CVE

Id
36352  
CVE No.
CVE-2008-6235  
Status
Candidate  
Description
The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.  
Phase
Assigned (20090221)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
397683 36352 CVE-2008-6235 MLIST:[oss-security] 20081016 CVE request - Vim netrw.plugin  View
397684 36352 CVE-2008-6235 URL:http://www.openwall.com/lists/oss-security/2008/10/16/2  View
397685 36352 CVE-2008-6235 MLIST:[oss-security] 20081020 CVE request (vim)  View
397686 36352 CVE-2008-6235 URL:http://www.openwall.com/lists/oss-security/2008/10/20/2  View
397687 36352 CVE-2008-6235 MISC:http://www.rdancer.org/vulnerablevim-netrw.html  View
397688 36352 CVE-2008-6235 MISC:http://www.rdancer.org/vulnerablevim-netrw.v2.html  View
397689 36352 CVE-2008-6235 MISC:http://www.rdancer.org/vulnerablevim-netrw.v5.html  View
397690 36352 CVE-2008-6235 REDHAT:RHSA-2008:0580  View
397691 36352 CVE-2008-6235 URL:http://www.redhat.com/support/errata/RHSA-2008-0580.html  View
397692 36352 CVE-2008-6235 SUSE:SUSE-SR:2009:007  View
397693 36352 CVE-2008-6235 URL:http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html  View
397694 36352 CVE-2008-6235 OVAL:oval:org.mitre.oval:def:11247  View
397695 36352 CVE-2008-6235 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11247  View
397696 36352 CVE-2008-6235 SECUNIA:34418  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
43148 JVNDB-2009-004155 OpenEdit DAM におけるクロスサイトリクエストフォージェリの脆弱性 OpenEdit Digital Asset Management (DAM) には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2008-6239 36352 6.8 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-004155.html  View