Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Bug

Vim and Neo Editors Vulnerable To High-Severity Bug (threatpost.com) 76

Posted by EditorDavid from the editor-exploits dept.
JustAnotherOldGuy quotes Threatpost: A high-severity bug impacting two popular command-line text editing applications, Vim and Neovim, allow remote attackers to execute arbitrary OS commands. Security researcher Armin Razmjou warned that exploiting the bug is as easy as tricking a target into clicking on a specially crafted text file in either editor. Razmjou outlined his research and created a proof-of-concept (PoC) attack demonstrating how an adversary can compromise a Linux system via Vim or Neowim. He said Vim versions before 8.1.1365 and Neovim before 0.3.6 are vulnerable to arbitrary code execution...

Vim and Neovim have both released patches for the bug (CVE-2019-12735) that the National Institute of Standards and Technology warns, "allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline."

"Beyond patching, it's recommended to disable modelines in the vimrc (set nomodeline), to use the securemodelinesplugin, or to disable modelineexpr (since patch 8.1.1366, Vim-only) to disallow expressions in modelines," the researcher said.

Comment Very little respect (Score 1) 215

by glowworm (#57191136) Attached to: Elon Musk Says Investors Convinced Him Tesla Should Stay Public
Musk is addled by Ambien. The drug's side effects are clearly showing. He is irrational and eratic and has been for a while now.

There was a time I respected him, he completely lost that respect when he attacked one of the brave cave divers in Thailand, his stock manipulations with this private/no private business just add to this dislike.

It's time the Telsa board hand him his golden flamethrower, show him to the door with his belongings in carboard boxes, and under the leadership of a professional, do good things without Musk at the helm.

Comment Re:we only let america spy on us (Score 1) 77

But the Americans are 100% friends to the hilt

I guess it all depends on if one believes the CIA "stole" Harold Holt, or the Chinese "stole" Harold Holt.

As for 100% friends, nah. 80% at most. The USA would have no qualms in informing the sitting PM of the week about the dirt they hold on him so they get their way with B2 bombers in Darwin and spy stations near Alice.

Comment Re:Lies? (Score 4, Interesting) 373

The Microcode tgz file also contains a license file with the same language

"(v) publish or provide any Software benchmark or comparison test results. "

However, there is also a clause that says if you download the tgz you accept the license automatically. So, the act of downloading to read thatlicense means you have agreed will not publish benchmarks.

Comment Re: Look at all these jobs... (Score 0) 401

by glowworm (#57114888) Attached to: PC Case Maker CaseLabs Closes Permanently

And the rest of the world seems to be a little slow on understanding just how much the US population doesn't give two shits about the "international" community.

In fact, the rest of the world has long understood that the US population doesn't know what exists outside it's borders. "Oh, you are Austrian? Koalas are so cute!"

Submission + - SPAM: Google blocks Blender Foundation Videos

Submitted by lastman71
lastman71 writes: Since a few days all Blender videos on the official blender video have been blocked worldwide without explanation. After some time youtube told to Blender Foundation to enable ad to unblock the channel.

It looks that the new policy is to enable ad on your video if you want to publish videos.
Link to Original Source

Comment Re:SourceForge Isn't An Alternative (Score 1) 323

by glowworm (#56722572) Attached to: Microsoft Is Said to Have Agreed to Acquire Coding Site GitHub
Trust takes a long time to get, and can be destroyed in an instant. It can be very hard to scrub that tarnish off, especially when dealing with safeguarding people's reputation and IP. I hope one day you can salvage the name, my genuine wishes there... but right now, it's still too soon for many people. Bundling malware is still very fresh in people's mind.

Slashdot Top Deals

The opposite of a correct statement is a false statement. But the opposite of a profound truth may well be another profound truth. -- Niels Bohr

Close