NVD

Id
3175  
Name
CVE-2008-3294  
Description
src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.  
Reject
 
CVSS Version
2  
CVSS Score
3.7  
Severity
Low  
CVSS Base Score
3.7  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
1.9  
CVSS Vector
(AV:L/AC:H/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2008-07-24  
Modified Date
2011-08-05  
Seq
2008-3294  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
20204 3175 CVE-2008-3294 APPLE-SA-2008-10-09  View
20205 3175 CVE-2008-3294 20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution  View
20206 3175 CVE-2008-3294 http://support.apple.com/kb/HT3216  View
20207 3175 CVE-2008-3294 20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution  View
20208 3175 CVE-2008-3294 20080718 Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution  View
20209 3175 CVE-2008-3294 20080725 Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution  View
20210 3175 CVE-2008-3294 31681  View
20211 3175 CVE-2008-3294 ADV-2008-2146  View
20212 3175 CVE-2008-3294 ADV-2008-2780  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
46514 JVNDB-2008-001824 Vim における Makefile-conf テンポラリファイルの処理に関する任意のコードを実行される脆弱性 Vim の src/configure.in には、Python サポートを持つビルドを使用している場合に、 Makefile-conf テンポラリファイルに意図しない所有者、権限を与える脆弱性が存在します。 CVE-2008-3294 33407 CVE-2008-3294 3175 3.7 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001824.html 2008-10-09 2008-11-10 View