{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-26T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"}, {"name": "33447", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33447"}, {"name": "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"}, {"name": "APPLE-SA-2010-03-29-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"name": "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4077"}, {"name": "MDVSA-2009:047", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"}, {"name": "vim-pysyssetargv-privilege-escalation(48275)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0316", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"}, {"name": "33447", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33447"}, {"name": "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"}, {"name": "APPLE-SA-2010-03-29-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"name": "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd", "refsource": "MLIST", "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"}, {"name": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045", "refsource": "CONFIRM", "url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"}, {"name": "http://support.apple.com/kb/HT4077", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4077"}, {"name": "MDVSA-2009:047", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"}, {"name": "vim-pysyssetargv-privilege-escalation(48275)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=481565", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:31:25.468Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"}, {"name": "33447", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33447"}, {"name": "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"}, {"name": "APPLE-SA-2010-03-29-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"name": "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4077"}, {"name": "MDVSA-2009:047", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"}, {"name": "vim-pysyssetargv-privilege-escalation(48275)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0316", "datePublished": "2009-01-28T11:00:00.000Z", "dateReserved": "2009-01-27T00:00:00.000Z", "dateUpdated": "2024-08-07T04:31:25.468Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC771166-EF16-4755-ABD4-9390F366FE92", "versionEndIncluding": "7.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0CEC67AF-3A8F-421E-BC74-16DA592DAC1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:1.22:*:*:*:*:*:*:*", "matchCriteriaId": "1E7C9C8A-CA6F-4781-98EE-03B78A91D860", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E1B91822-8DC4-471C-B6D4-EC7F114914B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "12B90731-2B67-4859-A873-EFEFE4A66CF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "F325C23E-BFBC-4371-AF74-E189FC2515F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "2527B955-E25A-4A33-A6F4-27DEDA99C7F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "BEA82FC2-F2A3-4BE2-8EE2-5A3BC3555401", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "808C36C4-0523-4FBC-B3B7-3E6E29FF24EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "404E256E-B823-4BC4-8F29-C3724604F474", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "75F0563C-7156-4166-87AA-4C122F26CABB", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "0CDFBFEB-D79E-4CEB-905E-FA89A0F0D494", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "AAEC13F6-0526-47FB-BF98-D864CE297D60", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "477A2C0C-5229-4A08-8AB1-B9C8C2D4F3FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "D9FE70D0-5931-49D1-A750-7D03C8C28228", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "8A08C510-8774-4FEB-BCA3-1868F692BF94", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "464D5E9A-EB5A-47AB-8657-15A68AD30D59", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "6F4F51CA-18C1-4043-B4E6-F1AD9D3C1346", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "D2BAA6B0-4956-4D98-872A-BCCBD0D4CE16", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "97CCAA40-55CE-4AB9-9268-AADA06E29B9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A8C5B265-A7DD-4D24-864C-BF1FEEF8F138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair."}, {"lang": "es", "value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en el archivo src/if_python.c en la interfaz de Python en Vim en versiones anteriores a 7.2.045, permite a los usuarios locales ejecutar c\u00f3digo arbitrario por medio de un archivo Python de tipo caballo de Troya en el directorio de trabajo actual, relacionado con una vulnerabilidad en la funci\u00f3n PySys_SetArgv (CVE- 2008-5983), como es demostrado por una ruta de b\u00fasqueda err\u00f3nea para el archivo plugin/bike.vim en bicyclerepair."}], "id": "CVE-2009-0316", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-01-28T11:30:00.297", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"}, {"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT4077"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"}, {"source": "cve@mitre.org", "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33447"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"}, {"source": "cve@mitre.org", "url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT4077"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33447"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "vim: untrusted python modules search path", "id": "481565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"}, "csaw": false, "details": ["Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair."], "name": "CVE-2009-0316", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2008-08-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-0316\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-0316"], "statement": "This issue did not affect vim as shipped in Red Hat Enterprise Linux 3 and 4. This issue is not planned to be fixed in vim packages in Red Hat Enterprise Linux 5.", "threat_severity": "Low"}

{}