Critical Flaw in Vim and Neovim Editor can get your Linux Systems Hacked

security Governance trends

A security researcher has discovered a critical vulnerability in Vim and Neovim command-line text editing applications in Linux.

The vulnerability, tracked as CVE-2019-12735, was discovered by security researcher  Armin Razmjou affecting both Vim and Neovim applications that come pre-installed in most Linux based OS systems.

The flaw is an arbitrary OS command execution vulnerability can be exploited by tricking users into opening a specially crafted text file Vim and Neovim editor.

“Vim before 8.1.1365 and Neovim before 0.3.6 are vulnerable to arbitrary code execution via modelines by opening a specially crafted text file.”

The vulnerability exists due to the way Vim editor handles the modeline options. This feature allows to specify custom editor options near the start or end of a file and is enabled by default and applies to all file types.

Due to security reasons, only a subset of options is permitted in modelines, and if the option value contains an expression, it is executed in the sandbox.

“However, the :source! command (with the bang [!] modifier) can be used to bypass the sandbox. It reads and executes commands from a given file as if typed manually, running them after the sandbox has been left.” said in the security advisory.

By tricking users to open a specially crafted text file on Vim and Neovim editor hackers can secretly execute commands on the users Linux system and remotely take control over it.

Razmjou also released two proofs-of-concept exploit to the public and also shared demo video PoC of the attack.

Flaw in Vim and Neovim

Vim and Neovim have released security patches to address the CVE-2019-12735 flaw. Users are advised to apply the patches immediately.

Razmjou also recommended users to

  • Disable modelines in the vimrc
  • Use the securemodelines plugin
  • Disable modelineexpr to disallow expressions in modelines

For the latest cyber threats and the latest hacking news please follow us on FacebookLinkedin and Twitter.

You may be interested in reading: New GandCrab Ransomware Campaign Targets MySQL Servers on Windows

Comments

Please rate this content