csaf_redhat - rhsa-2007:0346

RHSA-2007:0346

Vulnerability from csaf_redhat - Published: 2007-05-09 13:11 - Updated: 2025-11-21 17:31

Summary

Red Hat Security Advisory: vim security update

Notes

Topic

Updated vim packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

VIM (VIsual editor iMproved) is a version of the vi editor. An arbitrary command execution flaw was found in the way VIM processes modelines. If a user with modelines enabled opened a text file containing a carefully crafted modeline, arbitrary commands could be executed as the user running VIM. (CVE-2007-2438) Users of VIM are advised to upgrade to these updated packages, which resolve this issue. Please note: this issue did not affect VIM as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated vim packages that fix a security issue are now available for Red\nHat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "VIM (VIsual editor iMproved) is a version of the vi editor.\n\nAn arbitrary command execution flaw was found in the way VIM processes\nmodelines.  If a user with modelines enabled opened a text file containing\na carefully crafted modeline, arbitrary commands could be executed as the user\nrunning VIM. (CVE-2007-2438)\n\nUsers of VIM are advised to upgrade to these updated packages, which\nresolve this issue.\n\nPlease note: this issue did not affect VIM as distributed with Red Hat\nEnterprise Linux 2.1, 3, or 4.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0346",
        "url": "https://access.redhat.com/errata/RHSA-2007:0346"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "238259",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238259"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0346.json"
      }
    ],
    "title": "Red Hat Security Advisory: vim security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:31:36+00:00",
      "generator": {
        "date": "2025-11-21T17:31:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2007:0346",
      "initial_release_date": "2007-05-09T13:11:00+00:00",
      "revision_history": [
        {
          "date": "2007-05-09T13:11:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-05-09T09:12:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:31:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-2:7.0.109-3.el5.3.src",
                "product": {
                  "name": "vim-2:7.0.109-3.el5.3.src",
                  "product_id": "vim-2:7.0.109-3.el5.3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim@7.0.109-3.el5.3?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-3.el5.3.x86_64",
                "product": {
                  "name": "vim-common-2:7.0.109-3.el5.3.x86_64",
                  "product_id": "vim-common-2:7.0.109-3.el5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-3.el5.3?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-3.el5.3.x86_64",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-3.el5.3.x86_64",
                  "product_id": "vim-enhanced-2:7.0.109-3.el5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-3.el5.3?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-3.el5.3.x86_64",
                "product": {
                  "name": "vim-minimal-2:7.0.109-3.el5.3.x86_64",
                  "product_id": "vim-minimal-2:7.0.109-3.el5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-3.el5.3?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-3.el5.3.x86_64",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-3.el5.3.x86_64",
                  "product_id": "vim-debuginfo-2:7.0.109-3.el5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-3.el5.3?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-3.el5.3.x86_64",
                "product": {
                  "name": "vim-X11-2:7.0.109-3.el5.3.x86_64",
                  "product_id": "vim-X11-2:7.0.109-3.el5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-3.el5.3?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-3.el5.3.i386",
                "product": {
                  "name": "vim-common-2:7.0.109-3.el5.3.i386",
                  "product_id": "vim-common-2:7.0.109-3.el5.3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-3.el5.3?arch=i386\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-3.el5.3.i386",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-3.el5.3.i386",
                  "product_id": "vim-enhanced-2:7.0.109-3.el5.3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-3.el5.3?arch=i386\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-3.el5.3.i386",
                "product": {
                  "name": "vim-minimal-2:7.0.109-3.el5.3.i386",
                  "product_id": "vim-minimal-2:7.0.109-3.el5.3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-3.el5.3?arch=i386\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-3.el5.3.i386",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-3.el5.3.i386",
                  "product_id": "vim-debuginfo-2:7.0.109-3.el5.3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-3.el5.3?arch=i386\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-3.el5.3.i386",
                "product": {
                  "name": "vim-X11-2:7.0.109-3.el5.3.i386",
                  "product_id": "vim-X11-2:7.0.109-3.el5.3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-3.el5.3?arch=i386\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-3.el5.3.ia64",
                "product": {
