RedHat Update For Vim RHSA-2008:0618-01 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

Affected

vim on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, Red Hat Enterprise Linux ES version 2.1, Red Hat Enterprise Linux WS version 2.1

References

https://www.redhat.com/archives/rhsa-announce/2008-November/msg00014.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2712, CVE-2008-4101
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

RedHat Update for vim RHSA-2008:0618-01

Take action and discover your vulnerabilities