Vulnerability-Lookup

CVE-2009-0316 (GCVE-0-2009-0316)

Vulnerability from cvelistv5 – Published: 2009-01-28 11:00 – Updated: 2024-08-07 04:31

Summary

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937	x_refsource_CONFIRM
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305	x_refsource_MISC
	http://www.securityfocus.com/bid/33447	vdb-entryx_refsource_BID
	http://www.openwall.com/lists/oss-security/2009/01/26/2	mailing-listx_refsource_MLIST
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.nabble.com/Bug-484305%3A-bicyclerepair…	mailing-listx_refsource_MLIST
	https://svn.pardus.org.tr/pardus/2008/application…	x_refsource_CONFIRM
	http://support.apple.com/kb/HT4077	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://bugzilla.redhat.com/show_bug.cgi?id=481565	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:31:25.468Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"
          },
          {
            "name": "33447",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33447"
          },
          {
            "name": "[oss-security] 20090126 CVE request -- Python \u003c 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
          },
          {
            "name": "APPLE-SA-2010-03-29-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "name": "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "name": "MDVSA-2009:047",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"
          },
          {
            "name": "vim-pysyssetargv-privilege-escalation(48275)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"
        },
        {
          "name": "33447",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33447"
        },
        {
          "name": "[oss-security] 20090126 CVE request -- Python \u003c 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
        },
        {
          "name": "APPLE-SA-2010-03-29-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
        },
        {
          "name": "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4077"
        },
        {
          "name": "MDVSA-2009:047",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"
        },
        {
          "name": "vim-pysyssetargv-privilege-escalation(48275)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305",
              "refsource": "MISC",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"
            },
            {
              "name": "33447",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33447"
            },
            {
              "name": "[oss-security] 20090126 CVE request -- Python \u003c 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
            },
            {
              "name": "APPLE-SA-2010-03-29-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
            },
            {
              "name": "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd",
              "refsource": "MLIST",
              "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"
            },
            {
              "name": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045",
              "refsource": "CONFIRM",
              "url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"
            },
            {
              "name": "http://support.apple.com/kb/HT4077",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4077"
            },
            {
              "name": "MDVSA-2009:047",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"
            },
            {
              "name": "vim-pysyssetargv-privilege-escalation(48275)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=481565",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0316",
    "datePublished": "2009-01-28T11:00:00.000Z",
    "dateReserved": "2009-01-27T00:00:00.000Z",
    "dateUpdated": "2024-08-07T04:31:25.468Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-X433-429V-9473

Vulnerability from github – Published: 2022-05-02 03:14 – Updated: 2022-05-02 03:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0316"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-01-28T11:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.",
  "id": "GHSA-x433-429v-9473",
  "modified": "2022-05-02T03:14:13Z",
  "published": "2022-05-02T03:14:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0316"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"
    },
    {
      "type": "WEB",
      "url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"
    },
    {
      "type": "WEB",
      "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/33447"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-0316

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0316

Aliases

CVE-2009-0316

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0316",
    "description": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.",
    "id": "GSD-2009-0316",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-0316.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0316"
      ],
      "details": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.",
      "id": "GSD-2009-0316",
      "modified": "2023-12-13T01:19:44.755321Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0316",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937",
            "refsource": "CONFIRM",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"
          },
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305",
            "refsource": "MISC",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"
          },
          {
            "name": "33447",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/33447"
          },
          {
            "name": "[oss-security] 20090126 CVE request -- Python \u003c 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
          },
          {
            "name": "APPLE-SA-2010-03-29-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "name": "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd",
            "refsource": "MLIST",
            "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"
          },
          {
            "name": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045",
            "refsource": "CONFIRM",
            "url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"
          },
          {
            "name": "http://support.apple.com/kb/HT4077",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "name": "MDVSA-2009:047",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"
          },
          {
            "name": "vim-pysyssetargv-privilege-escalation(48275)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=481565",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:1.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0316"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20090126 CVE request -- Python \u003c 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
            },
            {
              "name": "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=481565",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305",
              "refsource": "MISC",
              "tags": [],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"
            },
            {
              "name": "33447",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/33447"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"
            },
            {
              "name": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"
            },
            {
              "name": "MDVSA-2009:047",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"
            },
            {
              "name": "APPLE-SA-2010-03-29-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4077",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4077"
            },
            {
              "name": "vim-pysyssetargv-privilege-escalation(48275)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:33Z",
      "publishedDate": "2009-01-28T11:30Z"
    }
  }
}

CERTA-2010-AVI-143

Vulnerability from certfr_avis - Published: 2010-03-30 - Updated: 2010-03-30

De multiples vulnérabilités ont été corrigées dans Mac OS X.

