Vulnerability Details : CVE-2008-4101
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.
Vulnerability category: Input validation
Products affected by CVE-2008-4101
- cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.8:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.7:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-4101
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-4101
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-4101
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4101
-
http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
Exploit
-
http://www.vupen.com/english/advisories/2009/0033
Site en construction
-
http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
-
http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
Patch
-
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
Bug with v_K and potentially K commandPatch
-
http://www.securityfocus.com/bid/30795
-
http://www.vupen.com/english/advisories/2009/0904
Site en construction
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812
404 Not Found
-
http://www.securityfocus.com/archive/1/502322/100/0/threaded
-
http://www.openwall.com/lists/oss-security/2008/09/16/6
oss-security - Re: [oss-list] CVE request (vim)
-
http://www.redhat.com/support/errata/RHSA-2008-0618.html
Support
-
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
-
http://www.rdancer.org/vulnerablevim-K.html
-
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
ASA-2009-001 (RHSA-2008-0617)
-
http://www.openwall.com/lists/oss-security/2008/09/16/5
oss-security - Re: [oss-list] CVE request (vim)
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
Vim normal.c command execution CVE-2008-4101 Vulnerability Report
-
http://www.redhat.com/support/errata/RHSA-2008-0580.html
Support
-
https://bugzilla.redhat.com/show_bug.cgi?id=461927
461927 – (CVE-2008-4101) CVE-2008-4101 vim: arbitrary code execution in commands: K, Control-], g]
-
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
ASA-2008-457 (RHSA-2008-0618)
-
http://support.apple.com/kb/HT4077
About the security content of Security Update 2010-002 / Mac OS X v10.6.3 - Apple Support
-
http://www.ubuntu.com/usn/USN-712-1
USN-712-1: Vim vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.redhat.com/support/errata/RHSA-2008-0617.html
Support
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894
404 Not Found
-
http://www.securityfocus.com/archive/1/495662
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
Mandriva
-
http://www.vupen.com/english/advisories/2008/2780
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.openwall.com/lists/oss-security/2008/09/11/4
oss-security - Re: [oss-list] CVE request (vim)
-
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
Bug with v_K and potentially K commandExploit
-
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Apple - Lists.apple.com
-
http://support.apple.com/kb/HT3216
About Security Update 2008-007 - Apple Support
-
http://www.openwall.com/lists/oss-security/2008/09/11/3
oss-security - [oss-list] CVE request (vim)
-
http://www.securityfocus.com/bid/31681
-
http://www.securityfocus.com/archive/1/495703
-
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
Support Content Notification - Support Portal - Broadcom support portal
Jump to