                  "name": "vim-common-2:7.0.109-3.el5.3.ia64",
                  "product_id": "vim-common-2:7.0.109-3.el5.3.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-3.el5.3?arch=ia64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-3.el5.3.ia64",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-3.el5.3.ia64",
                  "product_id": "vim-enhanced-2:7.0.109-3.el5.3.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-3.el5.3?arch=ia64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-3.el5.3.ia64",
                "product": {
                  "name": "vim-minimal-2:7.0.109-3.el5.3.ia64",
                  "product_id": "vim-minimal-2:7.0.109-3.el5.3.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-3.el5.3?arch=ia64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-3.el5.3.ia64",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-3.el5.3.ia64",
                  "product_id": "vim-debuginfo-2:7.0.109-3.el5.3.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-3.el5.3?arch=ia64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-3.el5.3.ia64",
                "product": {
                  "name": "vim-X11-2:7.0.109-3.el5.3.ia64",
                  "product_id": "vim-X11-2:7.0.109-3.el5.3.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-3.el5.3?arch=ia64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-3.el5.3.ppc",
                "product": {
                  "name": "vim-common-2:7.0.109-3.el5.3.ppc",
                  "product_id": "vim-common-2:7.0.109-3.el5.3.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-3.el5.3?arch=ppc\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-3.el5.3.ppc",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-3.el5.3.ppc",
                  "product_id": "vim-enhanced-2:7.0.109-3.el5.3.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-3.el5.3?arch=ppc\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-3.el5.3.ppc",
                "product": {
                  "name": "vim-minimal-2:7.0.109-3.el5.3.ppc",
                  "product_id": "vim-minimal-2:7.0.109-3.el5.3.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-3.el5.3?arch=ppc\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-3.el5.3.ppc",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-3.el5.3.ppc",
                  "product_id": "vim-debuginfo-2:7.0.109-3.el5.3.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-3.el5.3?arch=ppc\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-3.el5.3.ppc",
                "product": {
                  "name": "vim-X11-2:7.0.109-3.el5.3.ppc",
                  "product_id": "vim-X11-2:7.0.109-3.el5.3.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-3.el5.3?arch=ppc\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vim-common-2:7.0.109-3.el5.3.s390x",
                "product": {
                  "name": "vim-common-2:7.0.109-3.el5.3.s390x",
                  "product_id": "vim-common-2:7.0.109-3.el5.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-common@7.0.109-3.el5.3?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-enhanced-2:7.0.109-3.el5.3.s390x",
                "product": {
                  "name": "vim-enhanced-2:7.0.109-3.el5.3.s390x",
                  "product_id": "vim-enhanced-2:7.0.109-3.el5.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-enhanced@7.0.109-3.el5.3?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-minimal-2:7.0.109-3.el5.3.s390x",
                "product": {
                  "name": "vim-minimal-2:7.0.109-3.el5.3.s390x",
                  "product_id": "vim-minimal-2:7.0.109-3.el5.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-minimal@7.0.109-3.el5.3?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-debuginfo-2:7.0.109-3.el5.3.s390x",
                "product": {
                  "name": "vim-debuginfo-2:7.0.109-3.el5.3.s390x",
                  "product_id": "vim-debuginfo-2:7.0.109-3.el5.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-debuginfo@7.0.109-3.el5.3?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "vim-X11-2:7.0.109-3.el5.3.s390x",
                "product": {
                  "name": "vim-X11-2:7.0.109-3.el5.3.s390x",
                  "product_id": "vim-X11-2:7.0.109-3.el5.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/vim-X11@7.0.109-3.el5.3?arch=s390x\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-2:7.0.109-3.el5.3.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-2:7.0.109-3.el5.3.src"
        },
        "product_reference": "vim-2:7.0.109-3.el5.3.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-3.el5.3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-3.el5.3.i386"
        },
        "product_reference": "vim-X11-2:7.0.109-3.el5.3.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-3.el5.3.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-3.el5.3.ia64"
        },
        "product_reference": "vim-X11-2:7.0.109-3.el5.3.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-3.el5.3.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-3.el5.3.ppc"
        },
        "product_reference": "vim-X11-2:7.0.109-3.el5.3.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-3.el5.3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-3.el5.3.s390x"
        },
        "product_reference": "vim-X11-2:7.0.109-3.el5.3.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-3.el5.3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-X11-2:7.0.109-3.el5.3.x86_64"
