FreeBSD : vim6 -- heap-based overflow while parsing shell metacharacters (f866d2af-bbba-11df-8a8d-0008743bf21a)

Medium Nessus Plugin ID 49167


The remote FreeBSD host is missing one or more security-related updates.


Description for CVE-2008-3432 says :

Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 49167

File Name: freebsd_pkg_f866d2afbbba11df8a8d0008743bf21a.nasl

Version: $Revision: 1.6 $

Type: local

Published: 2010/09/09

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:vim6, p-cpe:/a:freebsd:freebsd:vim6+ruby, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2010/09/09

Vulnerability Publication Date: 2008/07/31

Reference Information

CVE: CVE-2008-3432

CWE: 119