FreeBSD : vim -- vulnerabilities in modeline handling: glob, expand (81f127a8-0038-11da-86bc-000e0c2e438a)

High Nessus Plugin ID 19348


The remote FreeBSD host is missing one or more security-related updates.


Georgi Guninski discovered a way to construct Vim modelines that execute arbitrary shell commands. The vulnerability can be exploited by including shell commands in modelines that call the glob() or expand() functions. An attacker could trick an user to read or edit a trojaned file with modelines enabled, after which the attacker is able to execute arbitrary commands with the privileges of the user.

Note: It is generally recommended that VIM users use set nomodeline in ~/.vimrc to avoid the possibility of trojaned text files.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 19348

File Name: freebsd_pkg_81f127a8003811da86bc000e0c2e438a.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2005/08/01

Modified: 2018/01/12

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:vim, p-cpe:/a:freebsd:freebsd:vim+ruby, p-cpe:/a:freebsd:freebsd:vim-console, p-cpe:/a:freebsd:freebsd:vim-lite, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2005/07/31

Vulnerability Publication Date: 2005/07/25

Reference Information

CVE: CVE-2005-2368

BID: 14374