CVE-2002-1377
First published: Mon Dec 23 2002(Updated: )
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vim by Vim Development Group | =6.0 | |
| Vim by Vim Development Group | =5.4 | |
| Vim by Vim Development Group | =5.6 | |
| Vim by Vim Development Group | =5.3 | |
| Vim by Vim Development Group | =5.8 | |
| Vim by Vim Development Group | =5.0 | |
| Vim by Vim Development Group | =5.5 | |
| Vim by Vim Development Group | =5.1 | |
| Vim by Vim Development Group | =5.2 | |
| Vim by Vim Development Group | =5.7 | |
| Vim by Vim Development Group | =6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.guninski.com/vim1.html
- http://www.redhat.com/support/errata/RHSA-2002-297.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2002-December/002948.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:012
- http://www.redhat.com/support/errata/RHSA-2002-302.html
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700
- http://www.securityfocus.com/bid/6384
- http://marc.info/?l=bugtraq&m=108077992208690&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10835
Frequently Asked Questions
What is the severity of CVE-2002-1377?
CVE-2002-1377 is considered a critical vulnerability due to its ability to allow attackers to execute arbitrary commands.
How do I fix CVE-2002-1377?
To fix CVE-2002-1377, update Vim to version 6.2 or later, where this vulnerability is addressed.
Which versions of Vim are affected by CVE-2002-1377?
CVE-2002-1377 affects Vim versions 6.0 and 6.1, as well as prior versions like 5.0 through 5.8.
What attack vector is used in CVE-2002-1377?
CVE-2002-1377 can be exploited when Vim is used to edit a malicious file containing certain modelines.
What is the impact of CVE-2002-1377 on system security?
The impact of CVE-2002-1377 can lead to unauthorized command execution, compromising system security and user data.
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/vim development group
- product/vim
- canonical/vim development group vim
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/vim by vim development group
- version/vim by vim development group/6.0
- version/vim by vim development group/5.4
- version/vim by vim development group/5.6
- version/vim by vim development group/5.3
- version/vim by vim development group/5.8
- version/vim by vim development group/5.0
- version/vim by vim development group/5.5
- version/vim by vim development group/5.1
- version/vim by vim development group/5.2
- version/vim by vim development group/5.7
- version/vim by vim development group/6.1