Scientific Linux Security Update : vim on SL3.x, SL4.x, SL5.x i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Several input sanitization flaws were found in Vim's keyword and tag
handling. If Vim looked up a document's maliciously crafted tag or
keyword, it was possible to execute arbitrary code as the user running
Vim. (CVE-2008-4101)

SL3 and SL4 Only: A heap-based overflow flaw was discovered in Vim's
expansion of file name patterns with shell wildcards. An attacker
could create a specially crafted file or directory name that, when
opened by Vim, caused the application to crash or, possibly, execute
arbitrary code. (CVE-2008-3432)

SL5 Only: Multiple security flaws were found in netrw.vim, the Vim
plug-in providing file reading and writing over the network. If a user
opened a specially crafted file or directory with the netrw plug-in,
it could result in arbitrary code execution as the user running Vim.
(CVE-2008-3076)

SL5 Only: A security flaw was found in zip.vim, the Vim plug-in that
handles ZIP archive browsing. If a user opened a ZIP archive using the
zip.vim plug-in, it could result in arbitrary code execution as the
user running Vim. (CVE-2008-3075)

SL5 Only: A security flaw was found in tar.vim, the Vim plug-in which
handles TAR archive browsing. If a user opened a TAR archive using the
tar.vim plug-in, it could result in arbitrary code execution as the
user runnin Vim. (CVE-2008-3074)

Several input sanitization flaws were found in various Vim system
functions. If a user opened a specially crafted file, it was possible
to execute arbitrary code as the user running Vim. (CVE-2008-2712)

Ulf H&auml
rnhammar, of Secunia Research, discovered a format string
flaw in Vim's help tag processor. If a user was tricked into executing
the 'helptags' command on malicious data, arbitrary code could be
executed with the permissions of the user running Vim. (CVE-2007-2953)

See also :

http://www.nessus.org/u?3541c0de

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60500 ()

Bugtraq ID:

CVE ID: CVE-2007-2953
CVE-2008-2712
CVE-2008-3074
CVE-2008-3075
CVE-2008-3076
CVE-2008-3432
CVE-2008-4101