RHEL 2.1 : vim (RHSA-2002:302)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated VIM packages are available for Red Hat Linux Advanced Server.
These updates resolve a security issue when opening a specially
crafted text file.

[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation
2.1

VIM (VIsual editor iMproved) is a version of the vi editor.

VIM allows a user to set the modeline differently for each edited text
file by placing special comments in the files. Georgi Guninski found
that these comments can be carefully crafted in order to call external
programs. This could allow an attacker to create a text file such that
when it is opened arbitrary commands are executed.

Users of VIM are advised to upgrade to these errata packages which
have been patched to disable the usage of dangerous funtions in
modelines.

See also :

https://www.redhat.com/security/data/cve/CVE-2002-1377.html
http://www.guninski.com/vim1.html
http://marc.info/?l=full-disclosure&m=103972417823566
http://rhn.redhat.com/errata/RHSA-2002-302.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12344 ()

Bugtraq ID:

CVE ID: CVE-2002-1377

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial