/ Register

Join the community today
Register Now

Security Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor

Discussion in 'CentOS, Redhat & Oracle Linux News' started by pamamolf, Jun 11, 2019.

Previous Thread Next Thread
Loading...
  1. Jun 11, 2019 #1
    pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    9:25 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    Hello

    Product: Vim < 8.1.1365, Neovim < 0.3.6
    Type: Arbitrary Code Execution
    CVE: CVE-2019-12735
    Date: 2019-06-04
    Author: Arminius (@rawsec)

    Summary
    Vim before 8.1.1365 and Neovim before 0.3.6 are vulnerable to arbitrary code execution via modelines by opening a specially crafted text file.

    Check it out :)

    numirias/security
     
  2. Jun 11, 2019 #2
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    4:25 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    thanks for heads up i use nano heh

    For RedHat/CentOS
    all under investigation right now
    CentOS 7 for Centmin Mod installs vim-minimal yum package right now but we need to look not at version number but the minor version increment and rpm changelog once an update is out for Redhat/CentOS
    Code (Text):
    yum list installed -q | grep vim
vim-minimal.x86_64              2:7.4.160-5.el7                  @base

    Code (Text):
    rpm -qa vim-minimal
vim-minimal-7.4.160-5.el7.x86_64
     
  3. Jun 12, 2019 #3
    BamaStangGuy

    BamaStangGuy Active Member

    669
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    1:25 AM
    Nano user as well.
     
  4. Jun 12, 2019 #4
    Itworx4me

    Itworx4me Premium Member Premium Member

    339
    35
    28
    Mar 14, 2017
    Ratings:
    +65
    Local Time:
    11:25 PM
    Nginx 1.27.4
    MariaDB 10.6.21
     
Previous Thread Next Thread
Loading...

.