        },
        "product_reference": "vim-X11-2:7.0.109-3.el5.3.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-3.el5.3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-3.el5.3.i386"
        },
        "product_reference": "vim-common-2:7.0.109-3.el5.3.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-3.el5.3.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-3.el5.3.ia64"
        },
        "product_reference": "vim-common-2:7.0.109-3.el5.3.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-3.el5.3.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-3.el5.3.ppc"
        },
        "product_reference": "vim-common-2:7.0.109-3.el5.3.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-3.el5.3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-3.el5.3.s390x"
        },
        "product_reference": "vim-common-2:7.0.109-3.el5.3.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-3.el5.3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-common-2:7.0.109-3.el5.3.x86_64"
        },
        "product_reference": "vim-common-2:7.0.109-3.el5.3.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-3.el5.3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-3.el5.3.i386"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-3.el5.3.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-3.el5.3.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-3.el5.3.ia64"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-3.el5.3.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-3.el5.3.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-3.el5.3.ppc"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-3.el5.3.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-3.el5.3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-3.el5.3.s390x"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-3.el5.3.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-3.el5.3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-debuginfo-2:7.0.109-3.el5.3.x86_64"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-3.el5.3.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-3.el5.3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-3.el5.3.i386"
        },
        "product_reference": "vim-enhanced-2:7.0.109-3.el5.3.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-3.el5.3.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-3.el5.3.ia64"
        },
        "product_reference": "vim-enhanced-2:7.0.109-3.el5.3.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-3.el5.3.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-3.el5.3.ppc"
        },
        "product_reference": "vim-enhanced-2:7.0.109-3.el5.3.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-3.el5.3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-3.el5.3.s390x"
        },
        "product_reference": "vim-enhanced-2:7.0.109-3.el5.3.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-3.el5.3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-enhanced-2:7.0.109-3.el5.3.x86_64"
        },
        "product_reference": "vim-enhanced-2:7.0.109-3.el5.3.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-3.el5.3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-3.el5.3.i386"
        },
        "product_reference": "vim-minimal-2:7.0.109-3.el5.3.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-3.el5.3.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-3.el5.3.ia64"
        },
        "product_reference": "vim-minimal-2:7.0.109-3.el5.3.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-3.el5.3.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-3.el5.3.ppc"
        },
        "product_reference": "vim-minimal-2:7.0.109-3.el5.3.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-3.el5.3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-3.el5.3.s390x"
        },
        "product_reference": "vim-minimal-2:7.0.109-3.el5.3.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-3.el5.3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:vim-minimal-2:7.0.109-3.el5.3.x86_64"
        },
        "product_reference": "vim-minimal-2:7.0.109-3.el5.3.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-2:7.0.109-3.el5.3.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-2:7.0.109-3.el5.3.src"
        },
        "product_reference": "vim-2:7.0.109-3.el5.3.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-3.el5.3.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-3.el5.3.i386"
        },
        "product_reference": "vim-X11-2:7.0.109-3.el5.3.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-3.el5.3.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-3.el5.3.ia64"
        },
        "product_reference": "vim-X11-2:7.0.109-3.el5.3.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-3.el5.3.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-3.el5.3.ppc"
        },
        "product_reference": "vim-X11-2:7.0.109-3.el5.3.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-3.el5.3.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-3.el5.3.s390x"
        },
        "product_reference": "vim-X11-2:7.0.109-3.el5.3.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-X11-2:7.0.109-3.el5.3.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-X11-2:7.0.109-3.el5.3.x86_64"
        },
        "product_reference": "vim-X11-2:7.0.109-3.el5.3.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-3.el5.3.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-3.el5.3.i386"
