CVE-2002-1377
Summary
| CVE | CVE-2002-1377 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-12-23 05:00:00 UTC |
| Updated | 2017-10-10 01:30:00 UTC |
| Description | vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Vim Development Group | Vim | 5.0 | All | All | All |
| Application | Vim Development Group | Vim | 5.1 | All | All | All |
| Application | Vim Development Group | Vim | 5.2 | All | All | All |
| Application | Vim Development Group | Vim | 5.3 | All | All | All |
| Application | Vim Development Group | Vim | 5.4 | All | All | All |
| Application | Vim Development Group | Vim | 5.5 | All | All | All |
| Application | Vim Development Group | Vim | 5.6 | All | All | All |
| Application | Vim Development Group | Vim | 5.7 | All | All | All |
| Application | Vim Development Group | Vim | 5.8 | All | All | All |
| Application | Vim Development Group | Vim | 6.0 | All | All | All |
| Application | Vim Development Group | Vim | 6.1 | All | All | All |
| Application | Vim Development Group | Vim | 5.0 | All | All | All |
| Application | Vim Development Group | Vim | 5.1 | All | All | All |
| Application | Vim Development Group | Vim | 5.2 | All | All | All |
| Application | Vim Development Group | Vim | 5.3 | All | All | All |
| Application | Vim Development Group | Vim | 5.4 | All | All | All |
| Application | Vim Development Group | Vim | 5.5 | All | All | All |
| Application | Vim Development Group | Vim | 5.6 | All | All | All |
| Application | Vim Development Group | Vim | 5.7 | All | All | All |
| Application | Vim Development Group | Vim | 5.8 | All | All | All |
| Application | Vim Development Group | Vim | 6.0 | All | All | All |
| Application | Vim Development Group | Vim | 6.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| redhat.com | Red Hat Support | REDHAT | www.redhat.com | Patch, Vendor Advisory |
| Some vim problems, yet still vim much better than windows | MISC | www.guninski.com | Patch, Vendor Advisory |
| VIM ModeLines Arbitrary Command Execution Vulnerability | BID | www.securityfocus.com | |
| 'OpenLinux: vim arbitrary commands execution through modelines' - MARC | BUGTRAQ | marc.info | |
| # 55700, Free Sun Alert Notifications | SUNALERT | sunsolve.sun.com | |
| Home - Conectiva | CONECTIVA | distro.conectiva.com.br | |
| redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Mandrakesoft Security Advisories | MANDRAKE | www.mandrakesoft.com | |
| [Full-Disclosure] Mailing List Charter | FULLDISC | lists.grok.org.uk | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.