Description

Plusieurs vulnérabilités ont été corrigées dans Mac OS X. Elles permettent entre autres l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Mac OS X 10.5 ;
Apple	macOS	Mac OS X 10.6 ;
Apple	macOS	Mac OS X Server 10.5 ;
Apple	macOS	Mac OS X Server 10.6.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4077 du 29 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Elles\npermettent entre autres l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0511"
    },
    {
      "name": "CVE-2010-0509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0509"
    },
    {
      "name": "CVE-2010-0501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0501"
    },
    {
      "name": "CVE-2010-0065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0065"
    },
    {
      "name": "CVE-2010-0498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0498"
    },
    {
      "name": "CVE-2010-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0060"
    },
    {
      "name": "CVE-2008-7247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-7247"
    },
    {
      "name": "CVE-2003-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0063"
    },
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-0522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0522"
    },
    {
      "name": "CVE-2010-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0063"
    },
    {
      "name": "CVE-2009-3559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3559"
    },
    {
      "name": "CVE-2009-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
    },
    {
      "name": "CVE-2009-4142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4142"
    },
    {
      "name": "CVE-2009-3009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3009"
    },
    {
      "name": "CVE-2010-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0059"
    },
    {
      "name": "CVE-2010-0524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0524"
    },
    {
      "name": "CVE-2010-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0057"
    },
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2010-0521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0521"
    },
    {
      "name": "CVE-2008-0564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0564"
    },
    {
      "name": "CVE-2010-0518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0518"
    },
    {
      "name": "CVE-2010-0513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0513"
    },
    {
      "name": "CVE-2009-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
    },
    {
      "name": "CVE-2008-0888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0888"
    },
    {
      "name": "CVE-2009-3558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3558"
    },
    {
      "name": "CVE-2009-3095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2010-0517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0517"
    },
    {
      "name": "CVE-2010-0535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0535"
    },
    {
      "name": "CVE-2010-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0393"
    },
    {
      "name": "CVE-2009-3557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3557"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0534"
    },
    {
      "name": "CVE-2010-0497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0497"
    },
    {
      "name": "CVE-2008-4456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4456"
    },
    {
      "name": "CVE-2009-4143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4143"
    },
    {
      "name": "CVE-2010-0058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0058"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-0508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0508"
    },
    {
      "name": "CVE-2010-0506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0506"
    },
    {
      "name": "CVE-2010-0533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0533"
    },
    {
      "name": "CVE-2010-0507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0507"
    },
    {
      "name": "CVE-2010-0504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0504"
    },
    {
      "name": "CVE-2009-0316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0316"
    },
    {
      "name": "CVE-2010-0526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0526"
    },
    {
      "name": "CVE-2010-0510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0510"
    },
    {
      "name": "CVE-2009-1904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1904"
    },
    {
      "name": "CVE-2010-0500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0500"
    },
    {
      "name": "CVE-2008-5302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
    },
    {
      "name": "CVE-2009-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2042"
    },
    {
      "name": "CVE-2010-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0064"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-2446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2446"
    },
    {
      "name": "CVE-2009-2801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2801"
    },
    {
      "name": "CVE-2010-0525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0525"
    },
    {
      "name": "CVE-2010-0516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0516"
    },
    {
      "name": "CVE-2010-0502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0502"
    },
    {
      "name": "CVE-2010-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0062"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2009-2906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2906"
    },
    {
      "name": "CVE-2010-0505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0505"
    },
    {
      "name": "CVE-2008-5303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-4214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4214"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2009-0689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0689"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    },
    {
      "name": "CVE-2006-1329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1329"
    },
    {
      "name": "CVE-2010-0514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0514"
    },
    {
      "name": "CVE-2009-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0037"
    },
    {
      "name": "CVE-2010-0515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0515"
    },
    {
      "name": "CVE-2009-2422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2422"
    },
    {
      "name": "CVE-2010-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0056"
    },
    {
      "name": "CVE-2010-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0512"
    },
    {
      "name": "CVE-2009-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2632"
    },
    {
      "name": "CVE-2009-0688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0688"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2010-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0537"
    },
    {
      "name": "CVE-2010-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0519"
    },
    {
      "name": "CVE-2010-0523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0523"
    },
    {
      "name": "CVE-2010-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0520"
    },
    {
      "name": "CVE-2010-0503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0503"
    },
    {
      "name": "CVE-2010-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0055"
    }
  ],
  "initial_release_date": "2010-03-30T00:00:00",
  "last_revision_date": "2010-03-30T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-143",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4077 du 29 mars 2010",
      "url": "http://support.apple.com/kb/HT4077"
    }
  ]
}

