CVE-2008-3432 - OpenCVE

Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Vim	Vim

Configuration 1 [-]

OR	cpe:2.3:a:vim:vim:6.2:::::::*
	cpe:2.3:a:vim:vim:6.3:::::::*

References

Link	Resource
ftp://ftp.vim.org/pub/vim/patches/6.2.429
ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	Patch Vendor Advisory
http://secunia.com/advisories/32222	Vendor Advisory
http://secunia.com/advisories/32858
http://secunia.com/advisories/33410
http://support.apple.com/kb/HT3216	Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
http://www.openwall.com/lists/oss-security/2008/07/15/4
http://www.openwall.com/lists/oss-security/2008/08/01/1
http://www.redhat.com/support/errata/RHSA-2008-0617.html
http://www.securityfocus.com/archive/1/502322/100/0/threaded
http://www.securityfocus.com/bid/30648
http://www.securityfocus.com/bid/31681	Patch
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/0033
http://www.vupen.com/english/advisories/2009/0904
https://bugzilla.redhat.com/show_bug.cgi?id=455455
https://exchange.xforce.ibmcloud.com/vulnerabilities/44722
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2008-10-10T10:00:00

Updated: 2018-10-11T19:57:01

Reserved: 2008-07-31T00:00:00

Link: CVE-2008-3432

JSON object: View

NVD Information

Status : Modified

Published: 2008-10-10T10:30:03.043

Modified: 2023-02-13T02:19:22.427

Link: CVE-2008-3432

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-09T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"}, {"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"}, {"name": "31681", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31681"}, {"name": "32858", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32858"}, {"name": "33410", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33410"}, {"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "ftp://ftp.vim.org/pub/vim/patches/6.2.429"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"}, {"name": "ADV-2009-0904", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0904"}, {"name": "ADV-2009-0033", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0033"}, {"name": "oval:org.mitre.oval:def:11203", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203"}, {"name": "oval:org.mitre.oval:def:5987", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987"}, {"name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"}, {"name": "32222", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32222"}, {"name": "vim-mchexpandwildcards-bo(44722)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44722"}, {"name": "30648", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30648"}, {"name": "ADV-2008-2780", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"tags": ["x_refsource_CONFIRM"], "url": "ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=455455"}, {"name": "APPLE-SA-2008-10-09", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3216"}, {"name": "RHSA-2008:0617", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-3432", "datePublished": "2008-10-10T10:00:00", "dateReserved": "2008-07-31T00:00:00", "dateUpdated": "2018-10-11T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "464D5E9A-EB5A-47AB-8657-15A68AD30D59", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "6F4F51CA-18C1-4043-B4E6-F1AD9D3C1346", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n mch_expand_wildcard en os_unix.c en Vim v6.2 y v6.3 permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante metacaracteres del interprete de comandos en el nombre de los ficheros, como se ha demostrado por el caso de prueba netrw.v3."}], "id": "CVE-2008-3432", "lastModified": "2023-02-13T02:19:22.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-10-10T10:30:03.043", "references": [{"source": "secalert@redhat.com", "url": "ftp://ftp.vim.org/pub/vim/patches/6.2.429"}, {"source": "secalert@redhat.com", "url": "ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32222"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/32858"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33410"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT3216"}, {"source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/30648"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/31681"}, {"source": "secalert@redhat.com", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2009/0033"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2009/0904"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=455455"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44722"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}