Hexbyte – Tech News – Ars Technica | If you haven’t patched Vim or NeoVim text editors, you really, really should

Hexbyte – Tech News – Ars Technica | If you haven’t patched Vim or NeoVim text editors, you really, really should

Hexbyte – Tech News – Ars Technica |

YES, THEY’RE STILL A THING —

Sandbox escape in the ancient text editors lets attackers get a reverse shell.


Hexbyte - Tech News - Ars Technica | If you haven’t patched Vim or NeoVim text editors, you really, really should

A recently patched vulnerability in text editors preinstalled in a variety of Linux distributions allows hackers to take control of computers when users open a malicious text file. The latest version of Apple’s macOS is continuing to use a vulnerable version, although attacks only work when users have changed a default setting that enables a feature called modelines.

Vim and its forked derivative, NeoVim, contained a flaw that resided in modelines. This feature lets users specify window dimensions and other custom options near the start or end of a text file. While modelines restricts the commands available and runs them inside a sandbox that’s cordoned off from the operating system, researcher Armin Razmjou noticed the source! command (including the bang on the end) bypassed that protection.

“It reads and executes commands from a given file as if typed manually, running them after the sandbox has been left,” the researcher wrote in a post earlier this month.

The post includes two proof of concept text files that graphically demonstrate the threat. One of them opens a reverse shell on the computer running Vim or NeoVim. From there, attackers could pipe commands of their ch

Read More