FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3432

This CVE name corresponds to:

Entered Topic
2010-09-09 vim6 -- heap-based overflow while parsing shell metacharacters

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-3432
Phase Assigned(20080731)

Description

Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.

References

Source Reference
BUGTRAQ 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim
MLIST [oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw
MLIST [oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw
CONFIRM ftp://ftp.vim.org/pub/vim/patches/6.2.429
CONFIRM ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059
CONFIRM http://support.apple.com/kb/HT3216
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=455455
CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0004.html
APPLE APPLE-SA-2008-10-09
REDHAT RHSA-2008:0617
BID 30648
BID 31681
OVAL oval:org.mitre.oval:def:11203
OVAL oval:org.mitre.oval:def:5987
SECUNIA 32858
VUPEN ADV-2008-2780
VUPEN ADV-2009-0033
SECUNIA 32222
SECUNIA 33410
VUPEN ADV-2009-0904
XF vim-mchexpandwildcards-bo(44722)