        },
        "product_reference": "vim-common-2:7.0.109-3.el5.3.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-3.el5.3.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-3.el5.3.ia64"
        },
        "product_reference": "vim-common-2:7.0.109-3.el5.3.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-3.el5.3.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-3.el5.3.ppc"
        },
        "product_reference": "vim-common-2:7.0.109-3.el5.3.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-3.el5.3.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-3.el5.3.s390x"
        },
        "product_reference": "vim-common-2:7.0.109-3.el5.3.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-common-2:7.0.109-3.el5.3.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-common-2:7.0.109-3.el5.3.x86_64"
        },
        "product_reference": "vim-common-2:7.0.109-3.el5.3.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-3.el5.3.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-3.el5.3.i386"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-3.el5.3.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-3.el5.3.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-3.el5.3.ia64"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-3.el5.3.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-3.el5.3.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-3.el5.3.ppc"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-3.el5.3.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-3.el5.3.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-3.el5.3.s390x"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-3.el5.3.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-debuginfo-2:7.0.109-3.el5.3.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-debuginfo-2:7.0.109-3.el5.3.x86_64"
        },
        "product_reference": "vim-debuginfo-2:7.0.109-3.el5.3.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-3.el5.3.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-3.el5.3.i386"
        },
        "product_reference": "vim-enhanced-2:7.0.109-3.el5.3.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-3.el5.3.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-3.el5.3.ia64"
        },
        "product_reference": "vim-enhanced-2:7.0.109-3.el5.3.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-3.el5.3.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-3.el5.3.ppc"
        },
        "product_reference": "vim-enhanced-2:7.0.109-3.el5.3.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-3.el5.3.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-3.el5.3.s390x"
        },
        "product_reference": "vim-enhanced-2:7.0.109-3.el5.3.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-enhanced-2:7.0.109-3.el5.3.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-enhanced-2:7.0.109-3.el5.3.x86_64"
        },
        "product_reference": "vim-enhanced-2:7.0.109-3.el5.3.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-3.el5.3.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-3.el5.3.i386"
        },
        "product_reference": "vim-minimal-2:7.0.109-3.el5.3.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-3.el5.3.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-3.el5.3.ia64"
        },
        "product_reference": "vim-minimal-2:7.0.109-3.el5.3.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-3.el5.3.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-3.el5.3.ppc"
        },
        "product_reference": "vim-minimal-2:7.0.109-3.el5.3.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-3.el5.3.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-3.el5.3.s390x"
        },
        "product_reference": "vim-minimal-2:7.0.109-3.el5.3.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vim-minimal-2:7.0.109-3.el5.3.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:vim-minimal-2:7.0.109-3.el5.3.x86_64"
        },
        "product_reference": "vim-minimal-2:7.0.109-3.el5.3.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-2438",
      "discovery_date": "2007-04-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "238734"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vim-7 modeline security issue",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:vim-2:7.0.109-3.el5.3.src",
          "5Client:vim-X11-2:7.0.109-3.el5.3.i386",
          "5Client:vim-X11-2:7.0.109-3.el5.3.ia64",
          "5Client:vim-X11-2:7.0.109-3.el5.3.ppc",
          "5Client:vim-X11-2:7.0.109-3.el5.3.s390x",
          "5Client:vim-X11-2:7.0.109-3.el5.3.x86_64",
          "5Client:vim-common-2:7.0.109-3.el5.3.i386",
          "5Client:vim-common-2:7.0.109-3.el5.3.ia64",
          "5Client:vim-common-2:7.0.109-3.el5.3.ppc",
          "5Client:vim-common-2:7.0.109-3.el5.3.s390x",
          "5Client:vim-common-2:7.0.109-3.el5.3.x86_64",
          "5Client:vim-debuginfo-2:7.0.109-3.el5.3.i386",
          "5Client:vim-debuginfo-2:7.0.109-3.el5.3.ia64",
          "5Client:vim-debuginfo-2:7.0.109-3.el5.3.ppc",
          "5Client:vim-debuginfo-2:7.0.109-3.el5.3.s390x",
          "5Client:vim-debuginfo-2:7.0.109-3.el5.3.x86_64",
          "5Client:vim-enhanced-2:7.0.109-3.el5.3.i386",
          "5Client:vim-enhanced-2:7.0.109-3.el5.3.ia64",
          "5Client:vim-enhanced-2:7.0.109-3.el5.3.ppc",
          "5Client:vim-enhanced-2:7.0.109-3.el5.3.s390x",
          "5Client:vim-enhanced-2:7.0.109-3.el5.3.x86_64",
