JVN/CVE Demo: Cveinfos

CVE

Id: 32829
CVE No.: CVE-2008-2712
Status: Candidate
Description: Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
Phase: Assigned (20080616)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
355325	32829	CVE-2008-2712	BUGTRAQ:20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1	View
355326	32829	CVE-2008-2712	URL:http://www.securityfocus.com/archive/1/archive/1/493352/100/0/threaded	View
355327	32829	CVE-2008-2712	BUGTRAQ:20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1	View
355328	32829	CVE-2008-2712	URL:http://www.securityfocus.com/archive/1/archive/1/493353/100/0/threaded	View
355329	32829	CVE-2008-2712	BUGTRAQ:20080811 rPSA-2008-0247-1 gvim vim vim-minimal	View
355330	32829	CVE-2008-2712	URL:http://www.securityfocus.com/archive/1/archive/1/495319/100/0/threaded	View
355331	32829	CVE-2008-2712	BUGTRAQ:20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1	View
355332	32829	CVE-2008-2712	URL:http://marc.info/?l=bugtraq&m=121494431426308&w=2	View
355333	32829	CVE-2008-2712	BUGTRAQ:20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim	View
355334	32829	CVE-2008-2712	URL:http://www.securityfocus.com/archive/1/archive/1/502322/100/0/threaded	View
355335	32829	CVE-2008-2712	MISC:http://www.rdancer.org/vulnerablevim.html	View
355336	32829	CVE-2008-2712	MLIST:[oss-security] 20080616 CVE Id request: vim	View
355337	32829	CVE-2008-2712	URL:http://www.openwall.com/lists/oss-security/2008/06/16/2	View
355338	32829	CVE-2008-2712	MLIST:[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075	View
355339	32829	CVE-2008-2712	URL:http://www.openwall.com/lists/oss-security/2008/10/15/1	View
355340	32829	CVE-2008-2712	CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0247	View
355341	32829	CVE-2008-2712	CONFIRM:https://issues.rpath.com/browse/RPL-2622	View
355342	32829	CVE-2008-2712	CONFIRM:http://support.apple.com/kb/HT3216	View
355343	32829	CVE-2008-2712	CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm	View
355344	32829	CVE-2008-2712	CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm	View
355345	32829	CVE-2008-2712	CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0004.html	View
355346	32829	CVE-2008-2712	CONFIRM:http://support.apple.com/kb/HT4077	View
355347	32829	CVE-2008-2712	APPLE:APPLE-SA-2008-10-09	View
355348	32829	CVE-2008-2712	URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	View
355349	32829	CVE-2008-2712	APPLE:APPLE-SA-2010-03-29-1	View
355350	32829	CVE-2008-2712	URL:http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html	View
355351	32829	CVE-2008-2712	MANDRIVA:MDVSA-2008:236	View
355352	32829	CVE-2008-2712	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:236	View
355353	32829	CVE-2008-2712	REDHAT:RHSA-2008:0617	View
355354	32829	CVE-2008-2712	URL:http://www.redhat.com/support/errata/RHSA-2008-0617.html	View
355355	32829	CVE-2008-2712	REDHAT:RHSA-2008:0580	View
355356	32829	CVE-2008-2712	URL:http://www.redhat.com/support/errata/RHSA-2008-0580.html	View
355357	32829	CVE-2008-2712	REDHAT:RHSA-2008:0618	View
355358	32829	CVE-2008-2712	URL:http://www.redhat.com/support/errata/RHSA-2008-0618.html	View
355359	32829	CVE-2008-2712	SUSE:SUSE-SR:2009:007	View
355360	32829	CVE-2008-2712	URL:http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html	View
355361	32829	CVE-2008-2712	UBUNTU:USN-712-1	View
355362	32829	CVE-2008-2712	URL:http://www.ubuntu.com/usn/USN-712-1	View
355363	32829	CVE-2008-2712	BID:29715	View
355364	32829	CVE-2008-2712	URL:http://www.securityfocus.com/bid/29715	View
355365	32829	CVE-2008-2712	BID:31681	View
355366	32829	CVE-2008-2712	URL:http://www.securityfocus.com/bid/31681	View
355367	32829	CVE-2008-2712	OVAL:oval:org.mitre.oval:def:11109	View
355368	32829	CVE-2008-2712	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11109	View
355369	32829	CVE-2008-2712	OVAL:oval:org.mitre.oval:def:6238	View
