vim-7.0.109-4.4z.1AXS3

エラータID: AXSA:2008-498:01

Release date: 
Wednesday, December 17, 2008 - 16:07
Subject: 
vim-7.0.109-4.4z.1AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Asianux Server 3 for ppc
Asianux Server 3 for ia64
Severity: 
High
Description: 

VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-enhanced package contains a version of VIM with extra, recently introduced features like Python and Perl interpreters.
Bugs fixed:
CVE-2007-2953
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
CVE-2008-2712
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (2) zipplugin, (3) xpm.vim, (4) gzip_vim, and (5) netrw.
CVE-2008-3074
Description not available at time of writing, see CVE links below.
CVE-2008-3075
Description not available at time of writing, see CVE links below.
CVE-2008-3076
Description not available at time of writing, see CVE links below.
CVE-2008-4101
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ; (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) Ctrl-] (control close-square-bracket) or (3) g] (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

Solution: 

Update packages

CVEs: 
CVE-2007-2953
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
CVE-2008-2712
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
CVE-2008-3074
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
CVE-2008-3075
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
CVE-2008-3076
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.
CVE-2008-4101
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.




Additional Info: 

N/A

Download: 

SRPMS
  1. vim-7.0.109-4.4z.1AXS3.src.rpm
    MD5: d7e5e585da26c26ec277e827d0b4ebb9
    SHA-256: ce5244765d30828a63cbe73628333a2bf9f6705851932104c6d0971701ede6bc
    Size: 11.10 MB

Asianux Server 3 for x86
  1. vim-common-7.0.109-4.4z.1AXS3.i386.rpm
    MD5: 4a61f51d0defca8d1ec15db37492ea04
    SHA-256: 6e22c1de2adf6a1538fd798e1d7f9bf80231ff91c75a9f4579ba577d8d93208d
    Size: 6.50 MB
  2. vim-enhanced-7.0.109-4.4z.1AXS3.i386.rpm
    MD5: 61a80359aff9d0c56ec9393ea46adceb
    SHA-256: c9851769f76ed8c4ecb187125aad6068a2c60362a22595c789351b1a084c69e7
    Size: 1.26 MB
  3. vim-minimal-7.0.109-4.4z.1AXS3.i386.rpm
    MD5: f875e6c2dcc0189a06bfcdf8e7c4beea
    SHA-256: 97996f989dfec3ec32eb3f7d8dbb0b119084a8dec1682ca651f769502b2c08cd
    Size: 315.32 kB
  4. vim-X11-7.0.109-4.4z.1AXS3.i386.rpm
    MD5: 281cbe3d5f6cb38f2636581ba71b9694
    SHA-256: 1db67048a4e2404bf8c2f49b0c4f29d3efc68f9af59e3e2cb0424baba95fe0b9
    Size: 1.39 MB

Asianux Server 3 for x86_64
  1. vim-common-7.0.109-4.4z.1AXS3.x86_64.rpm
    MD5: 755abd5f457fa99fdf49af0009dab005
    SHA-256: c5969218243bb6c139800bbbd1252f7920cb793645e9dae5ed9f04fdcd4ed040
    Size: 6.50 MB
  2. vim-enhanced-7.0.109-4.4z.1AXS3.x86_64.rpm
    MD5: 8a5edac45a432a4ded03aed99b9f3cbc
    SHA-256: 951ff392422865d37227b8ef34f63afcd8539e1e0d468c3dbdf653d54f1b138f
    Size: 1.32 MB
  3. vim-minimal-7.0.109-4.4z.1AXS3.x86_64.rpm
    MD5: de0da90cbc1c4da63ca0a47716ff5b5b
    SHA-256: 79f61667a6f6afd2b47f714a0fc9dbfaaf18d4e434f90d1506f6cd9640331b32
    Size: 340.89 kB
  4. vim-X11-7.0.109-4.4z.1AXS3.x86_64.rpm
    MD5: 0265778ed62716b09dfa2459abfb6192
    SHA-256: 18296ff2a22a3f9c0c6ec650660f6763913bf2ba5538d3e79c5a684b54c683ce
    Size: 1.04 MB