VUPEN Security - Mandriva Security Update Fixes Vim Code Exection Vulnerabilities / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Mandriva Security Update Fixes Vim Code Exection Vulnerabilities

Title : Mandriva Security Update Fixes Vim Code Exection Vulnerabilities
VUPEN ID : VUPEN/ADV-2008-3336
CVE ID : CVE-2008-2712 - CVE-2008-2953 - CVE-2008-3074 - CVE-2008-3075 - CVE-2008-3076 - CVE-2008-4101 - CVE-2008-4677
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-12-04

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Receive VUPEN Security notifications by SMS

Multiple vulnerabilities have been identified in Mandriva, which could be exploited by attackers to bypass security restrictions and execute arbitrary code. These issues are caused by errors in Vim. For additional information, see : VUPEN/ADV-2008-1851 - VUPEN/ADV-2008-2379

Affected Products

Mandriva Linux 2008.0
Mandriva Linux 2008.1
Mandriva Linux 2009.0
Mandriva Corporate 3.0
Mandriva Corporate 4.0
Mandriva Multi Network Firewall 2.0

Solution

Upgrade the affected packages :

Mandriva Linux 2008.0:
9687145d46a754a50f26498399e42f84 2008.0/i586/vim-common-7.2.065-9.2mdv2008.0.i586.rpm
5ab8b8d113ef693c07cd79f693d47638 2008.0/i586/vim-enhanced-7.2.065-9.2mdv2008.0.i586.rpm
cf40227e84aac1a17a1a2973685e6a1f 2008.0/i586/vim-minimal-7.2.065-9.2mdv2008.0.i586.rpm
bf9cb876e1958d7b215a7039e1c52975 2008.0/i586/vim-X11-7.2.065-9.2mdv2008.0.i586.rpm
7b1b039b2ba0233b6535775ecd200e6d 2008.0/SRPMS/vim-7.2.065-9.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
fa3479b036e054ce12a0e680e95f28f6 2008.0/x86_64/vim-common-7.2.065-9.2mdv2008.0.x86_64.rpm
d1e10ebfaa89c3ca0cc72624531c6950 2008.0/x86_64/vim-enhanced-7.2.065-9.2mdv2008.0.x86_64.rpm
a8961516b64c325bf6662b44e1384885 2008.0/x86_64/vim-minimal-7.2.065-9.2mdv2008.0.x86_64.rpm
eb6a696807d8a2e55d9a447266081bc4 2008.0/x86_64/vim-X11-7.2.065-9.2mdv2008.0.x86_64.rpm
7b1b039b2ba0233b6535775ecd200e6d 2008.0/SRPMS/vim-7.2.065-9.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:
bf1bbb5c11dc18f5b626830f83324bab 2008.1/i586/vim-common-7.2.065-9.2mdv2008.1.i586.rpm
54426458bb7601d9b3fdfedfa16ee9c6 2008.1/i586/vim-enhanced-7.2.065-9.2mdv2008.1.i586.rpm
ca94206e37b639a4577272d05ef10489 2008.1/i586/vim-minimal-7.2.065-9.2mdv2008.1.i586.rpm
8b58cee3b8ccee24408c1ed78215cb89 2008.1/i586/vim-X11-7.2.065-9.2mdv2008.1.i586.rpm
2886ecd9e5117b6464dc82e12bc41ee6 2008.1/SRPMS/vim-7.2.065-9.2mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
f56a2879dfbca889824074338eca652c 2008.1/x86_64/vim-common-7.2.065-9.2mdv2008.1.x86_64.rpm
e813a7a4126f4b5413b6a3517bb57c97 2008.1/x86_64/vim-enhanced-7.2.065-9.2mdv2008.1.x86_64.rpm
cfc262ca8e4995d5b648c282d05f9261 2008.1/x86_64/vim-minimal-7.2.065-9.2mdv2008.1.x86_64.rpm
dce8110e159fe8b767d596346514d1e9 2008.1/x86_64/vim-X11-7.2.065-9.2mdv2008.1.x86_64.rpm
2886ecd9e5117b6464dc82e12bc41ee6 2008.1/SRPMS/vim-7.2.065-9.2mdv2008.1.src.rpm

Mandriva Linux 2009.0:
b94e841258ba0053a8c2e1c61d378ff4 2009.0/i586/vim-common-7.2.065-9.2mdv2009.0.i586.rpm
53b66549200b5a8a3374de12c56ca3c4 2009.0/i586/vim-enhanced-7.2.065-9.2mdv2009.0.i586.rpm
a412c994a7d9f3111e2dfd4d629de72c 2009.0/i586/vim-minimal-7.2.065-9.2mdv2009.0.i586.rpm
f1a2096a8b72c74ed3ef7df984491b66 2009.0/i586/vim-X11-7.2.065-9.2mdv2009.0.i586.rpm
49185b01a1d717513902ba49235023a0 2009.0/SRPMS/vim-7.2.065-9.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
dce4c150ca5f8beed2e6ec917ee8f36d 2009.0/x86_64/vim-common-7.2.065-9.2mdv2009.0.x86_64.rpm
8351ee5ccbbf039649c830befb16c8b6 2009.0/x86_64/vim-enhanced-7.2.065-9.2mdv2009.0.x86_64.rpm
25abc823231a1242ec9e00e08aeea08b 2009.0/x86_64/vim-minimal-7.2.065-9.2mdv2009.0.x86_64.rpm
8f18e3bf52e528294a8c027227163ea0 2009.0/x86_64/vim-X11-7.2.065-9.2mdv2009.0.x86_64.rpm
49185b01a1d717513902ba49235023a0 2009.0/SRPMS/vim-7.2.065-9.2mdv2009.0.src.rpm

