CVE-2008-3432 (GCVE-0-2008-3432)

Vulnerability from cvelistv5 – Published: 2008-10-10 10:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2008/07/15/4 mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/31681 vdb-entryx_refsource_BID
http://secunia.com/advisories/32858 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/33410 third-party-advisoryx_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2008/08/01/1 mailing-listx_refsource_MLIST
ftp://ftp.vim.org/pub/vim/patches/6.2.429 x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/0904 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/0033 vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/archive/1/502322/100… mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/32222 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/30648 vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2008/2780 vdb-entryx_refsource_VUPEN
ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059 x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=455455 x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
http://support.apple.com/kb/HT3216 x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2008-06… vendor-advisoryx_refsource_REDHAT
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:37:26.969Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
          },
          {
            "name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
          },
          {
            "name": "31681",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "name": "32858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32858"
          },
          {
            "name": "33410",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33410"
          },
          {
            "name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.vim.org/pub/vim/patches/6.2.429"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
          },
          {
            "name": "ADV-2009-0904",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0904"
          },
          {
            "name": "ADV-2009-0033",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0033"
          },
          {
            "name": "oval:org.mitre.oval:def:11203",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203"
          },
          {
            "name": "oval:org.mitre.oval:def:5987",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987"
          },
          {
            "name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
          },
          {
            "name": "32222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "name": "vim-mchexpandwildcards-bo(44722)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44722"
          },
          {
            "name": "30648",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30648"
          },
          {
            "name": "ADV-2008-2780",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=455455"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3216"
          },
          {
            "name": "RHSA-2008:0617",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
        },
        {
          "name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
        },
        {
          "name": "31681",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31681"
        },
        {
          "name": "32858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32858"
        },
        {
          "name": "33410",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33410"
        },
        {
          "name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.vim.org/pub/vim/patches/6.2.429"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
        },
        {
          "name": "ADV-2009-0904",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0904"
        },
        {
          "name": "ADV-2009-0033",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0033"
        },
        {
          "name": "oval:org.mitre.oval:def:11203",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203"
        },
        {
          "name": "oval:org.mitre.oval:def:5987",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987"
        },
        {
          "name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
        },
        {
          "name": "32222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32222"
        },
        {
          "name": "vim-mchexpandwildcards-bo(44722)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44722"
        },
        {
          "name": "30648",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30648"
        },
        {
          "name": "ADV-2008-2780",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2780"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=455455"
        },
        {
          "name": "APPLE-SA-2008-10-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3216"
        },
        {
          "name": "RHSA-2008:0617",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-3432",
    "datePublished": "2008-10-10T10:00:00",
    "dateReserved": "2008-07-31T00:00:00",
    "dateUpdated": "2024-08-07T09:37:26.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3432\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2008-10-10T10:30:03.043\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n mch_expand_wildcard en os_unix.c en Vim v6.2 y v6.3 permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante metacaracteres del interprete de comandos en el nombre de los ficheros, como se ha demostrado por el caso de prueba netrw.v3.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"464D5E9A-EB5A-47AB-8657-15A68AD30D59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F4F51CA-18C1-4043-B4E6-F1AD9D3C1346\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.vim.org/pub/vim/patches/6.2.429\",\"source\":\"secalert@redhat.com\"},{\"url\":\"ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32222\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32858\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/33410\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT3216\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/15/4\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/08/01/1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0617.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/502322/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/30648\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/31681\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0004.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2780\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0033\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0904\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=455455\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44722\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987\",\"source\":\"secalert@redhat.com\"},{\"url\":\"ftp://ftp.vim.org/pub/vim/patches/6.2.429\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33410\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/07/15/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/08/01/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0617.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/502322/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/30648\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/31681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=455455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44722\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.