RHEL 2.1 / 3 : vim (RHSA-2005:010)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated vim packages that fix a modeline vulnerability are now
available.

VIM (Vi IMproved) is an updated and improved version of the vi
screen-based editor.

Ciaran McCreesh discovered a modeline vulnerability in VIM. It is
possible that a malicious user could create a file containing a
specially crafted modeline which could cause arbitrary command
execution when viewed by a victim. Please note that this issue only
affects users who have modelines and filetype plugins enabled, which
is not the default. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2004-1138 to this issue.

All users of VIM are advised to upgrade to these erratum packages,
which contain a backported patch for this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2004-1138.html
http://rhn.redhat.com/errata/RHSA-2005-010.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 16109 ()

Bugtraq ID:

CVE ID: CVE-2004-1138