Vim Shell Command Injection Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with Vim and is prone to Command Injection Vulnerability.

Impact

Successful exploitation will let the attacker execute arbitrary shell commands to compromise the system. Impact Level: Application

Solution

Upgrade to version 7.2 http://www.vim.org/download.php

Insight

This error is due to the 'filetype.vim', 'tar.vim', 'zip.vim', 'xpm.vim', 'xpm2.vim', 'gzip.vim', and 'netrw.vim' scripts whcih are insufficiently filtering special characters.

Affected

Vim version prior to 7.2 on Linux.

References

http://secunia.com/advisories/30731/
http://www.rdancer.org/vulnerablevim-shellescape.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2712, CVE-2008-3074, CVE-2008-3075, CVE-2008-3076

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)

Take action and discover your vulnerabilities