          "5Client:vim-minimal-2:7.0.109-3.el5.3.i386",
          "5Client:vim-minimal-2:7.0.109-3.el5.3.ia64",
          "5Client:vim-minimal-2:7.0.109-3.el5.3.ppc",
          "5Client:vim-minimal-2:7.0.109-3.el5.3.s390x",
          "5Client:vim-minimal-2:7.0.109-3.el5.3.x86_64",
          "5Server:vim-2:7.0.109-3.el5.3.src",
          "5Server:vim-X11-2:7.0.109-3.el5.3.i386",
          "5Server:vim-X11-2:7.0.109-3.el5.3.ia64",
          "5Server:vim-X11-2:7.0.109-3.el5.3.ppc",
          "5Server:vim-X11-2:7.0.109-3.el5.3.s390x",
          "5Server:vim-X11-2:7.0.109-3.el5.3.x86_64",
          "5Server:vim-common-2:7.0.109-3.el5.3.i386",
          "5Server:vim-common-2:7.0.109-3.el5.3.ia64",
          "5Server:vim-common-2:7.0.109-3.el5.3.ppc",
          "5Server:vim-common-2:7.0.109-3.el5.3.s390x",
          "5Server:vim-common-2:7.0.109-3.el5.3.x86_64",
          "5Server:vim-debuginfo-2:7.0.109-3.el5.3.i386",
          "5Server:vim-debuginfo-2:7.0.109-3.el5.3.ia64",
          "5Server:vim-debuginfo-2:7.0.109-3.el5.3.ppc",
          "5Server:vim-debuginfo-2:7.0.109-3.el5.3.s390x",
          "5Server:vim-debuginfo-2:7.0.109-3.el5.3.x86_64",
          "5Server:vim-enhanced-2:7.0.109-3.el5.3.i386",
          "5Server:vim-enhanced-2:7.0.109-3.el5.3.ia64",
          "5Server:vim-enhanced-2:7.0.109-3.el5.3.ppc",
          "5Server:vim-enhanced-2:7.0.109-3.el5.3.s390x",
          "5Server:vim-enhanced-2:7.0.109-3.el5.3.x86_64",
          "5Server:vim-minimal-2:7.0.109-3.el5.3.i386",
          "5Server:vim-minimal-2:7.0.109-3.el5.3.ia64",
          "5Server:vim-minimal-2:7.0.109-3.el5.3.ppc",
          "5Server:vim-minimal-2:7.0.109-3.el5.3.s390x",
          "5Server:vim-minimal-2:7.0.109-3.el5.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2438"
        },
        {
          "category": "external",
          "summary": "RHBZ#238734",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238734"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2438",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2438"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2438",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2438"
        }
      ],
      "release_date": "2007-04-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-05-09T13:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:vim-2:7.0.109-3.el5.3.src",
            "5Client:vim-X11-2:7.0.109-3.el5.3.i386",
            "5Client:vim-X11-2:7.0.109-3.el5.3.ia64",
            "5Client:vim-X11-2:7.0.109-3.el5.3.ppc",
            "5Client:vim-X11-2:7.0.109-3.el5.3.s390x",
            "5Client:vim-X11-2:7.0.109-3.el5.3.x86_64",
            "5Client:vim-common-2:7.0.109-3.el5.3.i386",
            "5Client:vim-common-2:7.0.109-3.el5.3.ia64",
            "5Client:vim-common-2:7.0.109-3.el5.3.ppc",
            "5Client:vim-common-2:7.0.109-3.el5.3.s390x",
            "5Client:vim-common-2:7.0.109-3.el5.3.x86_64",
            "5Client:vim-debuginfo-2:7.0.109-3.el5.3.i386",
            "5Client:vim-debuginfo-2:7.0.109-3.el5.3.ia64",
            "5Client:vim-debuginfo-2:7.0.109-3.el5.3.ppc",
            "5Client:vim-debuginfo-2:7.0.109-3.el5.3.s390x",
            "5Client:vim-debuginfo-2:7.0.109-3.el5.3.x86_64",
            "5Client:vim-enhanced-2:7.0.109-3.el5.3.i386",
            "5Client:vim-enhanced-2:7.0.109-3.el5.3.ia64",
            "5Client:vim-enhanced-2:7.0.109-3.el5.3.ppc",
            "5Client:vim-enhanced-2:7.0.109-3.el5.3.s390x",
            "5Client:vim-enhanced-2:7.0.109-3.el5.3.x86_64",
            "5Client:vim-minimal-2:7.0.109-3.el5.3.i386",
            "5Client:vim-minimal-2:7.0.109-3.el5.3.ia64",
            "5Client:vim-minimal-2:7.0.109-3.el5.3.ppc",
            "5Client:vim-minimal-2:7.0.109-3.el5.3.s390x",
            "5Client:vim-minimal-2:7.0.109-3.el5.3.x86_64",
            "5Server:vim-2:7.0.109-3.el5.3.src",
            "5Server:vim-X11-2:7.0.109-3.el5.3.i386",
            "5Server:vim-X11-2:7.0.109-3.el5.3.ia64",
            "5Server:vim-X11-2:7.0.109-3.el5.3.ppc",
            "5Server:vim-X11-2:7.0.109-3.el5.3.s390x",
            "5Server:vim-X11-2:7.0.109-3.el5.3.x86_64",
            "5Server:vim-common-2:7.0.109-3.el5.3.i386",
            "5Server:vim-common-2:7.0.109-3.el5.3.ia64",
            "5Server:vim-common-2:7.0.109-3.el5.3.ppc",
            "5Server:vim-common-2:7.0.109-3.el5.3.s390x",
            "5Server:vim-common-2:7.0.109-3.el5.3.x86_64",
            "5Server:vim-debuginfo-2:7.0.109-3.el5.3.i386",
            "5Server:vim-debuginfo-2:7.0.109-3.el5.3.ia64",
            "5Server:vim-debuginfo-2:7.0.109-3.el5.3.ppc",
            "5Server:vim-debuginfo-2:7.0.109-3.el5.3.s390x",
            "5Server:vim-debuginfo-2:7.0.109-3.el5.3.x86_64",
            "5Server:vim-enhanced-2:7.0.109-3.el5.3.i386",
            "5Server:vim-enhanced-2:7.0.109-3.el5.3.ia64",
            "5Server:vim-enhanced-2:7.0.109-3.el5.3.ppc",
            "5Server:vim-enhanced-2:7.0.109-3.el5.3.s390x",
            "5Server:vim-enhanced-2:7.0.109-3.el5.3.x86_64",
            "5Server:vim-minimal-2:7.0.109-3.el5.3.i386",
            "5Server:vim-minimal-2:7.0.109-3.el5.3.ia64",
            "5Server:vim-minimal-2:7.0.109-3.el5.3.ppc",
            "5Server:vim-minimal-2:7.0.109-3.el5.3.s390x",
            "5Server:vim-minimal-2:7.0.109-3.el5.3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0346"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vim-7 modeline security issue"
    }
  ]
}