355370	32829	CVE-2008-2712	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6238	View
355371	32829	CVE-2008-2712	SECUNIA:34418	View
355372	32829	CVE-2008-2712	URL:http://secunia.com/advisories/34418	View
355373	32829	CVE-2008-2712	SECUNIA:32858	View
355374	32829	CVE-2008-2712	URL:http://secunia.com/advisories/32858	View
355375	32829	CVE-2008-2712	SECUNIA:32864	View
355376	32829	CVE-2008-2712	URL:http://secunia.com/advisories/32864	View
355377	32829	CVE-2008-2712	VUPEN:ADV-2008-1851	View
355378	32829	CVE-2008-2712	URL:http://www.vupen.com/english/advisories/2008/1851/references	View
355379	32829	CVE-2008-2712	VUPEN:ADV-2008-2780	View
355380	32829	CVE-2008-2712	URL:http://www.vupen.com/english/advisories/2008/2780	View
355381	32829	CVE-2008-2712	VUPEN:ADV-2009-0033	View
355382	32829	CVE-2008-2712	URL:http://www.vupen.com/english/advisories/2009/0033	View
355383	32829	CVE-2008-2712	SECTRACK:1020293	View
355384	32829	CVE-2008-2712	URL:http://www.securitytracker.com/id?1020293	View
355385	32829	CVE-2008-2712	SECUNIA:30731	View
355386	32829	CVE-2008-2712	URL:http://secunia.com/advisories/30731	View
355387	32829	CVE-2008-2712	SECUNIA:32222	View
355388	32829	CVE-2008-2712	URL:http://secunia.com/advisories/32222	View
355389	32829	CVE-2008-2712	SECUNIA:33410	View
355390	32829	CVE-2008-2712	URL:http://secunia.com/advisories/33410	View
355391	32829	CVE-2008-2712	SREASON:3951	View
355392	32829	CVE-2008-2712	URL:http://securityreason.com/securityalert/3951	View
355393	32829	CVE-2008-2712	VUPEN:ADV-2009-0904	View
355394	32829	CVE-2008-2712	URL:http://www.vupen.com/english/advisories/2009/0904	View
355395	32829	CVE-2008-2712	XF:vim-scripts-command-execution(43083)	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
47161	JVNDB-2008-002471	Opera における信頼されたフレームのコンテンツを偽装される脆弱性	Opera には、同じ親ページ上の信頼されたフレームのコンテンツを偽装され、フィッシング攻撃が容易になる脆弱性が存在します。	CVE-2008-2716	32829	5		http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002471.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.35 MB
View render complete	2.88 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	3.42
Event: Controller.initialize	0.02
Event: Controller.startup	0.07
Controller action	587.87
Event: Controller.beforeRender	4.50
» Processing toolbar data	4.40
Rendering View	20.74
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	19.65
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.63
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.12
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/rvm/gems/ruby-3.0.2/bin:/usr/local/rvm/gems/ruby-3.0.2@global/bin:/usr/local/rvm/rubies/ruby-3.0.2/bin:/usr/share/Modules/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/usr/local/rvm/bin:/var/lib/snapd/snap/bin:/root/bin:/sbin:/usr/local/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/32829
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/32829
Remote Port	45349
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.223
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Ld Library Path	/usr/local/apache24/lib
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.3.232.103
Http Via	1.1 squid-proxy-75b5465b89-mxnq2 (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	216.73.216.223
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.223
Unique Id	aDD96VOmExoW2PutRm8oBQAAAUo
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	216.73.216.223
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.223
Redirect Unique Id	aDD96VOmExoW2PutRm8oBQAAAUo
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	216.73.216.223
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.223
Redirect Redirect Unique Id	aDD96VOmExoW2PutRm8oBQAAAUo
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1748041193.39
Request Time	1748041193

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files