Vulnerability Details : CVE-2008-3076
Potential exploit
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.
Vulnerability category: Execute code
Products affected by CVE-2008-3076
- cpe:2.3:a:vim:vim:7.2a.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3076
10.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3076
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-3076
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-3076
-
Red Hat 2009-02-25Not vulnerable. This issue did not affect the versions of the Vim packages, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. Note: This CVE is mentioned in the text of RHSA-2008:0580 (https://rhn.redhat.com/errata/RHSA-2008-0580.html), as it was originally used to track multiple issues. Issues that affected Vim packages in Red Hat Enterprise Linux 5 were later assigned separate CVE identifier - CVE-2008-6235. Neither of issues currently covered by CVE-2008-3076 (insufficient shell escaping in mz and mc commands) affected Vim packages shipped with Red Hat Enterprise Linux 5.
References for CVE-2008-3076
-
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:007 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919
#506919 - vim: multiple vulnerabilities (CVE-2008-3074, CVE-2008-3075, and CVE-2008-3076) - Debian Bug report logs
-
http://www.openwall.com/lists/oss-security/2008/07/07/4
oss-security - Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10Exploit;Patch
-
http://www.securityfocus.com/bid/30115
Exploit
-
http://www.openwall.com/lists/oss-security/2008/10/20/2
oss-security - CVE request (vim)
-
http://www.openwall.com/lists/oss-security/2008/07/08/12
oss-security - Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10
-
http://www.rdancer.org/vulnerablevim-netrw.v2.html
Exploit;Patch;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0580.html
Support
-
http://marc.info/?l=oss-security&m=122416184431388&w=2
'[oss-security] CVE request - Vim netrw.plugin' - MARCExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/43624
Netrw plugin for VIM multiple code execution CVE-2008-3076 Vulnerability Report
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324
-
http://www.rdancer.org/vulnerablevim-netrw.html
Exploit;Patch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=121494431426308&w=2
'Re: Collection of Vulnerabilities in Fully Patched Vim 7.1' - MARC
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
Mandriva
-
http://www.openwall.com/lists/oss-security/2008/07/07/1
oss-security - Re: More arbitrary code executions in Netrw version 125, Vim 7.2a.10Exploit
Jump to