CVE-2008-3074

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.

🔗 References (42)

• cve@mitrehttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
• cve@mitrehttp://marc.info/?l=bugtraq&m=121494431426308&w=2
• cve@mitrehttp://secunia.com/advisories/34418
• cve@mitrehttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324
• cve@mitrehttp://www.mandriva.com/security/advisories?name=MDVSA-2008:236
• cve@mitrehttp://www.openwall.com/lists/oss-security/2008/07/07/1
• cve@mitrehttp://www.openwall.com/lists/oss-security/2008/07/07/4
• cve@mitrehttp://www.openwall.com/lists/oss-security/2008/07/08/12
• cve@mitrehttp://www.openwall.com/lists/oss-security/2008/07/10/7
• cve@mitrehttp://www.openwall.com/lists/oss-security/2008/07/13/1
• cve@mitrehttp://www.openwall.com/lists/oss-security/2008/07/15/4
• cve@mitrehttp://www.openwall.com/lists/oss-security/2008/08/01/1
• cve@mitrehttp://www.openwall.com/lists/oss-security/2008/10/15/1
• cve@mitrehttp://www.openwall.com/lists/oss-security/2008/10/20/2