FreeBSD : vim -- vulnerabilities in modeline handling: glob, expand (81f127a8-0038-11da-86bc-000e0c2e438a)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Georgi Guninski discovered a way to construct Vim modelines that
execute arbitrary shell commands. The vulnerability can be exploited
by including shell commands in modelines that call the glob() or
expand() functions. An attacker could trick an user to read or edit a
trojaned file with modelines enabled, after which the attacker is able
to execute arbitrary commands with the privileges of the user.

Note: It is generally recommended that VIM users use set nomodeline in
~/.vimrc to avoid the possibility of trojaned text files.

See also :

http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html
http://www.nessus.org/u?ff0d2916

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19348 (freebsd_pkg_81f127a8003811da86bc000e0c2e438a.nasl)

Bugtraq ID: 14374

CVE ID: CVE-2005-2368

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now