SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2022:2102-1)

critical Nessus Plugin ID 162382

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2102-1 advisory.

- fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. (CVE-2017-17087)

- vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3778, CVE-2021-3872, CVE-2021-3875, CVE-2021-3903, CVE-2021-3927, CVE-2021-3968, CVE-2021-3973, CVE-2021-3984, CVE-2021-4019, CVE-2021-4136, CVE-2022-0213)

- vim is vulnerable to Use After Free (CVE-2021-3796, CVE-2021-3974, CVE-2021-4069, CVE-2021-4192)

- vim is vulnerable to Use of Uninitialized Variable (CVE-2021-3928)

- vim is vulnerable to Out-of-bounds Read (CVE-2021-4166, CVE-2021-4193, CVE-2022-0128)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0261, CVE-2022-0359, CVE-2022-0361, CVE-2022-0407)

- Heap-based Buffer Overflow in vim/vim prior to 8.2. (CVE-2022-0318)

- Out-of-bounds Read in vim/vim prior to 8.2. (CVE-2022-0319)

- Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
(CVE-2022-0351)

- Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. (CVE-2022-0392)

- Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-0413, CVE-2022-1898)

- NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. (CVE-2022-0696)

- global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution (CVE-2022-1381)

- Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. (CVE-2022-1420)

- Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution (CVE-2022-1616)

- Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
This vulnerabilities are capable of crashing software, modify memory, and possible remote execution (CVE-2022-1619)

- NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. (CVE-2022-1620)

- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. (CVE-2022-1733)

- Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. (CVE-2022-1735)

- Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. (CVE-2022-1771)

- Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)

- Use After Free in GitHub repository vim/vim prior to 8.2.4979. (CVE-2022-1796)

- Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1851)

- Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897)

- Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-1927)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1070955

https://bugzilla.suse.com/1191770

https://bugzilla.suse.com/1192167

https://bugzilla.suse.com/1192902

https://bugzilla.suse.com/1192903

https://bugzilla.suse.com/1192904

https://bugzilla.suse.com/1193466

https://bugzilla.suse.com/1193905

https://bugzilla.suse.com/1194093

https://bugzilla.suse.com/1194216

https://bugzilla.suse.com/1194217

https://bugzilla.suse.com/1194388

https://bugzilla.suse.com/1194872

https://bugzilla.suse.com/1194885

https://www.suse.com/security/cve/CVE-2021-46059

https://www.suse.com/security/cve/CVE-2022-0128

https://www.suse.com/security/cve/CVE-2022-0213

https://www.suse.com/security/cve/CVE-2022-0261

https://www.suse.com/security/cve/CVE-2022-0318

https://www.suse.com/security/cve/CVE-2022-0319

https://www.suse.com/security/cve/CVE-2022-0351

https://www.suse.com/security/cve/CVE-2022-0359

https://www.suse.com/security/cve/CVE-2022-0361

https://www.suse.com/security/cve/CVE-2022-0392

https://www.suse.com/security/cve/CVE-2022-0407

https://www.suse.com/security/cve/CVE-2022-0413

https://www.suse.com/security/cve/CVE-2022-0696

https://www.suse.com/security/cve/CVE-2022-1381

https://www.suse.com/security/cve/CVE-2022-1420

https://www.suse.com/security/cve/CVE-2022-1616

https://www.suse.com/security/cve/CVE-2022-1619

https://www.suse.com/security/cve/CVE-2022-1620

https://www.suse.com/security/cve/CVE-2022-1733

https://www.suse.com/security/cve/CVE-2022-1735

https://www.suse.com/security/cve/CVE-2022-1771

https://www.suse.com/security/cve/CVE-2022-1785

https://www.suse.com/security/cve/CVE-2022-1796

https://bugzilla.suse.com/1195004

https://bugzilla.suse.com/1195203

https://bugzilla.suse.com/1195332

https://bugzilla.suse.com/1195354

https://bugzilla.suse.com/1196361

https://bugzilla.suse.com/1198596

https://bugzilla.suse.com/1198748

https://bugzilla.suse.com/1199331

https://bugzilla.suse.com/1199333

https://bugzilla.suse.com/1199334

https://bugzilla.suse.com/1199651

https://bugzilla.suse.com/1199655

https://bugzilla.suse.com/1199693

https://bugzilla.suse.com/1199745

https://bugzilla.suse.com/1199747

https://bugzilla.suse.com/1199936

https://bugzilla.suse.com/1200010

https://bugzilla.suse.com/1200011

https://bugzilla.suse.com/1200012

https://www.suse.com/security/cve/CVE-2017-17087

https://www.suse.com/security/cve/CVE-2021-3778

https://www.suse.com/security/cve/CVE-2021-3796

https://www.suse.com/security/cve/CVE-2021-3872

https://www.suse.com/security/cve/CVE-2021-3875

https://www.suse.com/security/cve/CVE-2021-3903

https://www.suse.com/security/cve/CVE-2021-3927

https://www.suse.com/security/cve/CVE-2021-3928

https://www.suse.com/security/cve/CVE-2021-3968

https://www.suse.com/security/cve/CVE-2021-3973

https://www.suse.com/security/cve/CVE-2021-3974

https://www.suse.com/security/cve/CVE-2021-3984

https://www.suse.com/security/cve/CVE-2021-4019

https://www.suse.com/security/cve/CVE-2021-4069

https://www.suse.com/security/cve/CVE-2021-4136

https://www.suse.com/security/cve/CVE-2021-4166

https://www.suse.com/security/cve/CVE-2021-4192

https://www.suse.com/security/cve/CVE-2021-4193

https://www.suse.com/security/cve/CVE-2022-1851

https://www.suse.com/security/cve/CVE-2022-1897

https://www.suse.com/security/cve/CVE-2022-1898

https://www.suse.com/security/cve/CVE-2022-1927

http://www.nessus.org/u?3d03ccc8

Plugin Details

Severity: Critical

ID: 162382

File Name: suse_SU-2022-2102-1.nasl

Version: 1.7

Type: local

Agent: unix

Published: 6/17/2022

Updated: 7/13/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-3973

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-0318

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:vim-data, p-cpe:/a:novell:suse_linux:gvim, p-cpe:/a:novell:suse_linux:vim, p-cpe:/a:novell:suse_linux:vim-data-common, p-cpe:/a:novell:suse_linux:vim-small, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/16/2022

Vulnerability Publication Date: 12/1/2017

Reference Information

CVE: CVE-2017-17087, CVE-2021-3778, CVE-2021-3796, CVE-2021-3872, CVE-2021-3875, CVE-2021-3903, CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019, CVE-2021-4069, CVE-2021-4136, CVE-2021-4166, CVE-2021-4192, CVE-2021-4193, CVE-2021-46059, CVE-2022-0128, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0407, CVE-2022-0413, CVE-2022-0696, CVE-2022-1381, CVE-2022-1420, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1733, CVE-2022-1735, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1897, CVE-2022-1898, CVE-2022-1927

SuSE: SUSE-SU-2022:2102-1