Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3076 — OS Command Injection in VIM

CWE-78 — OS Command Injection7 documents7 sources

Severity

9.3CRITICALNVD

EPSS

11.6%

top 6.33%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

VIM Debian VIM

Timeline

PublishedFeb 21

Latest updateMay 1

Description

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/vim< vim 2:7.2.010-1 (bookworm)

▶Debianvim/vim< 2:7.2.010-1+3

▶NVDvim/vim7.2a.10

Patches

Patch: www.openwall.com ↗Patch: www.rdancer.org ↗Patch: www.rdancer.org ↗

🔴Vulnerability Details

GHSA

GHSA-f5qf-9pc8-pr89: The Netrw plugin 125 in netrw↗2022-05-01

▶

OSV

CVE-2008-3076: The Netrw plugin 125 in netrw↗2009-02-21

▶

💥Exploits & PoCs

Exploit-DB

Netrw 125 Vim Script - Multiple Command Execution Vulnerabilities↗2008-07-07

▶

📋Vendor Advisories

Red Hat

plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution↗2008-07-15

▶

Debian

CVE-2008-3076: vim - The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers ...↗2008

▶

💬Community

Bugzilla

CVE-2008-6235 Vim netrw.vim plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution↗2008-10-17

▶