5
vim vim 5.6
vim vim 5.7
vim vim 5.8
vim vim 6.0
vim vim 6.1
vim vim 6.2
vim vim 6.3
vim vim 6.4
vim vim 7.0
vim vim 7.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F325C23E-BFBC-4371-AF74-E189FC2515F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2527B955-E25A-4A33-A6F4-27DEDA99C7F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEA82FC2-F2A3-4BE2-8EE2-5A3BC3555401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "808C36C4-0523-4FBC-B3B7-3E6E29FF24EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "404E256E-B823-4BC4-8F29-C3724604F474",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75F0563C-7156-4166-87AA-4C122F26CABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CDFBFEB-D79E-4CEB-905E-FA89A0F0D494",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAEC13F6-0526-47FB-BF98-D864CE297D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "477A2C0C-5229-4A08-8AB1-B9C8C2D4F3FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9FE70D0-5931-49D1-A750-7D03C8C28228",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A08C510-8774-4FEB-BCA3-1868F692BF94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "464D5E9A-EB5A-47AB-8657-15A68AD30D59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F4F51CA-18C1-4043-B4E6-F1AD9D3C1346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BAA6B0-4956-4D98-872A-BCCBD0D4CE16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CCAA40-55CE-4AB9-9268-AADA06E29B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8C5B265-A7DD-4D24-864C-BF1FEEF8F138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure."
    },
    {
      "lang": "es",
      "value": "El archivo src/configure.in en Vim versiones 5.0 hasta 7.1, cuando es usado para una compilaci\u00f3n con soporte de Python, no garantiza que el archivo temporal Makefile-conf tenga la propiedad y los permisos previstos, lo que permite a usuarios locales ejecutar c\u00f3digo arbitrario mediante la modificaci\u00f3n de este archivo durante una ventana de tiempo o cre\u00e1ndolo de antemano con permisos que impiden su modificaci\u00f3n al configurarlo."
    }
  ],
  "id": "CVE-2008-3294",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-07-24T18:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2008/Jul/0312.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31159"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/494532/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/494535/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/494736/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2146/references"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2008/Jul/0312.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/494532/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/494535/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/494736/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2146/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "This issue can only be exploited during the package build and it does not affect users of pre-built packages distributed with Red Hat Enterprise Linux. Therefore, we do not plan to backport a fix for this issue to already released version of Red Hat Enterprise Linux 2.1, 3, 4, and 5.",
      "lastModified": "2008-07-25T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.