ID de Prueba:	1.3.6.1.4.1.25623.1.0.62910
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:236-1 (vim)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to vim announced via advisory MDVSA-2008:236-1. Several vulnerabilities were found in the vim editor. For details, please visit the referenced security advisories. This update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes. Update: The previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages. Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:236-1 Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2712 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 29715 http://www.securityfocus.com/bid/29715 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 Bugtraq: 20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search) http://www.securityfocus.com/archive/1/493352/100/0/threaded Bugtraq: 20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search) http://www.securityfocus.com/archive/1/493353/100/0/threaded http://marc.info/?l=bugtraq&m=121494431426308&w=2 Bugtraq: 20080811 rPSA-2008-0247-1 gvim vim vim-minimal (Google Search) http://www.securityfocus.com/archive/1/495319/100/0/threaded Bugtraq: 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim (Google Search) http://www.securityfocus.com/archive/1/502322/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 http://www.rdancer.org/vulnerablevim.html http://www.openwall.com/lists/oss-security/2008/06/16/2 http://www.openwall.com/lists/oss-security/2008/10/15/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238 http://www.redhat.com/support/errata/RHSA-2008-0580.html http://www.redhat.com/support/errata/RHSA-2008-0617.html http://www.redhat.com/support/errata/RHSA-2008-0618.html http://www.securitytracker.com/id?1020293 http://secunia.com/advisories/30731 http://secunia.com/advisories/32222 http://secunia.com/advisories/32858 http://secunia.com/advisories/32864 http://secunia.com/advisories/33410 http://secunia.com/advisories/34418 http://securityreason.com/securityalert/3951 SuSE Security Announcement: SUSE-SR:2009:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://www.ubuntu.com/usn/USN-712-1 http://www.vupen.com/english/advisories/2008/1851/references http://www.vupen.com/english/advisories/2008/2780 http://www.vupen.com/english/advisories/2009/0033 http://www.vupen.com/english/advisories/2009/0904 XForce ISS Database: vim-scripts-command-execution(43083) https://exchange.xforce.ibmcloud.com/vulnerabilities/43083 Common Vulnerability Exposure (CVE) ID: CVE-2008-2953 BugTraq ID: 29924 http://www.securityfocus.com/bid/29924 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00101.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00116.html http://www.securitytracker.com/id?1020407 http://www.securitytracker.com/id?1020408 http://secunia.com/advisories/30812 http://secunia.com/advisories/30907 http://secunia.com/advisories/30918 XForce ISS Database: dc-partialfilelist-dos(43341) https://exchange.xforce.ibmcloud.com/vulnerabilities/43341 Common Vulnerability Exposure (CVE) ID: CVE-2008-3074 BugTraq ID: 32462 http://www.securityfocus.com/bid/32462 http://www.rdancer.org/vulnerablevim-shellescape.html http://www.openwall.com/lists/oss-security/2008/07/07/1 http://www.openwall.com/lists/oss-security/2008/07/07/4 http://www.openwall.com/lists/oss-security/2008/07/08/12 http://www.openwall.com/lists/oss-security/2008/07/10/7 http://www.openwall.com/lists/oss-security/2008/07/13/1 http://www.openwall.com/lists/oss-security/2008/07/15/4 http://www.openwall.com/lists/oss-security/2008/08/01/1 http://www.openwall.com/lists/oss-security/2008/10/20/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10754 Common Vulnerability Exposure (CVE) ID: CVE-2008-3075 BugTraq ID: 32463 http://www.securityfocus.com/bid/32463 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246 Common Vulnerability Exposure (CVE) ID: CVE-2008-3076 BugTraq ID: 30115 http://www.securityfocus.com/bid/30115 http://www.rdancer.org/vulnerablevim-netrw.html http://www.rdancer.org/vulnerablevim-netrw.v2.html http://marc.info/?l=oss-security&m=122416184431388&w=2 XForce ISS Database: netrw-multiple-code-execution(43624) https://exchange.xforce.ibmcloud.com/vulnerabilities/43624 Common Vulnerability Exposure (CVE) ID: CVE-2008-4101 BugTraq ID: 30795 http://www.securityfocus.com/bid/30795 Bugtraq: 20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g] (Google Search) http://www.securityfocus.com/archive/1/495662 Bugtraq: 20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g] (Google Search) http://www.securityfocus.com/archive/1/495703 http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2 http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2 http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e http://www.rdancer.org/vulnerablevim-K.html http://www.openwall.com/lists/oss-security/2008/09/11/4 http://www.openwall.com/lists/oss-security/2008/09/11/3 http://www.openwall.com/lists/oss-security/2008/09/16/5 http://www.openwall.com/lists/oss-security/2008/09/16/6 http://ftp.vim.org/pub/vim/patches/7.2/7.2.010 http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812 http://secunia.com/advisories/31592 XForce ISS Database: vim-normal-command-execution(44626) https://exchange.xforce.ibmcloud.com/vulnerabilities/44626 Common Vulnerability Exposure (CVE) ID: CVE-2008-4677 BugTraq ID: 30670 http://www.securityfocus.com/bid/30670 Bugtraq: 20080812 Re: Vim: Netrw: FTP User Name and Password Disclosure (Google Search) http://www.securityfocus.com/archive/1/495432 Bugtraq: 20080812 Vim: Netrw: FTP User Name and Password Disclosure (Google Search) http://www.securityfocus.com/archive/1/495436 http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html http://www.openwall.com/lists/oss-security/2008/10/06/4 http://www.openwall.com/lists/oss-security/2008/10/16/2 http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6 http://secunia.com/advisories/31464 http://www.vupen.com/english/advisories/2008/2379 XForce ISS Database: vim-netrw-ftp-information-disclosure(44419) https://exchange.xforce.ibmcloud.com/vulnerabilities/44419
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.