CVE-2007-2438
published 2007-05-02CVE-2007-2438: The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell…
PriorityP335high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
3.22%
86.6th percentile
The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vim | < vim 1:7.1-022+1 (bookworm) | vim 1:7.1-022+1 (bookworm) |
| vim | vim | >= 0 < 1:7.1-022+1 | 1:7.1-022+1 |
| vim | vim | >= 0 < 1:7.1-022+1 | 1:7.1-022+1 |
| vim | vim | >= 0 < 1:7.1-022+1 | 1:7.1-022+1 |
| vim | vim | >= 0 < 1:7.1-022+1 | 1:7.1-022+1 |
| vim_development_group | vim | — | — |
CVSS provenance
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6LOW
vendor_redhat7.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
vim vulnerability
vendor_ubuntu·2007-05-23
CVE-2007-2438 vim vulnerability
Title: vim vulnerability
Summary: vim vulnerability
Tomas Golembiovsky discovered that some vim commands were accidentally
allowed in modelines. By tricking a user into opening a specially
crafted file in vim, an attacker could execute arbitrary code with user
privileges.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
vim-7 modeline security issue
vendor_redhat·2007-04-26·CVSS 7.6
CVE-2007-2438 [HIGH] vim-7 modeline security issue
vim-7 modeline security issue
The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.
Debian
CVE-2007-2438: vim - The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedke...
vendor_debian·2007·CVSS 7.6
CVE-2007-2438 [HIGH] CVE-2007-2438: vim - The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedke...
The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.
Scope: local
bookworm: resolved (fixed in 1:7.1-022+1)
bullseye: resolved (fixed in 1:7.1-022+1)
forky: resolved (fixed in 1:7.1-022+1)
sid: resolved (fixed in 1:7.1-022+1)
trixie: resolved (fixed in 1:7.1-022+1)
GHSA
GHSA-x2f5-352x-j9w7: The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execu
ghsa_unreviewed·2022-05-01
CVE-2007-2438 [HIGH] GHSA-x2f5-352x-j9w7: The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execu
The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.
OSV
CVE-2007-2438: The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execu
osv·2007-05-02·CVSS 7.6
CVE-2007-2438 [HIGH] CVE-2007-2438: The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execu
The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-2438 vim-7 modeline security issue
bugzilla·2007-05-02·CVSS 7.6
CVE-2007-2438 [HIGH] CVE-2007-2438 vim-7 modeline security issue
CVE-2007-2438 vim-7 modeline security issue
+++ This bug was initially created as a clone of Bug #238259 +++
Description of problem:
from the vim developer list:
> today somebody came to #vim, and pasted some modeline (containig joke or
> > such). He muttered something about not knowing what that means and left
> > before long. But (!) what I noticed is that feedkeys() was used as part of
> > foldexpression and it turned out that feedkeys() is allowed in sandbox,
> > which means malicious file can run arbitrary command via modeline like
> > this:
> >
> > vim: fdm=expr fde=feedkeys("\\:!touch\ phantom_was_here\\")
> >
> > I guess you can see the consequences. Is this known/intentional?
> That's pretty nasty. I'll make a patch right away.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This comment is fro
Bugzilla
CVE-2007-2438 vim-7 modeline security issue
bugzilla·2007-04-28·CVSS 7.6
CVE-2007-2438 [HIGH] CVE-2007-2438 vim-7 modeline security issue
CVE-2007-2438 vim-7 modeline security issue
Description of problem:
from the vim developer list:
> today somebody came to #vim, and pasted some modeline (containig joke or
> > such). He muttered something about not knowing what that means and left
> > before long. But (!) what I noticed is that feedkeys() was used as part of
> > foldexpression and it turned out that feedkeys() is allowed in sandbox,
> > which means malicious file can run arbitrary command via modeline like
> > this:
> >
> > vim: fdm=expr fde=feedkeys("\\:!touch\ phantom_was_here\\")
> >
> > I guess you can see the consequences. Is this known/intentional?
> That's pretty nasty. I'll make a patch right away.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This comment is from Bram Moolenaar, the upstream VIM maintainer
This issue is alrea
http://attrition.org/pipermail/vim/2007-May/001614.htmlhttp://marc.info/?l=vim-dev&m=117762581821298&w=2http://marc.info/?l=vim-dev&m=117778983714029&w=2http://osvdb.org/36250http://secunia.com/advisories/25024http://secunia.com/advisories/25159http://secunia.com/advisories/25182http://secunia.com/advisories/25255http://secunia.com/advisories/25367http://secunia.com/advisories/25432http://secunia.com/advisories/26653http://tech.groups.yahoo.com/group/vimannounce/message/178http://tech.groups.yahoo.com/group/vimdev/message/46627http://tech.groups.yahoo.com/group/vimdev/message/46645http://tech.groups.yahoo.com/group/vimdev/message/46658http://www.attrition.org/pipermail/vim/2007-August/001770.htmlhttp://www.debian.org/security/2007/dsa-1364http://www.mandriva.com/security/advisories?name=MDKSA-2007:101http://www.novell.com/linux/security/advisories/2007_12_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0346.htmlhttp://www.securityfocus.com/archive/1/467202/100/0/threadedhttp://www.securityfocus.com/bid/23725http://www.securitytracker.com/id?1018035http://www.trustix.org/errata/2007/0017/http://www.ubuntu.com/usn/usn-463-1http://www.vim.org/news/news.phphttp://www.vupen.com/english/advisories/2007/1599https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238259https://exchange.xforce.ibmcloud.com/vulnerabilities/34012https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9876http://attrition.org/pipermail/vim/2007-May/001614.htmlhttp://marc.info/?l=vim-dev&m=117762581821298&w=2http://marc.info/?l=vim-dev&m=117778983714029&w=2http://osvdb.org/36250http://secunia.com/advisories/25024http://secunia.com/advisories/25159http://secunia.com/advisories/25182http://secunia.com/advisories/25255http://secunia.com/advisories/25367http://secunia.com/advisories/25432http://secunia.com/advisories/26653http://tech.groups.yahoo.com/group/vimannounce/message/178http://tech.groups.yahoo.com/group/vimdev/message/46627http://tech.groups.yahoo.com/group/vimdev/message/46645http://tech.groups.yahoo.com/group/vimdev/message/46658http://www.attrition.org/pipermail/vim/2007-August/001770.htmlhttp://www.debian.org/security/2007/dsa-1364http://www.mandriva.com/security/advisories?name=MDKSA-2007:101http://www.novell.com/linux/security/advisories/2007_12_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0346.htmlhttp://www.securityfocus.com/archive/1/467202/100/0/threadedhttp://www.securityfocus.com/bid/23725http://www.securitytracker.com/id?1018035http://www.trustix.org/errata/2007/0017/http://www.ubuntu.com/usn/usn-463-1http://www.vim.org/news/news.phphttp://www.vupen.com/english/advisories/2007/1599https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238259https://exchange.xforce.ibmcloud.com/vulnerabilities/34012https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9876
2007-05-02
Published