Security expertArmin Razmjourecently detected a high-risk arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim.
As a result, the code execution vulnerability is also present in Neovim.
reads thesecurity advisorypublished by the expert.
Razmjoudiscoveredthe vulnerability in the way Vim editor handles the modelines option.
The modeline feature allows to specify custom editor options near the start or end of a file.
This feature is enabled by default and applied to all file types, including plain.txt.
However, Razmjou discovered thatthe:source!command (with the bang [!]
modifier) can be used to bypass the sandbox.
In other words, it is possible to develop a modeline that can execute the code outside the sandbox.
To conceal the attack, the file will be immediately rewritten when opened, continues the post.
Also, the PoC uses terminal escape sequences to hide the modeline when the content is printed with cat.
(cat -v reveals the actual content.)
Besides the patching, the security researcher also suggests users to:
Read More
source: www.techworm.net
