Detections
Analytics

FreeBSD : vim -- vulnerabilities in modeline handling: glob, expand (81f127a8-0038-11da-86bc-000e0c2e438a)

high Nessus Plugin ID 19348

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Georgi Guninski discovered a way to construct Vim modelines that execute arbitrary shell commands. The vulnerability can be exploited by including shell commands in modelines that call the glob() or expand() functions. An attacker could trick an user to read or edit a trojaned file with modelines enabled, after which the attacker is able to execute arbitrary commands with the privileges of the user.

Note: It is generally recommended that VIM users use set nomodeline in ~/.vimrc to avoid the possibility of trojaned text files.

Solution

Update the affected packages.

See Also

http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html

http://www.nessus.org/u?159b99e3

Plugin Details

Severity: High

ID: 19348

File Name: freebsd_pkg_81f127a8003811da86bc000e0c2e438a.nasl

Version: 1.17

Type: local

Published: 8/1/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:vim, p-cpe:/a:freebsd:freebsd:vim%2bruby, p-cpe:/a:freebsd:freebsd:vim-console, p-cpe:/a:freebsd:freebsd:vim-lite, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 7/31/2005

Vulnerability Publication Date: 7/25/2005

Reference Information

CVE: CVE-2005-2368

BID: 14374