Code execution flaw discovered in Vim and Neovim
- The vulnerability exists in older versions of the two popular text editor applications.
- Vim and Neovim are pre-installed in most of the Linux-based operating systems, which pose more risk to Linux users.
An arbitrary code execution flaw was identified in popular text editors Vim and Neovim. Security researcher Armin Razmjou discovered this vulnerability in the older versions of the two applications.
In a tweet, Razmjou mentioned that the vulnerability was the result of a feature known as ‘modelines’ in the application, which could enable attackers to execute arbitrary code and gain remote control over compromised systems.
- The flaw, tracked as CVE-2019-12735, is a result of a faulty getchar.c function which allows remote attackers to execute arbitrary code through the ‘:source!’ command in a modeline.
- It affects Vim versions prior to 8.1.1365 and Neovim versions prior to 0.3.6.
- According to Razmjou, this vulnerability is plainly evident in default configurations of Vim.
- The researcher has also released two proof-of-concept (PoC) exploits for this vulnerability. One of the exploits shows an attack scenario wherein a reverse shell is executed when he/she opens a malicious file on either of these applications. This permitted system access to the remote attacker.
How can you protect yourself?
On top of mentioning patches available, Razmjou has advised other countermeasures such as disabling modelines, using a plugin called ‘securemodelines’ or to disable ‘modelineexpr’ option in modelines.
Since Vim and Neovim are pre-installed in most of the Linux-based operating systems, Linux users are more prone to RCE attacks due to this flaw. Thus, they are advised to apply the patches available for the two applications.