CVE-2008-6235 - OpenCVE

The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Vim	Vim

Configuration 1 [-]

OR	cpe:2.3:a:vim:vim:7.0:::::::*
	cpe:2.3:a:vim:vim:7.1:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://secunia.com/advisories/34418
http://www.openwall.com/lists/oss-security/2008/10/16/2	Exploit
http://www.openwall.com/lists/oss-security/2008/10/20/2
http://www.rdancer.org/vulnerablevim-netrw.html	Exploit Patch Vendor Advisory
http://www.rdancer.org/vulnerablevim-netrw.v2.html	Patch
http://www.rdancer.org/vulnerablevim-netrw.v5.html	Exploit Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0580.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11247

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-02-21T23:00:00

Updated: 2017-09-28T12:57:01

Reserved: 2009-02-21T00:00:00

Link: CVE-2008-6235

JSON object: View

NVD Information

Status : Modified

Published: 2009-02-21T23:30:00.233

Modified: 2017-09-29T01:33:02.510

Link: CVE-2008-6235

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-07-07T00:00:00", "descriptions": [{"lang": "en", "value": "The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) \"D\" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SR:2009:007", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rdancer.org/vulnerablevim-netrw.v5.html"}, {"name": "[oss-security] 20081020 CVE request (vim)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rdancer.org/vulnerablevim-netrw.html"}, {"name": "[oss-security] 20081016 CVE request - Vim netrw.plugin", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/16/2"}, {"name": "RHSA-2008:0580", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"}, {"name": "34418", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34418"}, {"name": "oval:org.mitre.oval:def:11247", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11247"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6235", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) \"D\" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SR:2009:007", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"}, {"name": "http://www.rdancer.org/vulnerablevim-netrw.v5.html", "refsource": "MISC", "url": "http://www.rdancer.org/vulnerablevim-netrw.v5.html"}, {"name": "[oss-security] 20081020 CVE request (vim)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"}, {"name": "http://www.rdancer.org/vulnerablevim-netrw.html", "refsource": "MISC", "url": "http://www.rdancer.org/vulnerablevim-netrw.html"}, {"name": "[oss-security] 20081016 CVE request - Vim netrw.plugin", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/16/2"}, {"name": "RHSA-2008:0580", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"}, {"name": "34418", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34418"}, {"name": "oval:org.mitre.oval:def:11247", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11247"}, {"name": "http://www.rdancer.org/vulnerablevim-netrw.v2.html", "refsource": "MISC", "url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6235", "datePublished": "2009-02-21T23:00:00", "dateReserved": "2009-02-21T00:00:00", "dateUpdated": "2017-09-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "97CCAA40-55CE-4AB9-9268-AADA06E29B9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A8C5B265-A7DD-4D24-864C-BF1FEEF8F138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) \"D\" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases."}, {"lang": "es", "value": "El plugin Netrw (netrw.vim) en Vim v7.0 y v7.1 permite a atacantes asistidos por el usuario ejecutar comandos de su elecci\u00f3n a trav\u00e9s de metacaracteres de l\u00ednea de comandos en un fichero utilizado por (1) comando \"D\" (borrar) o (2) variable b:netrw_curdir, como ha sido demostrado utilizando los casos de prueba netrw.v4 y netrw.v5."}], "id": "CVE-2008-6235", "lastModified": "2017-09-29T01:33:02.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-02-21T23:30:00.233", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/34418"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2008/10/16/2"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.rdancer.org/vulnerablevim-netrw.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.rdancer.org/vulnerablevim-netrw.v5.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11247"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}