Netrw Vim Script Information Disclosure Vulnerability
BID:30670
Info
Netrw Vim Script Information Disclosure Vulnerability
| Bugtraq ID: | 30670 |
| Class: | Design Error |
| CVE: |
CVE-2008-4677 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 12 2008 12:00AM |
| Updated: | Mar 24 2009 05:46PM |
| Credit: | Jan Minár |
| Vulnerable: |
Mandriva Linux Mandrake 2009.0 x86_64 Mandriva Linux Mandrake 2009.0 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Dr Chip netrw 131 |
| Not Vulnerable: | |
Discussion
Netrw Vim Script Information Disclosure Vulnerability
Netrw is prone to an information-disclosure vulnerability because the application fails to clear login credentials between FTP sessions.
Successfully exploiting this issue can allow an attacker to obtain login credentials form previous FTP sessions.
Netrw 131 is vulnerable; other versions may also be affected.
Netrw is prone to an information-disclosure vulnerability because the application fails to clear login credentials between FTP sessions.
Successfully exploiting this issue can allow an attacker to obtain login credentials form previous FTP sessions.
Netrw 131 is vulnerable; other versions may also be affected.
Exploit / POC
Netrw Vim Script Information Disclosure Vulnerability
An attacker can exploit this issue by setting up a rogue FTP server.
An attacker can exploit this issue by setting up a rogue FTP server.
Solution / Fix
Netrw Vim Script Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for more information.
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2008.1 x86_64
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.1
Mandriva Linux Mandrake 2008.0
Mandriva Linux Mandrake 2009.0
MandrakeSoft Corporate Server 4.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0 x86_64
Solution:
Updates are available. Please see the references for more information.
Mandriva Linux Mandrake 2009.0 x86_64
-
Mandriva vim-common-7.2.065-9.2mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-common-7.2.065-9.3mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.2mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.3mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.2mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.3mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.2mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.3mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.1 x86_64
-
Mandriva vim-common-7.2.065-9.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-common-7.2.065-9.3mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.3mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.3mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.3mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.0 x86_64
-
Mandriva vim-common-7.2.065-9.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-common-7.2.065-9.3mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.3mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.3mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.3mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.1
-
Mandriva vim-common-7.2.065-9.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-common-7.2.065-9.3mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.3mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.3mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.3mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.0
-
Mandriva vim-common-7.2.065-9.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-common-7.2.065-9.3mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.3mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.3mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.3mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2009.0
-
Mandriva vim-common-7.2.065-9.2mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-common-7.2.065-9.3mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.2mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.3mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.2mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.3mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.2mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.3mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Corporate Server 4.0
-
Mandriva vim-common-7.2.065-8.2.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-common-7.2.065-8.3.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-8.2.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-8.3.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-8.2.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-8.3.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-8.2.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-8.3.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Multi Network Firewall 2.0
-
Mandriva vim-common-7.2.065-9.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-common-7.2.065-9.3.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.3.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.3.C30mdk.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Corporate Server 3.0 x86_64
-
Mandriva vim-common-7.2.065-9.2.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-common-7.2.065-9.3.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.2.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.3.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.2.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.3.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.2.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.3.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Corporate Server 3.0
-
Mandriva vim-common-7.2.065-9.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-common-7.2.065-9.3.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-9.3.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-9.3.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-9.3.C30mdk.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Corporate Server 4.0 x86_64
-
Mandriva vim-common-7.2.065-8.2.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-common-7.2.065-8.3.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-8.2.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-enhanced-7.2.065-8.3.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-8.2.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-minimal-7.2.065-8.3.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-8.2.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva vim-X11-7.2.065-8.3.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/
References
Netrw Vim Script Information Disclosure Vulnerability
References:
References:
- Vendor Homepage (Dr Chip)
- Re: Vim: Netrw: FTP User Name and Password Disclosure (Tony Mechelynck
- Vim: Netrw: FTP User Name and Password Disclosure (