Corporate 3.0:
57eb3da62007c67d4dfff2184712e723 corporate/3.0/i586/vim-common-7.2.065-9.2.C30mdk.i586.rpm
cd32782aeb6a12ff17d63436cf1b5bdd corporate/3.0/i586/vim-enhanced-7.2.065-9.2.C30mdk.i586.rpm
5fe6219ae51f930a61ac7719d483c4d2 corporate/3.0/i586/vim-minimal-7.2.065-9.2.C30mdk.i586.rpm
ad522f08a5c827dc68c1c3d80dc96c05 corporate/3.0/i586/vim-X11-7.2.065-9.2.C30mdk.i586.rpm
5056d9e1057c60b0cc2514cfb14f6aef corporate/3.0/SRPMS/vim-7.2.065-9.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
934038cf8d1a329cf8020895ed3db7c3 corporate/3.0/x86_64/vim-common-7.2.065-9.2.C30mdk.x86_64.rpm
65d64cc850ebdcb6a47905c94df19437 corporate/3.0/x86_64/vim-enhanced-7.2.065-9.2.C30mdk.x86_64.rpm
138427402ee4d0dba3931861f43b17af corporate/3.0/x86_64/vim-minimal-7.2.065-9.2.C30mdk.x86_64.rpm
23ab99b940c3150ea185cbe0cf7a536a corporate/3.0/x86_64/vim-X11-7.2.065-9.2.C30mdk.x86_64.rpm
5056d9e1057c60b0cc2514cfb14f6aef corporate/3.0/SRPMS/vim-7.2.065-9.2.C30mdk.src.rpm

Corporate 4.0:
ccad6e665824b0af02d7cf6dc244800f corporate/4.0/i586/vim-common-7.2.065-8.2.20060mlcs4.i586.rpm
6259e89fdff3af4591f00aee85f6408d corporate/4.0/i586/vim-enhanced-7.2.065-8.2.20060mlcs4.i586.rpm
a1899ec82783d087a67e598440c7d97b corporate/4.0/i586/vim-minimal-7.2.065-8.2.20060mlcs4.i586.rpm
1628ebe4b6bd2c0398689d8b63059ad4 corporate/4.0/i586/vim-X11-7.2.065-8.2.20060mlcs4.i586.rpm
ff5ce0745012df27dba7c628be9696c2 corporate/4.0/SRPMS/vim-7.2.065-8.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
2cc05e275dfda62016b2ca250bc7abac corporate/4.0/x86_64/vim-common-7.2.065-8.2.20060mlcs4.x86_64.rpm
12628db58e590955b4fc52b9b9da35f2 corporate/4.0/x86_64/vim-enhanced-7.2.065-8.2.20060mlcs4.x86_64.rpm
81d3a71d955ef44e9adf0087a38b2048 corporate/4.0/x86_64/vim-minimal-7.2.065-8.2.20060mlcs4.x86_64.rpm
01db91a3cd0d64fba00beb7ac29121ab corporate/4.0/x86_64/vim-X11-7.2.065-8.2.20060mlcs4.x86_64.rpm
ff5ce0745012df27dba7c628be9696c2 corporate/4.0/SRPMS/vim-7.2.065-8.2.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
17e4eff8ebdba9763a278a2d0e2f4ca3 mnf/2.0/i586/vim-common-7.2.065-9.2.C30mdk.i586.rpm
a32e43b8fd1beaa139c108a14685b357 mnf/2.0/i586/vim-enhanced-7.2.065-9.2.C30mdk.i586.rpm
ccd9d76b31b85005d465a11113db862e mnf/2.0/i586/vim-minimal-7.2.065-9.2.C30mdk.i586.rpm
27bd018672a8bc5aa5d15a7bc6e64dc0 mnf/2.0/SRPMS/vim-7.2.065-9.2.C30mdk.src.rpm

References

http://www.vupen.com/english/advisories/2008/3336
http://lists.mandriva.com/security-announce/2008-12/msg00003.php

ChangeLog

2008-12-04 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Vulnerability Alerting

Free 14-Day Trial

Latest News

>> 2009-06-10

VUPEN Security Research
Discovered Critical Flaws
in Adobe Acrobat and MS
Office Word

>> 2009-06-02

VUPEN Security Research
Discovered Critical Flaws
in ACDSee Products

>> 2009-05-22

VUPEN Discovered Two
Critical Vulnerabilities in
Novell GroupWise 8 / 7

>> 2009-05-12

Microsoft Patched 14
Office PowerPoint Flaws

>> 2009-04-28

Adobe Reader / Acrobat
Vulnerabilities Disclosed

More Informations