Upstream information

CVE-2009-0316 at MITRE

Description

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.9
Vector AV:L/AC:M/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 470100 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • gvim >= 7.4.326-2.62
  • vim >= 7.4.326-2.62
  • vim-data >= 7.4.326-2.62
Patchnames:
SUSE Linux Enterprise Desktop 12 GA gvim
SUSE Linux Enterprise Desktop 12 SP1
  • gvim >= 7.4.326-2.62
  • vim >= 7.4.326-2.62
  • vim-data >= 7.4.326-2.62
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA gvim
SUSE Linux Enterprise Desktop 12 SP2
  • gvim >= 7.4.326-2.62
  • vim >= 7.4.326-2.62
  • vim-data >= 7.4.326-2.62
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA gvim
SUSE Linux Enterprise Desktop 12 SP3
  • gvim >= 7.4.326-16.1
  • vim >= 7.4.326-16.1
  • vim-data >= 7.4.326-16.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA gvim
SUSE Linux Enterprise Module for Basesystem 15
  • vim >= 8.0.1568-3.20
  • vim-data >= 8.0.1568-3.20
  • vim-data-common >= 8.0.1568-3.20
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA vim
SUSE Linux Enterprise Module for Desktop Applications 15
  • gvim >= 8.0.1568-3.20
Patchnames:
SUSE Linux Enterprise Module for Desktop Applications 15 GA gvim
SUSE Linux Enterprise Server 12
  • gvim >= 7.4.326-2.62
  • vim >= 7.4.326-2.62
  • vim-data >= 7.4.326-2.62
Patchnames:
SUSE Linux Enterprise Server 12 GA gvim
SUSE Linux Enterprise Server 12 SP1
  • gvim >= 7.4.326-2.62
  • vim >= 7.4.326-2.62
  • vim-data >= 7.4.326-2.62
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA gvim
SUSE Linux Enterprise Server 12 SP2
  • gvim >= 7.4.326-2.62
  • vim >= 7.4.326-2.62
  • vim-data >= 7.4.326-2.62
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA gvim
SUSE Linux Enterprise Server 12 SP3
  • gvim >= 7.4.326-16.1
  • vim >= 7.4.326-16.1
  • vim-data >= 7.4.326-16.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA gvim
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • gvim >= 7.4.326-2.14
  • vim >= 7.4.326-2.14
  • vim-data >= 7.4.326-2.14
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA gvim
openSUSE 11.0
  • vim-debuginfo >= 7.2-9.1
  • vim-debugsource >= 7.2-9.1
openSUSE 11.0
  • gvim >= 7.2-9.1
  • vim >= 7.2-9.1
  • vim-base >= 7.2-9.1
  • vim-data >= 7.2-9.1
  • vim-enhanced >= 7.2-9.1
openSUSE 11.1
  • vim-debuginfo >= 7.2-7.4.1
  • vim-debugsource >= 7.2-7.4.1
openSUSE 11.1
  • gvim >= 7.2-7.4.1
  • vim >= 7.2-7.4.1
  • vim-base >= 7.2-7.4.1
  • vim-data >= 7.2-7.4.1
  • vim-enhanced >= 7.2-7.4.1
openSUSE Leap 15.0
  • vim >= 8.0.1568-lp150.3.1
  • vim-data >= 8.0.1568-lp150.3.1
  • vim-data-common >= 8.0.1568-lp150.3.1
Patchnames:
openSUSE Leap 15.0 GA vim
openSUSE Leap 42.1
  • gvim >= 7.4.326-3.10
  • vim >= 7.4.326-3.10
  • vim-data >= 7.4.326-3.10
Patchnames:
openSUSE Leap 42.1 GA gvim
openSUSE Leap 42.2
  • gvim >= 7.4.326-6.1
  • vim >= 7.4.326-6.1
  • vim-data >= 7.4.326-6.1
Patchnames:
openSUSE Leap 42.2 GA gvim
openSUSE Leap 42.3
  • gvim >= 7.4.326-12.1
  • vim >= 7.4.326-12.1
  • vim-data >= 7.4.326-12.1
Patchnames:
openSUSE Leap 42.3 GA gvim
openSUSE Tumbleweed
  • gvim >= 8.0.130-1.1
  • vim >= 8.0.130-1.1
  • vim-data >= 8.0.130-1.1
Patchnames:
openSUSE Tumbleweed GA gvim