chevron_left chevron_right
Login Register invert_colors photo_library
Stay updated and chat with others! - Join the Discord or the IRC.
Thread Rating:
  • 0 Vote(s) - 0 Average


filter_list Linux Command-Line Editors Vulnerable to High-Severity Bug -- vim, neovim
Author
Message
Linux Command-Line Editors Vulnerable to High-Severity Bug -- vim, neovim #1
Quote:A high-severity bug impacting two popular command-line text editing applications, Vim and Neovim, allow remote attackers to execute arbitrary OS commands. Security researcher Armin Razmjou warned that exploiting the bug is as easy as tricking a target into clicking on a specially crafted text file in either editor.

...

Razmjou outlined his research and created a proof-of-concept (PoC) attack demonstrating how an adversary can compromise a Linux system via Vim or Neovim. He said Vim versions before 8.1.1365 and Neovim before 0.3.6 are vulnerable to arbitrary code execution.

Jesus Christ. Many servers have some patching to do.

Link: https://threatpost.com/linux-command-lin...ug/145569/

Reply

RE: Linux Command-Line Editors Vulnerable to High-Severity Bug -- vim, neovim #2
Its todo with the default settings but if you change a certain setting it fixes it. Also this is quite and old type of exploit which has been brought up before.
[Image: 1yEDa5A.gif]
2019-05-12

Reply

RE: Linux Command-Line Editors Vulnerable to High-Severity Bug -- vim, neovim #3
That's not good at all. I've heard of a lot of servers using this command line.
[Image: tumblr_n4fsswcwZa1sbhzgao1_250.gif]

"Crack it open, throw it in a pan and let it cook." ~ Filthy Franku

Reply

RE: Linux Command-Line Editors Vulnerable to High-Severity Bug -- vim, neovim #4
(06-11-2019, 07:00 PM)slothic Wrote: Its todo with the default settings but if you change a certain setting it fixes it. Also this is quite and old type of exploit which has been brought up before.

What's the setting that requires changing?

Reply

RE: Linux Command-Line Editors Vulnerable to High-Severity Bug -- vim, neovim #5
(06-11-2019, 07:29 PM)skeeba Wrote:
(06-11-2019, 07:00 PM)slothic Wrote: Its todo with the default settings but if you change a certain setting it fixes it. Also this is quite and old type of exploit which has been brought up before.

What's the setting that requires changing?

Not sure but i saw hackernews post about it and i believe the founder of the cve even said it can be evaded with vim and it can be evaded if you use cat -v [file]
[Image: 1yEDa5A.gif]
2019-05-12

Reply






Users browsing this thread: 2 Guest(s)