RHEL 2.1 / 3 : vim (RHSA-2005:010)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated vim packages that fix a modeline vulnerability are now

VIM (Vi IMproved) is an updated and improved version of the vi
screen-based editor.

Ciaran McCreesh discovered a modeline vulnerability in VIM. It is
possible that a malicious user could create a file containing a
specially crafted modeline which could cause arbitrary command
execution when viewed by a victim. Please note that this issue only
affects users who have modelines and filetype plugins enabled, which
is not the default. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2004-1138 to this issue.

All users of VIM are advised to upgrade to these erratum packages,
which contain a backported patch for this issue.

See also :


Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2

Family: Red Hat Local Security Checks

Nessus Plugin ID: 16109 ()

Bugtraq ID:

CVE ID: CVE-2004-1138

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial