vim-7.0.109-4.4z.1AXS3
エラータID: AXSA:2008-498:01
リリース日:
2008/12/17 Wednesday - 16:07
題名:
vim-7.0.109-4.4z.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Asianux Server 3 for ppc
Asianux Server 3 for ia64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Vim の src/ex_cmds.c に含まれる helptags_one 関数には、ヘルプファイルの help-tags タグに不備があるため、フォーマットストリングの脆弱性が存在します。 (CVE-2007-2953)
- Vim には、Vim スクリプトの呼び出し前に適切に入力をサニタイズしないため、任意のコマンドを実行される脆弱性が存在します。 (CVE-2008-2712)
- Vim には、エスケープ文字を適切に処理しないため、任意のシェルコマンドを実行される、または Ex コマンドを実行される脆弱性が存在します。
本問題は CVE-2008-2712 とは異なる問題です。(CVE-2008-4101)
- Vim のプラグインに複数の脆弱性が存在します。 (CVE-2008-3074)(CVE-2008-3075)(CVE-2008-3076)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2007-2953
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
CVE-2008-2712
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
CVE-2008-3074
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
CVE-2008-3075
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
CVE-2008-3076
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.
CVE-2008-4101
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.
追加情報:
N/A
ダウンロード:
SRPMS
- vim-7.0.109-4.4z.1AXS3.src.rpm
MD5: d7e5e585da26c26ec277e827d0b4ebb9
SHA-256: ce5244765d30828a63cbe73628333a2bf9f6705851932104c6d0971701ede6bc
Size: 11.10 MB
Asianux Server 3 for x86
- vim-common-7.0.109-4.4z.1AXS3.i386.rpm
MD5: 4a61f51d0defca8d1ec15db37492ea04
SHA-256: 6e22c1de2adf6a1538fd798e1d7f9bf80231ff91c75a9f4579ba577d8d93208d
Size: 6.50 MB - vim-enhanced-7.0.109-4.4z.1AXS3.i386.rpm
MD5: 61a80359aff9d0c56ec9393ea46adceb
SHA-256: c9851769f76ed8c4ecb187125aad6068a2c60362a22595c789351b1a084c69e7
Size: 1.26 MB - vim-minimal-7.0.109-4.4z.1AXS3.i386.rpm
MD5: f875e6c2dcc0189a06bfcdf8e7c4beea
SHA-256: 97996f989dfec3ec32eb3f7d8dbb0b119084a8dec1682ca651f769502b2c08cd
Size: 315.32 kB - vim-X11-7.0.109-4.4z.1AXS3.i386.rpm
MD5: 281cbe3d5f6cb38f2636581ba71b9694
SHA-256: 1db67048a4e2404bf8c2f49b0c4f29d3efc68f9af59e3e2cb0424baba95fe0b9
Size: 1.39 MB
Asianux Server 3 for x86_64
- vim-common-7.0.109-4.4z.1AXS3.x86_64.rpm
MD5: 755abd5f457fa99fdf49af0009dab005
SHA-256: c5969218243bb6c139800bbbd1252f7920cb793645e9dae5ed9f04fdcd4ed040
Size: 6.50 MB - vim-enhanced-7.0.109-4.4z.1AXS3.x86_64.rpm
MD5: 8a5edac45a432a4ded03aed99b9f3cbc
SHA-256: 951ff392422865d37227b8ef34f63afcd8539e1e0d468c3dbdf653d54f1b138f
Size: 1.32 MB - vim-minimal-7.0.109-4.4z.1AXS3.x86_64.rpm
MD5: de0da90cbc1c4da63ca0a47716ff5b5b
SHA-256: 79f61667a6f6afd2b47f714a0fc9dbfaaf18d4e434f90d1506f6cd9640331b32
Size: 340.89 kB - vim-X11-7.0.109-4.4z.1AXS3.x86_64.rpm
MD5: 0265778ed62716b09dfa2459abfb6192
SHA-256: 18296ff2a22a3f9c0c6ec650660f6763913bf2ba5538d3e79c5a684b54c683ce
Size: 1.04 MB