Vim/NeoVim vulnerability (patched)

[LukeSavenije]

Sources: @AluminiumTech, Arstechnica

 

A recently patched vulnerability in text editors preinstalled in a variety of Linux distributions allows hackers to take control of computers when users open a malicious text file. The latest version of Apple’s macOS is continuing to use a vulnerable version, although attacks only work when users have changed a default setting that enables a feature called modelines.

 

I know this is a couple days old, but it's good to notify people of any vulnerability

 

Quote

Vim and its forked derivative, NeoVim, contained a flaw that resided in modelines. This feature lets users specify window dimensions and other custom options near the start or end of a text file. While modelines restricts the commands available and runs them inside a sandbox that’s cordoned off from the operating system, researcher Armin Razmjou noticed the source command (including the bang on the end) bypassed that protection.

“It reads and executes commands from a given file as if typed manually, running them after the sandbox has been left,” the researcher wrote in a post earlier this month.

The post includes two proof-of-concept text files that graphically demonstrate the threat. One of them opens a reverse shell on the computer running Vim or NeoVim. From there, attackers could pipe commands of their choosing onto the commandeered machine.

“This PoC outlines a real-life attack approach in which a reverse shell is launched once the user opens the file,” Razmjou wrote. “To conceal the attack, the file will be immediately rewritten when opened. Also, the PoC uses terminal escape sequences to hide the modeline when the content is printed with cat. (cat -v reveals the actual content.)”

The researcher included the following GIF image:

 

 

Edited June 17, 2019 by LukeSavenije
added gif

[TVwazhere]

4 minutes ago, LukeSavenije said:

A recently patched vulnerability in text editors

Another day, another windows vulnerab-

5 minutes ago, LukeSavenije said:

in a variety of Linux distributions

[Ashleyyyy]

if it's a vunerability in Vim/NeoVim then it's not just linux, it's any OS with one of those apps preinstalled... 

[Uptivuptiz]

18 minutes ago, LukeSavenije said:

The researcher included the following GIF image:

*looks at image*

 

Hey! This is only a PNG not a GIF 

[rcmaehl]

It's a good think I use the superior text editor emacs nano

[williamcll]

It's a good thing I use the superior text editor emacs nano pico

[LukeSavenije]

31 minutes ago, Uptivuptiz said:

*looks at image*

 

Hey! This is only a PNG not a GIF 

ow... will try to fix that soon

 

edit: fixed

Edited June 17, 2019 by LukeSavenije

[LukeSavenije]

47 minutes ago, TVwazhere said:

Another day, another windows vulnerab-

i demand a margin of that rep

[sazrocks]

Real linux users only use ed.

[duncannah]

Yikes, both my PC and server had vulnerable versions

[Suppersupport]

pop doesn't! I use nano anyway.

[Guest]

@LukeSavenije can confirm the version in MacOS.

 

Spoiler