VMware Security Advisory - ESX patches for OpenSSL, vim and bind resolve several security issues. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. Various vulnerabilities were discovered in vim such as format string issues and input validation problems.
6cb3c24c65b6ce75a60be81d773ffe92365d8866329c83302255f5fa55cec7f1Ubuntu Security Notice USN-712-1 - Jan Minar discovered that Vim did not properly sanitize inputs before invoking the execute or system functions inside Vim scripts. If a user were tricked into running Vim scripts with a specially crafted input, an attacker could execute arbitrary code with the privileges of the user invoking the program. Ben Schmidt discovered that Vim did not properly escape characters when performing keyword or tag lookups. If a user were tricked into running specially crafted commands, an attacker could execute arbitrary code with the privileges of the user invoking the program.
77e456932ebdd05bc73a584e56d2845a523908dcbc0f87dc7d0ba23a4e7ed27bMandriva Linux Security Advisory 2008-236-1 - A number of input sanitization flaws were found in various vim system functions. These issues have been corrected with these updated packages.
2c1199851c002a7cd04b032aaaf3dd54259a8d7854bc08944eec2cc34af18b5fMandriva Linux Security Advisory 2008-236 - vim suffers from input sanitization, format string, and arbitrary code execution vulnerabilities.
165be09831b0a0e46b603c97fb0f80a49e7ef578c6376bb2360d775b3340c334
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed