Debian Vim vulnerabilities

CVE-2009-0316 [MEDIUM] CVE-2009-0316: vim - Untrusted search path vulnerability in src/if_python.c in the Python interface i... Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair. Scope

CVE-2008-3074 [CRITICAL] CVE-2008-3074: vim - The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-... The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demons

CVE-2008-3075 [CRITICAL] CVE-2008-3075: vim - The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-... The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 throug

CVE-2008-3076 [CRITICAL] CVE-2008-3076: vim - The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers ... The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. Scope:

CVE-2008-2712 [CRITICAL] CVE-2008-2712: vim - Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to ex... Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually fo

CVE-2008-6235 [CRITICAL] CVE-2008-6235: vim - The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers t... The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases. Scope: local bookworm: resolved (fixed in 2:7.2.148-1) bullseye: resolved (fixed in 2:7.2.148

CVE-2008-4677 [MEDIUM] CVE-2008-4677: vim - autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 13... autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstance

CVE-2008-3432 [MEDIUM] CVE-2008-3432: vim - Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in ... Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2008-4101 [CRITICAL] CVE-2008-4101: vim - Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which al... Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-

CVE-2008-3294 [LOW] CVE-2008-3294: vim - src/configure.in in Vim 5.0 through 7.1, when used for a build with Python suppo... src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure. Scop

CVE-2007-2953 [MEDIUM] CVE-2007-2953: vim - Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim... Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. Scope: local bookworm: resolved (fixed in 1:7.1-056+1) bullseye: resolved (fixed in 1:7.1-056+

CVE-2007-2438 [HIGH] CVE-2007-2438: vim - The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedke... The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. Scope: local bookworm: resolved (fixed in 1:7.1-022+1) bullseye: resolved (fixed in 1:7.1-022+1) forky: resolved (fixed in 1:7.1-022+1) sid: resolved (fixed in 1:7.1-022+1) tr

CVE-2005-0069 [MEDIUM] CVE-2005-0069: vim - The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overw... The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files. Scope: local bookworm: resolved (fixed in 1:6.3-058+1) bullseye: resolved (fixed in 1:6.3-058+1) forky: resolved (fixed in 1:6.3-058+1) sid: resolved (fixed in 1:6.3-058+1) trixie: resolved (fixed in 1:6.3-058+1)

CVE-2005-2368 [CRITICAL] CVE-2005-2368: vim - vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted at... vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels. Scope: local bookworm: resolved (fixed in 1:6.3-085+1) bullseye: resolved (fixed in 1:6.3-085+1) forky: resolved (fixed in 1:6.3-085+1

CVE-2004-1138 [HIGH] CVE-2004-1138: vim - VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary comman... VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. Scope: local bookworm: resolved (fixed in 1:6.3-046+0sarge

CVE-2002-1377 [MEDIUM] CVE-2002-1377: vim - vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitr... vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. Scope: local bookworm: resolved (fixed in 6.1.263-1) bullseye: resolved (fixed in 6.1.263-1) forky: resolved (fixed in 6.1.2