Vim Netrw脚本多个命令执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115628 漏洞类型 操作系统命令注入
发布时间 2008-07-07 更新时间 2009-03-24
CVE编号 CVE-2008-3076 CNNVD-ID CNNVD-200902-484
漏洞平台 Linux CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/32012
https://www.securityfocus.com/bid/30115
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-484
|漏洞详情
Netrw是一款VIM支持的远程读写文件的插件。Netrw插件没有过滤用作shell参数的文件名,没有正确地使用shellescape()过滤execute命令参数,没有正确地过滤传送给s:System()函数的输入。如果用户使用netrw插件打开了特制的文件或目录,就可能导致以运行Vim用户的权限执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/30115/info

Netrw is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Netrw 125 is vulnerable; other versions may also be affected.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/32012.tar.bz2
|受影响的产品
Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux 5 server Mandriva Linux Mandrake 2009.0 x86_64 Mandriva Linux Mandrake 2009.0 Mandriva Linux Mandrake 2008.1 x86_64
|参考资料

来源:MISC
链接:http://www.rdancer.org/vulnerablevim-netrw.v2.html
来源:MISC
链接:http://www.rdancer.org/vulnerablevim-netrw.html
来源:MLIST
名称:[oss-security]20080707Re:MorearbitrarycodeexecutionsinNetrwversion125,Vim7.2a.10
链接:http://www.openwall.com/lists/oss-security/2008/07/07/4
来源:XF
名称:netrw-multiple-code-execution(43624)
链接:http://xforce.iss.net/xforce/xfdb/43624
来源:BID
名称:30115
链接:http://www.securityfocus.com/bid/30115
来源:REDHAT
名称:RHSA-2008:0580
链接:http://www.redhat.com/support/errata/RHSA-2008-0580.html
来源:MLIST
名称:[oss-security]20081020CVErequest(vim)
链接:http://www.openwall.com/lists/oss-security/2008/10/20/2
来源:MLIST
名称:[oss-security]20080708Re:MorearbitrarycodeexecutionsinNetrwversion125,Vim7.2a.10
链接:http://www.openwall.com/lists/oss-security/2008/07/08/12
来源:MLIST
名称:[oss-security]20080707Re:MorearbitrarycodeexecutionsinNetrwversion125,Vim7.2a.10
链接:http://www.openwall.com/lists/oss-security/2008/07/07/1
来源:MANDRIVA
名称:MDVSA-2008:236
链接:http://www.mandriva.com/security/advisories?