CVE-2019-12735

HIGH

Description

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html

http://www.securityfocus.com/bid/108724

https://access.redhat.com/errata/RHSA-2019:1619

https://access.redhat.com/errata/RHSA-2019:1774

https://access.redhat.com/errata/RHSA-2019:1793

https://access.redhat.com/errata/RHSA-2019:1947

https://bugs.debian.org/930020

https://bugs.debian.org/930024

https://github.com/neovim/neovim/pull/10082

https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md

https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040

https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/

https://lists.fedoraproject.org/archives/list/[email protected]/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/

https://seclists.org/bugtraq/2019/Jul/39

https://seclists.org/bugtraq/2019/Jun/33

https://support.f5.com/csp/article/K93144355

https://support.f5.com/csp/article/K93144355?utm_source=f5support&utm_medium=RSS

https://usn.ubuntu.com/4016-1/

https://usn.ubuntu.com/4016-2/

https://www.debian.org/security/2019/dsa-4467

https://www.debian.org/security/2019/dsa-4487

Details

Source: MITRE

Published: 2019-06-05

Updated: 2019-06-13

Type: CWE-78

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3.0

Base Score: 8.6

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:neovim:neovim:*:*:*:*:*:*:*:*

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
144544Virtuozzo 6 : vim-X11 / vim-common / vim-enhanced / etc (VZLSA-2019-1774)NessusVirtuozzo Local Security Checks
high
134471GLSA-202003-04 : Vim, gVim: Remote execution of arbitrary codeNessusGentoo Local Security Checks
high
134315NewStart CGSL MAIN 4.05 : vim Vulnerability (NS-SA-2020-0020)NessusNewStart CGSL Local Security Checks
high
129190EulerOS 2.0 SP3 : vim (EulerOS-SA-2019-1997)NessusHuawei Local Security Checks
high
128690NewStart CGSL MAIN 4.06 : vim Vulnerability (NS-SA-2019-0177)NessusNewStart CGSL Local Security Checks
high
127634RHEL 7 : vim (RHSA-2019:1947)NessusRed Hat Local Security Checks
high
127480Debian DLA-1871-1 : vim security updateNessusDebian Local Security Checks
high
127460Amazon Linux 2 : vim (ALAS-2019-1239)NessusAmazon Linux Local Security Checks
high
127449NewStart CGSL CORE 5.05 / MAIN 5.05 : vim Vulnerability (NS-SA-2019-0164)NessusNewStart CGSL Local Security Checks
high
127443NewStart CGSL CORE 5.04 / MAIN 5.04 : vim Vulnerability (NS-SA-2019-0161)NessusNewStart CGSL Local Security Checks
high
127067Amazon Linux AMI : vim (ALAS-2019-1239)NessusAmazon Linux Local Security Checks
high
127003EulerOS 2.0 SP8 : vim (EulerOS-SA-2019-1766)NessusHuawei Local Security Checks
high
126968Debian DSA-4487-1 : neovim - security updateNessusDebian Local Security Checks
high
126899openSUSE Security Update : neovim (openSUSE-2019-1759)NessusSuSE Local Security Checks
high
126880EulerOS 2.0 SP2 : vim (EulerOS-SA-2019-1753)NessusHuawei Local Security Checks
high
126807Oracle Linux 6 : vim (ELSA-2019-1774)NessusOracle Linux Local Security Checks
high
126790CentOS 6 : vim (CESA-2019:1774)NessusCentOS Local Security Checks
high
126761RHEL 7 : vim (RHSA-2019:1793)NessusRed Hat Local Security Checks
high
126715Scientific Linux Security Update : vim on SL6.x i386/x86_64 (20190715)NessusScientific Linux Local Security Checks
high
126710RHEL 6 : vim (RHSA-2019:1774)NessusRed Hat Local Security Checks
high
126541EulerOS Virtualization for ARM 64 3.0.2.0 : vim (EulerOS-SA-2019-1699)NessusHuawei Local Security Checks
high
126436Scientific Linux Security Update : vim on SL7.x x86_64 (20190701)NessusScientific Linux Local Security Checks
high
126431EulerOS 2.0 SP5 : vim (EulerOS-SA-2019-1690)NessusHuawei Local Security Checks
high
126387CentOS 7 : vim (CESA-2019:1619)NessusCentOS Local Security Checks
high
126316Oracle Linux 7 / 8 : vim (ELSA-2019-1619)NessusOracle Linux Local Security Checks
high
126302RHEL 7 / 8 : vim (RHSA-2019:1619)NessusRed Hat Local Security Checks
high
126211Photon OS 2.0: Vim PHSA-2019-2.0-0162NessusPhotonOS Local Security Checks
high
126203Photon OS 1.0: Vim PHSA-2019-1.0-0237NessusPhotonOS Local Security Checks
high
126013Debian DSA-4467-1 : vim - security updateNessusDebian Local Security Checks
high
125983openSUSE Security Update : vim (openSUSE-2019-1562)NessusSuSE Local Security Checks
high
125982openSUSE Security Update : vim (openSUSE-2019-1561)NessusSuSE Local Security Checks
high
125918openSUSE Security Update : neovim (openSUSE-2019-1551)NessusSuSE Local Security Checks
high
125913FreeBSD : Vim/NeoVim -- Security vulnerability (bbdb9713-8e09-11e9-87bc-002590acae31)NessusFreeBSD Local Security Checks
high
125868Fedora 29 : 2:vim (2019-dcd49378b8)NessusFedora Local Security Checks
high
125854Ubuntu 18.10 / 19.04 : Neovim vulnerability (USN-4016-2)NessusUbuntu Local Security Checks
high
125853Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Vim vulnerabilities (USN-4016-1)NessusUbuntu Local Security Checks
high
125848SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2019:1457-1)NessusSuSE Local Security Checks
high
125847SUSE SLED12 / SLES12 Security Update : vim (SUSE-SU-2019:1456-1)NessusSuSE Local Security Checks
high
125846SUSE SLES11 Security Update : vim (SUSE-SU-2019:14078-1)NessusSuSE Local Security Checks
high
125788Fedora 30 : 2:vim (2019-d79f89346c)NessusFedora Local Security Checks
high