This is a fairly serious vulnerability in vim that is often exploited through drive-by-downloads or click-jacking on malicious websites. The attacker may lure the victim to a malicious website with a carefully-crafted message that prompts the victim to open a specially-crafted file in vim. This may be a malicious link on a compromised website, or it may be a message that is embedded on a legitimate website. When the victim opens the malicious file, they may receive a prompt to install a plugin in vim. The attacker may have crafted the message to look like it is coming from a legitimate source. For example, the attacker may pose as a developer on a website and include a message that prompts the user to install a plugin in vim.
Vulnerable versions:
Vulnerable versions of vim are released as early as 2003 and may also include some releases prior to that.
A fix has been applied to many distributions and most vendors have released updates for their products. The vulnerability can be mitigated by not running vim when visiting a malicious website or installing plugins from websites that are not trusted. For example, if the user is prompted for a password during installation, the user should refuse the request and close the window instead of pressing enter to continue.
What is CVE-2022?
CVE-2022 is the security identifier for a vulnerability in vim. This particular vulnerability is often exploited through drive-by-downloads or click-jacking on malicious websites.
Summary of CVE-2022 -0318
Vim is a text editor that many programmers use in their day-to-day work. A vulnerability has been discovered in vim that can be exploited by malicious websites to execute code remotely. The vulnerability resides in the way vim handles plugins, which allows it to execute arbitrary commands on a victim's computer. An attacker may lure the victim to a malicious website with a carefully-crafted message that prompts them to open a specially-crafted file in vim. This may be a malicious link on a compromised website, or it may be embedded on legitimate websites and downloaded automatically when the victim visits the site. When the victim opens the malicious file, they will receive a prompt to install a plugin in vim. The attacker may have crafted this message to look like it is coming from an authorized source, possibly from the developer of the website, who wants users to install a plugin for debugging purposes. For example, the attacker may pose as an authorized developer on certain websites and include such fake messages asking users to install plugins for debugging purposes.
CVE-2022-0317
This is a vulnerability in the bash shell that allows a user to become the superuser of a machine. This vulnerability can be exploited through malicious code that executes commands as root. A malicious script may be downloaded from the attacker’s website and executed on the victim’s machine, which will then allow them to log in with their admin credentials. Because this vulnerability can be exploited by anyone and because it affects all Unix-like systems (including Linux, MacOS, and BSD), it is very important for sites running web servers that use bash to patch this vulnerability before attackers exploit it.
Timeline
Published on: 01/21/2022 12:15:00 UTC
Last modified on: 08/21/2022 07:15:00 UTC