4.3

CVE-2008-4677

EPSS 0.93%
Published 22.10.2008 18:00:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords.  NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately."

Affected products Warnungen 0 Metrics 2 CWE 0 References 18

Data is provided by the National Vulnerability Database (NVD)

Vim ≫ Netrw Version109

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Vim ≫ Netrw Version110

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Vim ≫ Netrw Version111

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Vim ≫ Netrw Version112

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Vim ≫ Netrw Version113

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Vim ≫ Netrw Version114

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Vim ≫ Netrw Version115

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Vim ≫ Netrw Version116

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Vim ≫ Netrw Version118

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Vim ≫ Netrw Version120

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Vim ≫ Netrw Version121

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Vim ≫ Netrw Version122

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Vim ≫ Netrw Version123

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Vim ≫ Netrw Version128

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Vim ≫ Netrw Version131

   Vim ≫ Vim Version7.1
   Vim ≫ Vim Version7.1.266
   Vim ≫ Vim Version7.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.93%	0.739

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

http://www.mandriva.com/security/advisories?name=MDVSA-2008:236

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

http://secunia.com/advisories/34418

http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6

http://secunia.com/advisories/31464

Vendor Advisory

http://www.openwall.com/lists/oss-security/2008/10/06/4

http://www.openwall.com/lists/oss-security/2008/10/16/2

http://www.openwall.com/lists/oss-security/2008/10/20/2

http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html

http://www.securityfocus.com/archive/1/495432

http://www.securityfocus.com/archive/1/495436

http://www.securityfocus.com/bid/30670

http://www.vupen.com/english/advisories/2008/2379

https://bugzilla.redhat.com/show_bug.cgi?id=461750

https://exchange.xforce.ibmcloud.com/vulnerabilities/44419

https://nvd.nist.gov/vuln/detail/CVE-2008-4677

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4677

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4677

EUVD