RHEL 2.1 / 3 : vim (RHSA-2005:010)

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated vim packages that fix a modeline vulnerability are now

VIM (Vi IMproved) is an updated and improved version of the vi
screen-based editor.

Ciaran McCreesh discovered a modeline vulnerability in VIM. It is
possible that a malicious user could create a file containing a
specially crafted modeline which could cause arbitrary command
execution when viewed by a victim. Please note that this issue only
affects users who have modelines and filetype plugins enabled, which
is not the default. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2004-1138 to this issue.

All users of VIM are advised to upgrade to these erratum packages,
which contain a backported patch for this issue.

See also :


Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2

Family: Red Hat Local Security Checks

Nessus Plugin ID: 16109 ()

Bugtraq ID:

CVE ID: CVE-2004-1138

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now