CVE-2008-4677

NONECVSS 0.0

0.0

autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately."

🔗 References (30)

cve@mitrehttp://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6
cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
cve@mitrehttp://secunia.com/advisories/31464
cve@mitrehttp://secunia.com/advisories/34418
cve@mitrehttp://www.mandriva.com/security/advisories?name=MDVSA-2008:236
cve@mitrehttp://www.openwall.com/lists/oss-security/2008/10/06/4
cve@mitrehttp://www.openwall.com/lists/oss-security/2008/10/16/2
cve@mitrehttp://www.openwall.com/lists/oss-security/2008/10/20/2
cve@mitrehttp://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
cve@mitrehttp://www.securityfocus.com/archive/1/495432
cve@mitrehttp://www.securityfocus.com/archive/1/495436
cve@mitrehttp://www.securityfocus.com/bid/30670
cve@mitrehttp://www.vupen.com/english/advisories/2008/2379
cve@mitrehttps://bugzilla.redhat.com/show_bug.cgi?id=461750
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/44419

Is Your Infrastructure Affected by CVE-2008-4677?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-4677

📅 Published

🔄 Last Modified

🔗 References (30)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-4677?