Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor (Jun 10, 2019)
Security researcher Armin Razmjou has discovered a vulnerability in Vim and Neovim, two preinstalled Linux command-line text editors. While Vim uses sandbox protection, and limited allowed options in modelines, using the “:source!” command can bypass the sandbox. This leaves the potential for an attacker to send a malicious file to a victim while secretly executing commands. The maintainers of Vim and Neovim have released patches for the vulnerabilities.
Recommendation: Users should immediately upgrade their versions of Vim and Neovim, as there is the potential for attackers to take control of their machine. Users are also recommended to disable modelines feature, disable “modelineexpr” to disallow expressions in modelines, and use “securemodelines plugin” a secure alternative to Vim modelines.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.