How to Buy
This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Several input sanitization flaws were found in Vim's keyword and tag
handling. If Vim looked up a document's maliciously crafted tag or
keyword, it was possible to execute arbitrary code as the user running
SL3 and SL4 Only: A heap-based overflow flaw was discovered in Vim's
expansion of file name patterns with shell wildcards. An attacker
could create a specially crafted file or directory name that, when
opened by Vim, caused the application to crash or, possibly, execute
arbitrary code. (CVE-2008-3432)
SL5 Only: Multiple security flaws were found in netrw.vim, the Vim
plug-in providing file reading and writing over the network. If a user
opened a specially crafted file or directory with the netrw plug-in,
it could result in arbitrary code execution as the user running Vim.
SL5 Only: A security flaw was found in zip.vim, the Vim plug-in that
handles ZIP archive browsing. If a user opened a ZIP archive using the
zip.vim plug-in, it could result in arbitrary code execution as the
user running Vim. (CVE-2008-3075)
SL5 Only: A security flaw was found in tar.vim, the Vim plug-in which
handles TAR archive browsing. If a user opened a TAR archive using the
tar.vim plug-in, it could result in arbitrary code execution as the
user runnin Vim. (CVE-2008-3074)
Several input sanitization flaws were found in various Vim system
functions. If a user opened a specially crafted file, it was possible
to execute arbitrary code as the user running Vim. (CVE-2008-2712)
rnhammar, of Secunia Research, discovered a format string
flaw in Vim's help tag processor. If a user was tricked into executing
the 'helptags' command on malicious data, arbitrary code could be
executed with the permissions of the user running Vim. (CVE-2007-2953)
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 9.3
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60500 ()
CVE ID: CVE-2007-2953CVE-2008-2712CVE-2008-3074CVE-2008-3075CVE-2008-3076CVE-2008-3432CVE-2008-4101
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.