Amazon Linux AMI : vim (ALAS-2017-809)

High Nessus Plugin ID 99036

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

An integer overflow flaw was found in the way vim handled tree length values when reading an undo file. This bug could result in vim crashing when trying to process corrupted undo files. (CVE-2017-6350)

An integer overflow flaw was found in the way vim handled undo files.
This bug could result in vim crashing when trying to process corrupted undo files.(CVE-2017-6349)

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
(CVE-2017-5953)

Solution

Run 'yum update vim' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2017-809.html

Plugin Details

Severity: High

ID: 99036

File Name: ala_ALAS-2017-809.nasl

Version: 3.2

Type: local

Agent: unix

Published: 2017/03/30

Updated: 2018/04/18

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:vim-common, p-cpe:/a:amazon:linux:vim-debuginfo, p-cpe:/a:amazon:linux:vim-enhanced, p-cpe:/a:amazon:linux:vim-filesystem, p-cpe:/a:amazon:linux:vim-minimal, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 2017/03/29

Reference Information

CVE: CVE-2017-5953, CVE-2017-6349, CVE-2017-6350

ALAS: 2017-809