CVE-2007-2438 (GCVE-0-2007-2438)

Vulnerability from cvelistv5 – Published: 2007-05-02 21:00 – Updated: 2024-08-07 13:42

Summary

The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://secunia.com/advisories/25024	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/25159	third-party-advisoryx_refsource_SECUNIA
	http://marc.info/?l=vim-dev&m=117762581821298&w=2	mailing-listx_refsource_MLIST
	http://www.securitytracker.com/id?1018035	vdb-entryx_refsource_SECTRACK
	http://www.ubuntu.com/usn/usn-463-1	vendor-advisoryx_refsource_UBUNTU
	http://www.vupen.com/english/advisories/2007/1599	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/25182	third-party-advisoryx_refsource_SECUNIA
	http://www.trustix.org/errata/2007/0017/	vendor-advisoryx_refsource_TRUSTIX
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://tech.groups.yahoo.com/group/vimdev/message/46627	x_refsource_MISC
	http://marc.info/?l=vim-dev&m=117778983714029&w=2	mailing-listx_refsource_MLIST
	http://www.redhat.com/support/errata/RHSA-2007-03…	vendor-advisoryx_refsource_REDHAT
	http://tech.groups.yahoo.com/group/vimdev/message/46658	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.debian.org/security/2007/dsa-1364	vendor-advisoryx_refsource_DEBIAN
	http://tech.groups.yahoo.com/group/vimdev/message/46645	x_refsource_CONFIRM
	http://secunia.com/advisories/26653	third-party-advisoryx_refsource_SECUNIA
	http://attrition.org/pipermail/vim/2007-May/001614.html	mailing-listx_refsource_VIM
	http://www.attrition.org/pipermail/vim/2007-Augus…	mailing-listx_refsource_VIM
	http://www.vim.org/news/news.php	x_refsource_CONFIRM
	https://bugzilla.redhat.com/bugzilla/show_bug.cgi…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/23725	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/467202/100…	mailing-listx_refsource_BUGTRAQ
	http://tech.groups.yahoo.com/group/vimannounce/me…	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/25255	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/25432	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/25367	third-party-advisoryx_refsource_SECUNIA
	http://osvdb.org/36250	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:42:32.149Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25024",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25024"
          },
          {
            "name": "25159",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25159"
          },
          {
            "name": "[vim-dev] 20070426 feedkeys() allowed in sandbox",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=vim-dev\u0026m=117762581821298\u0026w=2"
          },
          {
            "name": "1018035",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018035"
          },
          {
            "name": "USN-463-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-463-1"
          },
          {
            "name": "ADV-2007-1599",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1599"
          },
          {
            "name": "25182",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25182"
          },
          {
            "name": "2007-0017",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2007/0017/"
          },
          {
            "name": "SUSE-SR:2007:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_12_sr.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://tech.groups.yahoo.com/group/vimdev/message/46627"
          },
          {
            "name": "[vim-dev] 20070428 Re: feedkeys() allowed in sandbox",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=vim-dev\u0026m=117778983714029\u0026w=2"
          },
          {
            "name": "RHSA-2007:0346",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0346.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://tech.groups.yahoo.com/group/vimdev/message/46658"
          },
          {
            "name": "vim-feedkeyswritefile-command-execution(34012)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34012"
          },
          {
            "name": "DSA-1364",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1364"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tech.groups.yahoo.com/group/vimdev/message/46645"
          },
          {
            "name": "26653",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26653"
          },
          {
            "name": "20070513 OMG VIM VULN",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://attrition.org/pipermail/vim/2007-May/001614.html"
          },
          {
            "name": "20070823 vim editor duplicates / clarifications",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-August/001770.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vim.org/news/news.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238259"
          },
          {
            "name": "23725",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23725"
          },
          {
