| Name | CVE-2008-3074 |
| Description | The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1733-1 |
| Debian Bugs | 506919 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| vim (PTS) | bullseye | 2:8.2.2434-3+deb11u1 | fixed |
| bullseye (security) | 2:8.2.2434-3+deb11u3 | fixed | |
| bookworm | 2:9.0.1378-2+deb12u2 | fixed | |
| trixie | 2:9.1.1230-2 | fixed | |
| forky | 2:9.1.2141-1 | fixed | |
| sid | 2:9.2.0136-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| vim | source | etch | 1:7.0-122+1etch5 | DSA-1733-1 | ||
| vim | source | lenny | 1:7.1.314-3+lenny1 | 506919 | ||
| vim | source | squeeze | 1:7.1.314-3+lenny1 | 506919 | ||
| vim | source | (unstable) | 2:7.2.010-1 | 506919 |