Your Linux system can be hacked just by opening a file in Vim or Neovim Editor
Linux users, be careful!
If you haven't updated your Linux operating system recently, especially the command line text editor, don't even try to access the contents of the file via Vim or Neovim, pay attention, your system is complete All can be hacked.
Well-known security researcher Armin Razmjou recently discovered a serious vulnerability related to executing arbitrary operating system commands (CVE-2019-12735) in Vim and Neovim - 2 line text editing applications The most common and powerful commands are usually preinstalled on most Linux-based operating systems.
- The Russian army will completely replace Windows with Astra Linux
On Linux systems, the Vim editor allows users to create, view or edit any file, including text, programming scripts and documents.
Because Neovim is just an extended version of Vim (with better user experience, plugins and GUI), of course the above serious code execution vulnerability will also appear in this application.
Vulnerabilities execute code in Vim and Neovim
Security expert Armin Razmjou has discovered a flaw in the way Vim editor handles "modelines" - the feature is turned on by default to automatically find and apply a set of customized options. Accessed by the file creator, close to the start and end lines in the document.
- The Korean government is going to use the Linux operating system instead of Windows because of the expensive cost
Although the editor only allows applying a subset of options in the model (for security reasons) and using sandbox protection if it contains unsafe expressions, Armin Razmjou reveals that use the ": source!" (with an amendment [!]) can overcome sandbox protection.
Therefore, users who only need to open a specially crafted file using Vim or Neovim can also allow an attacker to secretly execute commands on their Linux system, as well as control the system. Remote system.
The security researcher has also released 2 Proof of Concept (PoC) on how to exploit the vulnerability mentioned above. One of these represents a real-life attack scenario when a remote attacker has access to the reverse shell from the victim's system as soon as he opens it.
- Hacker successfully stole 100,000 photos from border control database
Developers responsible for maintenance of Vim (patch version 8.1.1365) and Neovim (released in v0.3.6) have also released updates for both of these utilities to solve the problem. Also recommend that users install the new version as soon as possible.
Besides, researcher Armin Razmjou has also provided some additional recommendations for users as follows:
- Disable modelines feature
- disable "modelineexpr" to not allow expressions to appear in modelines.
- Switch to using the "securemodelines plugin" as a safe alternative to Vim models.
You should read it
- Immediately patch CWP vulnerability that allows code execution as root on Linux servers
- Learn about SQL Injection and how to prevent it
- Top 28 Android tools and apps you should know (Part 1)
- How to hack WiFi passwords with holes on WPA / WPA2
- This USB cable can turn a normal Linux laptop into a 'brick'.
- Samba vulnerabilities allow hackers to invade thousands of remote Linux computers
- ProFTPD remote code execution vulnerability affects more than 1 million servers worldwide
- How to Hack Wi Fi WPA/WPA2 with Kali Linux
- The Linux machine can be remotely hacked with a poisoned DNS response
- Your computer can be hacked after opening a document in LibreOffice
- Kali Linux 2019.1 was officially released
- The 5 most awaited things in Linux in 2019