CVE-2016-1248
published 2016-11-23CVE-2016-1248: vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary…
PriorityP359high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
25.31%
97.7th percentile
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_sierra | — | — |
| debian | debian_linux | — | — |
| debian | neovim | < neovim 0.1.6-4 (bookworm) | neovim 0.1.6-4 (bookworm) |
| debian | vim | < neovim 0.1.6-4 (bookworm) | neovim 0.1.6-4 (bookworm) |
| vim | vim | <= 8.0.0055 | — |
| vim | vim | >= 0 < 2:8.0.0095-1 | 2:8.0.0095-1 |
| vim | vim | >= 0 < 2:8.0.0095-1 | 2:8.0.0095-1 |
| vim | vim | >= 0 < 2:8.0.0095-1 | 2:8.0.0095-1 |
| vim | vim | >= 0 < 2:8.0.0095-1 | 2:8.0.0095-1 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2016-1248: macOS Sierra 10.12.3
vendor_apple·2017-01-23·CVSS 7.8
CVE-2016-1248 [HIGH] CVE-2016-1248: macOS Sierra 10.12.3
Apple Security Update: About the security content of macOS Sierra 10.12.3
Product: macOS Sierra
Version: 10.12.3
CVE: CVE-2016-1248
Component: Vim
Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
Description: An input validation issue existed in modelines. This was addressed through improved input validation.
Ubuntu
Vim vulnerability
vendor_ubuntu·2016-11-29
CVE-2016-1248 Vim vulnerability
Title: Vim vulnerability
Summary: Vim could be made to run programs as your login if it opened a specially
crafted file.
Florian Larysch discovered that the Vim text editor did not properly
validate values for the 'filetype', 'syntax', and 'keymap' options. An
attacker could trick a user into opening a file with specially crafted
modelines and possibly execute arbitrary code with the user's privileges.
Instructions: After a standard system update you need to restart Vim to make
all the necessary changes.
Red Hat
vim: Lack of validation of values for few options results in code exection
vendor_redhat·2016-11-20·CVSS 7.8
CVE-2016-1248 [HIGH] CWE-20 vim: Lack of validation of values for few options results in code exection
vim: Lack of validation of values for few options results in code exection
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim.
Mitigation: Disabling modeline support in .vimrc by adding "set nomodeline" will prevent exploitation of this flaw. By default, modeline is enabled for ordinary users but disabled for root.
Package: vim (Red Hat Enterprise Linux 5) - Will not fix
Debian
CVE-2016-1248: neovim - vim before patch 8.0.0056 does not properly validate values for the 'filetype', ...
vendor_debian·2016·CVSS 7.8
CVE-2016-1248 [HIGH] CVE-2016-1248: neovim - vim before patch 8.0.0056 does not properly validate values for the 'filetype', ...
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
Scope: local
bookworm: resolved (fixed in 0.1.6-4)
bullseye: resolved (fixed in 0.1.6-4)
forky: resolved (fixed in 0.1.6-4)
sid: resolved (fixed in 0.1.6-4)
trixie: resolved (fixed in 0.1.6-4)
GHSA
GHSA-6q4x-827v-ffwx: vim before patch 8
ghsa_unreviewed·2022-05-17
CVE-2016-1248 [HIGH] CWE-20 GHSA-6q4x-827v-ffwx: vim before patch 8
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
OSV
CVE-2016-1248: vim before patch 8
osv·2016-11-23·CVSS 7.8
CVE-2016-1248 [HIGH] CVE-2016-1248: vim before patch 8
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
No detection rules found.
Bugzilla
CVE-2016-1248 vim: Lack of validation of values for few options results in code exection [fedora-all]
bugzilla·2016-11-24·CVSS 7.8
CVE-2016-1248 [HIGH] CVE-2016-1248 vim: Lack of validation of values for few options results in code exection [fedora-all]
CVE-2016-1248 vim: Lack of validation of values for few options results in code exection [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multipl
Bugzilla
CVE-2016-1248 vim: Lack of validation of values for few options results in code exection
bugzilla·2016-11-24·CVSS 7.8
CVE-2016-1248 [HIGH] CVE-2016-1248 vim: Lack of validation of values for few options results in code exection
CVE-2016-1248 vim: Lack of validation of values for few options results in code exection
A vulnerability was found in Vim which would allow arbitrary shell commands to be run if a user opened a file with a malicious modeline. This is due to lack of validation of values for a few options. Those options' values are then used in Vim's scripts to build a command string that's evaluated by :execute, which is what allows the shell commands to be run.
Upstream patch:
https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
References:
http://seclists.org/oss-sec/2016/q4/506
Discussion:
Created vim tracking bugs for this issue:
Affects: fedora-all [bug 1398228]
---
Mitigation:
Disabling modeline support in .vimrc by adding "set nomodeline" will prevent exploitation of
http://openwall.com/lists/oss-security/2016/11/22/20http://rhn.redhat.com/errata/RHSA-2016-2972.htmlhttp://www.debian.org/security/2016/dsa-3722http://www.securityfocus.com/bid/94478http://www.securitytracker.com/id/1037338http://www.ubuntu.com/usn/USN-3139-1https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changeloghttps://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39ahttps://github.com/vim/vim/releases/tag/v8.0.0056https://lists.debian.org/debian-lts-announce/2016/11/msg00025.htmlhttps://lists.debian.org/debian-security-announce/2016/msg00305.htmlhttps://security.gentoo.org/glsa/201701-29http://openwall.com/lists/oss-security/2016/11/22/20http://rhn.redhat.com/errata/RHSA-2016-2972.htmlhttp://www.debian.org/security/2016/dsa-3722http://www.securityfocus.com/bid/94478http://www.securitytracker.com/id/1037338http://www.ubuntu.com/usn/USN-3139-1https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changeloghttps://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39ahttps://github.com/vim/vim/releases/tag/v8.0.0056https://lists.debian.org/debian-lts-announce/2016/11/msg00025.htmlhttps://lists.debian.org/debian-security-announce/2016/msg00305.htmlhttps://security.gentoo.org/glsa/201701-29
2016-11-23
Published