FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vim6 -- heap-based overflow while parsing shell metacharacters

Affected packages
6.2.429 <= vim6 < 6.3.62
6.2.429 <= vim6+ruby < 6.3.62

Details

VuXML ID f866d2af-bbba-11df-8a8d-0008743bf21a
Discovery 2008-07-31
Entry 2010-09-09

Description for CVE-2008-3432 says:

Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.

References

CVE Name CVE-2008-3432
URL http://www.openwall.com/lists/oss-security/2008/07/15/4