8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
66.1%
Linux users, beware!
If you haven’t recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim.
Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim andNeovim—two most popular and powerful command-line text editing applications that come pre-installed with most Linux-based operating systems.
On Linux systems, Vim editor allows users to create, view or edit any file, including text, programming scripts, and documents.
Since Neovim is just an extended forked version of Vim, with better user experience, plugins and GUIs, the code execution vulnerability also resides in it.
Razmjou discovered a flaw in the way Vim editor handles “modelines,” a feature that’s enabled-by-default to automatically find and apply a set of custom preferences mentioned by the creator of a file near the starting and ending lines in the document.
Though the editor only allows a subset of options in modelines (for security reasons) and uses sandbox protection if it contains an unsafe expression, Razmjou revealed that using “:source!” command (with a bang [!] modifier) can be used to bypass the sandbox.
Therefore, just opening an innocent looking specially crafted file using Vim or Neovim could allow attackers to secretly execute commands on your Linux system and take remote control over it.
The researcher has also released two proof-of-concept exploits to the public, one of which demonstrates a real-life attack scenario wherein a remote attacker gains access to a reverse shell from the victim’s system as soon as he/she opens a file on it.
The maintainers of Vim (patch 8.1.1365) and Neovim (released in v0.3.6) have released updates for both utilities to address the issue, which users should install as soon as possible.
Besides this, the researcher has also recommended users to:
8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
66.1%