            "name": "20070430 FLEA-2007-0014-1: vim",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/467202/100/0/threaded"
          },
          {
            "name": "[vimannounce] 20070512 Stable Vim version 7.1 has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://tech.groups.yahoo.com/group/vimannounce/message/178"
          },
          {
            "name": "25255",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25255"
          },
          {
            "name": "oval:org.mitre.oval:def:9876",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9876"
          },
          {
            "name": "MDKSA-2007:101",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:101"
          },
          {
            "name": "25432",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25432"
          },
          {
            "name": "25367",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25367"
          },
          {
            "name": "36250",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36250"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "25024",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25024"
        },
        {
          "name": "25159",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25159"
        },
        {
          "name": "[vim-dev] 20070426 feedkeys() allowed in sandbox",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=vim-dev\u0026m=117762581821298\u0026w=2"
        },
        {
          "name": "1018035",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018035"
        },
        {
          "name": "USN-463-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-463-1"
        },
        {
          "name": "ADV-2007-1599",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1599"
        },
        {
          "name": "25182",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25182"
        },
        {
          "name": "2007-0017",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2007/0017/"
        },
        {
          "name": "SUSE-SR:2007:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_12_sr.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://tech.groups.yahoo.com/group/vimdev/message/46627"
        },
        {
          "name": "[vim-dev] 20070428 Re: feedkeys() allowed in sandbox",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=vim-dev\u0026m=117778983714029\u0026w=2"
        },
        {
          "name": "RHSA-2007:0346",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0346.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://tech.groups.yahoo.com/group/vimdev/message/46658"
        },
        {
          "name": "vim-feedkeyswritefile-command-execution(34012)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34012"
        },
        {
          "name": "DSA-1364",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1364"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tech.groups.yahoo.com/group/vimdev/message/46645"
        },
        {
          "name": "26653",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26653"
        },
        {
          "name": "20070513 OMG VIM VULN",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://attrition.org/pipermail/vim/2007-May/001614.html"
        },
        {
          "name": "20070823 vim editor duplicates / clarifications",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-August/001770.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vim.org/news/news.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238259"
        },
        {
          "name": "23725",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23725"
        },
        {
          "name": "20070430 FLEA-2007-0014-1: vim",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/467202/100/0/threaded"
        },
        {
          "name": "[vimannounce] 20070512 Stable Vim version 7.1 has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://tech.groups.yahoo.com/group/vimannounce/message/178"
        },
        {
          "name": "25255",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25255"
        },
        {
          "name": "oval:org.mitre.oval:def:9876",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9876"
        },
        {
          "name": "MDKSA-2007:101",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:101"
        },
        {
          "name": "25432",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25432"
        },
        {
          "name": "25367",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25367"
        },
        {
          "name": "36250",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36250"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-2438",
    "datePublished": "2007-05-02T21:00:00",
    "dateReserved": "2007-05-01T00:00:00",
    "dateUpdated": "2024-08-07T13:42:32.149Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2007:0346

CVE-2007-2438 (GCVE-0-2007-2438)

Tags

Sightings

Nomenclature