FKIE_CVE-2009-0316

Vulnerability from fkie_nvd - Published: 2009-01-28 11:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305
	cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937
	cve@mitre.org	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
	cve@mitre.org	http://support.apple.com/kb/HT4077
	cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:047
	cve@mitre.org	http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
	cve@mitre.org	http://www.openwall.com/lists/oss-security/2009/01/26/2
	cve@mitre.org	http://www.securityfocus.com/bid/33447
	cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=481565
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/48275
	cve@mitre.org	https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045
	af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305
	af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
	af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4077
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:047
	af854a3a-2127-422b-91ae-364da2661108	http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2009/01/26/2
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33447
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=481565
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/48275
	af854a3a-2127-422b-91ae-364da2661108	https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045

Impacted products

Vendor	Product	Version
vim	vim	*
vim	vim	1.0
vim	vim	1.22
vim	vim	3.0
vim	vim	4.0
vim	vim	5.0
vim	vim	5.1
vim	vim	5.2
vim	vim	5.3
vim	vim	5.4
vim	vim	5.5
vim	vim	5.6
vim	vim	5.7
vim	vim	5.8
vim	vim	6.0
vim	vim	6.1
vim	vim	6.2
vim	vim	6.3
vim	vim	6.4
vim	vim	7.0
vim	vim	7.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC771166-EF16-4755-ABD4-9390F366FE92",
              "versionEndIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CEC67AF-3A8F-421E-BC74-16DA592DAC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E7C9C8A-CA6F-4781-98EE-03B78A91D860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1B91822-8DC4-471C-B6D4-EC7F114914B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12B90731-2B67-4859-A873-EFEFE4A66CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F325C23E-BFBC-4371-AF74-E189FC2515F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2527B955-E25A-4A33-A6F4-27DEDA99C7F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEA82FC2-F2A3-4BE2-8EE2-5A3BC3555401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "808C36C4-0523-4FBC-B3B7-3E6E29FF24EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "404E256E-B823-4BC4-8F29-C3724604F474",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75F0563C-7156-4166-87AA-4C122F26CABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CDFBFEB-D79E-4CEB-905E-FA89A0F0D494",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAEC13F6-0526-47FB-BF98-D864CE297D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "477A2C0C-5229-4A08-8AB1-B9C8C2D4F3FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9FE70D0-5931-49D1-A750-7D03C8C28228",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A08C510-8774-4FEB-BCA3-1868F692BF94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "464D5E9A-EB5A-47AB-8657-15A68AD30D59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F4F51CA-18C1-4043-B4E6-F1AD9D3C1346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BAA6B0-4956-4D98-872A-BCCBD0D4CE16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CCAA40-55CE-4AB9-9268-AADA06E29B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8C5B265-A7DD-4D24-864C-BF1FEEF8F138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en el archivo src/if_python.c en la interfaz de Python en Vim en versiones anteriores a 7.2.045, permite a los usuarios locales ejecutar c\u00f3digo arbitrario por medio de un archivo Python de tipo caballo de Troya en el directorio de trabajo actual, relacionado con una vulnerabilidad en la funci\u00f3n PySys_SetArgv (CVE- 2008-5983), como es demostrado por una ruta de b\u00fasqueda err\u00f3nea para el archivo plugin/bike.vim en bicyclerepair."
    }
  ],
  "id": "CVE-2009-0316",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-01-28T11:30:00.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/33447"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0316 (GCVE-0-2009-0316)

GHSA-X433-429V-9473

GSD-2009-0316

CERTA-2010-AVI-143

Description

Solution

FKIE_CVE-2009-0316

Tags

Sightings

Nomenclature