Debian Bug report logs - #506919
vim: multiple vulnerabilities (CVE-2008-3074, CVE-2008-3075, and CVE-2008-3076)

version graph

Package: vim; Maintainer for vim is Debian Vim Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>; Source for vim is src:vim.

Reported by: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>

Date: Tue, 25 Nov 2008 22:33:01 UTC

Severity: grave

Tags: fixed, security

Found in version vim/1:6.4-000+1

Fixed in versions vim/2:7.2.010-1, vim/1:7.1.314-3+lenny1

Done: James Vega <jamessan@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian Vim Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>:
Bug#506919; Package vim. (Tue, 25 Nov 2008 22:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian Vim Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>. (Tue, 25 Nov 2008 22:33:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: vim: multiple vulnerabilities (CVE-2008-3074, CVE-2008-3075, and CVE-2008-3076)
Date: Tue, 25 Nov 2008 17:31:36 -0500
Package: vim
Version: 1:7.0.109
Severity: grave
Tags: security
Justification: user security hole

redhat has just released an update that fixes multiple security flaws in
vim [1].  these issues are currently reserved in the CVE tracker, but
redhat describes the probems as:

  Multiple security flaws were found in netrw.vim, the Vim plug-in providing
  file reading and writing over the network. If a user opened a specially
  crafted file or directory with the netrw plug-in, it could result in
  arbitrary code execution as the user running Vim. (CVE-2008-3076)

  A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
  archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,
  it could result in arbitrary code execution as the user running Vim.
  (CVE-2008-3075)

  A security flaw was found in tar.vim, the Vim plug-in which handles TAR
  archive browsing. If a user opened a TAR archive using the tar.vim plug-in,
  it could result in arbitrary code execution as the user runnin Vim.
  (CVE-2008-3074)

versions affected are unclear from the redhat notice, but the problem at 
least applies to vim version 7.0.109, which they have fixed in rhel5.

thanks for working to keep debian secure.

[1] https://rhn.redhat.com/errata/RHSA-2008-0580.html

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages vim depends on:
ii  libacl1               2.2.47-2           Access control list shared library
ii  libc6                 2.7-16             GNU C Library: Shared libraries
ii  libgpm2               1.20.4-3           General Purpose Mouse - shared lib
ii  libncurses5           5.6+20080830-1     shared libraries for terminal hand
ii  libselinux1           2.0.65-5           SELinux shared libraries
ii  vim-common            1:7.1.314-3+lenny2 Vi IMproved - Common files
ii  vim-runtime           1:7.1.314-3+lenny2 Vi IMproved - Runtime files

vim recommends no packages.

Versions of packages vim suggests:
pn  ctags                         <none>     (no description available)
pn  vim-doc                       <none>     (no description available)
pn  vim-scripts                   <none>     (no description available)

-- no debconf information




Tags added: fixed Request was from James Vega <jamessan@debian.org> to control@bugs.debian.org. (Tue, 25 Nov 2008 23:30:04 GMT) Full text and rfc822 format available.

Tags added: fixed Request was from James Vega <jamessan@debian.org> to control@bugs.debian.org. (Tue, 25 Nov 2008 23:30:05 GMT) Full text and rfc822 format available.

Reply sent to James Vega <jamessan@debian.org>:
You have taken responsibility. (Tue, 25 Nov 2008 23:30:09 GMT) Full text and rfc822 format available.

Notification sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Tue, 25 Nov 2008 23:30:09 GMT) Full text and rfc822 format available.

Message #14 received at 506919-done@bugs.debian.org (full text, mbox):

From: James Vega <jamessan@debian.org>
To: 506919-done@bugs.debian.org
Subject: Re: Bug#506919: vim: multiple vulnerabilities (CVE-2008-3074, CVE-2008-3075, and CVE-2008-3076)
Date: Tue, 25 Nov 2008 18:27:50 -0500
[Message part 1 (text/plain, inline)]
tag 506919 fixed 2:7.2.010-1
tag 506919 fixed 1:7.1.314-3+lenny1
thanks

On Tue, Nov 25, 2008 at 05:31:36PM -0500, Michael S. Gilbert wrote:
> redhat has just released an update that fixes multiple security flaws in
> vim [1].  these issues are currently reserved in the CVE tracker, but
> redhat describes the probems as:
> 
>   Multiple security flaws were found in netrw.vim, the Vim plug-in providing
>   file reading and writing over the network. If a user opened a specially
>   crafted file or directory with the netrw plug-in, it could result in
>   arbitrary code execution as the user running Vim. (CVE-2008-3076)
> 
>   A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
>   archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,
>   it could result in arbitrary code execution as the user running Vim.
>   (CVE-2008-3075)
> 
>   A security flaw was found in tar.vim, the Vim plug-in which handles TAR
>   archive browsing. If a user opened a TAR archive using the tar.vim plug-in,
>   it could result in arbitrary code execution as the user runnin Vim.
>   (CVE-2008-3074)
> 
> versions affected are unclear from the redhat notice, but the problem at 
> least applies to vim version 7.0.109, which they have fixed in rhel5.

These are basically split out versions of previously released
vulnerabilities.  They're fixed in the above mentioned versions.

-- 
James
GPG Key: 1024D/61326D40 2003-09-02 James Vega <jamessan@debian.org>
[signature.asc (application/pgp-signature, inline)]

Bug no longer marked as found in version 1:7.0.109. Request was from James Vega <jamessan@debian.org> to control@bugs.debian.org. (Wed, 26 Nov 2008 00:09:02 GMT) Full text and rfc822 format available.

Bug marked as found in version 1:6.4-000+1 and reopened. Request was from James Vega <jamessan@debian.org> to control@bugs.debian.org. (Wed, 26 Nov 2008 00:09:03 GMT) Full text and rfc822 format available.

Bug marked as fixed in version 2:7.2.010-1. Request was from James Vega <jamessan@debian.org> to control@bugs.debian.org. (Wed, 26 Nov 2008 00:12:06 GMT) Full text and rfc822 format available.

Bug marked as fixed in version 1:7.1.314-3+lenny1. Request was from James Vega <jamessan@debian.org> to control@bugs.debian.org. (Wed, 26 Nov 2008 00:12:06 GMT) Full text and rfc822 format available.

Bug closed, send any further explanations to "Michael S. Gilbert" <michael.s.gilbert@gmail.com> Request was from James Vega <jamessan@debian.org> to control@bugs.debian.org. (Wed, 26 Nov 2008 00:18:05 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Feb 2009 07:52:01 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 18:35:13 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.