AnNyung Official Homepage Home > Update [ 1.3 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



vim 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1231743983
업데이트 : 2009.01.12


상세내용

CVE-2007-2953:
Format string vulnerability in the helptags_one function in src/ex_cmds.c in
Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers
to execute arbitrary code via format string specifiers in a help-tags tag in a
help file, related to the helptags command.

CVE-2008-2712:
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to
execute arbitrary commands via Vim scripts that do not properly sanitize inputs
before invoking the execute or system functions, as demonstrated using (1)
filetype.vim, (2) zipplugin, (3) xpm.vim, (4) gzip_vim, and (5) netrw. 

CVE-2008-3074:
A security flaw was found in tar.vim, the Vim plug-in which handles TAR
archive browsing. If a user opened a TAR archive using the tar.vim plug-in,
it could result in arbitrary code execution as the user runnin Vim.

CVE-2008-3075:
A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,
it could result in arbitrary code execution as the user running Vim.

CVE-2008-3076:
Multiple security flaws were found in netrw.vim, the Vim plug-in providing
file reading and writing over the network. If a user opened a specially
crafted file or directory with the netrw plug-in, it could result in
arbitrary code execution as the user running Vim.

CVE-2008-4101:
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which
allows user-assisted attackers to (1) execute arbitrary shell commands by
entering a K keystroke on a line that contains a ";" (semicolon) followed by
a command, or execute arbitrary Ex commands by entering an argument after a
(2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket)
keystroke sequence, a different issue than CVE-2008-2712. 



Autoupdates 지원 : 지원


update 패키지

  RPMS :

    . vim-common-7.0-3.4.i686.rpm
    . vim-enhanced-7.0-3.4.i686.rpm
    . vim-minimal-7.0-3.4.i686.rpm

  SRPMS :

    . vim-7.0-3.4.src.rpm


참고 : 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101



    



 Home > Update [ 1.3 ]

Copyright 2024 OOPS Development Organization 
LAST MODIFIED: 2018/04/10