CVE-2009-0316 - OpenCVE

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vim	Vim

Configuration 1 [-]

OR	cpe:2.3:a:vim:vim::::::::
	cpe:2.3:a:vim:vim:1.0:::::::*
	cpe:2.3:a:vim:vim:1.22:::::::*
	cpe:2.3:a:vim:vim:3.0:::::::*
	cpe:2.3:a:vim:vim:4.0:::::::*
	cpe:2.3:a:vim:vim:5.0:::::::*
	cpe:2.3:a:vim:vim:5.1:::::::*
	cpe:2.3:a:vim:vim:5.2:::::::*
	cpe:2.3:a:vim:vim:5.3:::::::*
	cpe:2.3:a:vim:vim:5.4:::::::*
	cpe:2.3:a:vim:vim:5.5:::::::*
	cpe:2.3:a:vim:vim:5.6:::::::*
	cpe:2.3:a:vim:vim:5.7:::::::*
	cpe:2.3:a:vim:vim:5.8:::::::*
	cpe:2.3:a:vim:vim:6.0:::::::*
	cpe:2.3:a:vim:vim:6.1:::::::*
	cpe:2.3:a:vim:vim:6.2:::::::*
	cpe:2.3:a:vim:vim:6.3:::::::*
	cpe:2.3:a:vim:vim:6.4:::::::*
	cpe:2.3:a:vim:vim:7.0:::::::*
	cpe:2.3:a:vim:vim:7.1:::::::*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://support.apple.com/kb/HT4077
http://www.mandriva.com/security/advisories?name=MDVSA-2009:047
http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
http://www.openwall.com/lists/oss-security/2009/01/26/2
http://www.securityfocus.com/bid/33447
https://bugzilla.redhat.com/show_bug.cgi?id=481565
https://exchange.xforce.ibmcloud.com/vulnerabilities/48275
https://nvd.nist.gov/vuln/detail/CVE-2009-0316
https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045
https://www.cve.org/CVERecord?id=CVE-2009-0316

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-01-28T11:00:00

Updated: 2024-08-07T04:31:25.468Z

Reserved: 2009-01-27T00:00:00

Link: CVE-2009-0316

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-01-28T11:30:00.297

Modified: 2017-08-08T01:33:53.187

Link: CVE-2009-0316

Redhat

Severity : Low

Publid Date: 2008-08-06T00:00:00Z

Links: CVE-2009-0316 - Bugzilla

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object