FreeBSD : vim6 -- heap-based overflow while parsing shell metacharacters (f866d2af-bbba-11df-8a8d-0008743bf21a)

medium Nessus Plugin ID 49167

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Description for CVE-2008-3432 says :

Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.

Solution

Update the affected packages.

See Also

https://www.openwall.com/lists/oss-security/2008/07/15/4

http://www.nessus.org/u?dfa5da53

Plugin Details

Severity: Medium

ID: 49167

File Name: freebsd_pkg_f866d2afbbba11df8a8d0008743bf21a.nasl

Version: 1.10

Type: local

Published: 9/9/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:vim6, p-cpe:/a:freebsd:freebsd:vim6%2bruby, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/9/2010

Vulnerability Publication Date: 7/31/2008

Reference Information

CVE: CVE-2008-3432

CWE: 119