Jump to content
Login new information ×
Login new information

Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor

The AchieVer

By The AchieVer
in Security & Privacy News

Recommended Posts

The AchieVer

The AchieVer

Posted
Posted

Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor

 
 
linux vim vulnerability
Linux users, beware!

If you haven't recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim.

Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim—two most popular and powerful command-line text editing applications that come pre-installed with most Linux-based operating systems.

On Linux systems, Vim editor allows users to create, view or edit any file, including text, programming scripts, and documents.

Since Neovim is just an extended forked version of Vim, with better user experience, plugins and GUIs, the code execution vulnerability also resides in it.
 

Code Execution Flaw in Vim and Neovim


Razmjou discovered a flaw in the way Vim editor handles "modelines," a feature that's enabled-by-default to automatically find and apply a set of custom preferences mentioned by the creator of a file near the starting and ending lines in the document.

 

linux-vim-vulnerability

 

Though the editor only allows a subset of options in modelines (for security reasons) and uses sandbox protection if it contains an unsafe expression, Razmjou revealed that using ":source!" command (with a bang [!] modifier) can be used to bypass the sandbox.

Therefore, just opening an innocent looking specially crafted file using Vim or Neovim could allow attackers to secretly execute commands on your Linux system and take remote control over it.


The researcher has also released two proof-of-concept exploits to the public, one of which demonstrates a real-life attack scenario wherein a remote attacker gains access to a reverse shell from the victim's system as soon as he/she opens a file on it.

The maintainers of Vim (patch 8.1.1365) and Neovim (released in v0.3.6) have released updates for both utilities to address the issue, which users should install as soon as possible.

Besides this, the researcher has also recommended users to:
 
  • disable modelines feature,
  • disable "modelineexpr" to disallow expressions in modelines,
  • use "securemodelines plugin," a secure alternative to Vim modelines.

 

 

 

Source

Link to comment
Share on other sites
  • Replies 1
  • Views 476
  • Created
  • Last Reply
steven36

steven36

Posted
Posted
1 hour ago, The AchieVer said:

Vim and Neovim—two most popular and powerful command-line text editing applications that come pre-installed with most Linux-based operating systems.

 That is false info VIm  and  Neovim don't come pre installed in any Linux distro i ever used  there instalble packages  only VImers  use these type editors . Linux Mint come with xed  the original one you see in other distros is Gedit   Gnome Text editor. If  your not a Vimer  you would never use it.

 

Quote

If you want vim as you'd expect to find, install vim, or if you want the GUI frontend as well, one of vim-gnome, vim-gtk or vim-athena. I'd recommend installing one of the latter three, since they have more features compiled in than the one vim has (like X11 clipboard support).

 

 

But its no problem to add the ppa  and get VIM updates as soon as they come out 

sudo add-apt-repository ppa:jonathonf/vim
sudo apt update
sudo apt install vim

 

 

Neovim

  • sudo apt-add-repository ppa:neovim-ppa/stable
  • sudo apt update
  • sudo apt install neovim

 

They one that come in most  Ubuntu Linux  distros is called  vim tiny

Quote

There are only twelve features enabled (out of one hundred and twenty)

 

Vim tiny  is not effected by this even

https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12735.html

 

If your a Vimer  i would recommend  installing the ppa  and updating  or don't use it tell  Ubuntu gets done and pushes  it out on live updates for your distro  there working on it.

 

Both were patched  upstream in there respective PPAs last month 

- 2019-05-22 Vim and Neovim maintainers notified
- 2019-05-23 Vim patch released
- 2019-05-29 Neovim patch released
- 2019-06-05 CVE ID CVE-2019-12735 assigned

https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md

 

ARCH Linux and  ppa users had the updates for days already

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...