Most of the modern text editors allow users to extend their functionalities by using third-party plugins, in this way they are enlarging their attack surface.
Third-party plugins could be affected by vulnerabilities that could be exploited by hackers to target our systems.
The situation is particularly severe in case the flaw affects a plugin for popular software such as WordPress or Windows’ extensions for Chrome, Firefox or Photoshop.
Dor Azouri, a researcher at SafeBreach, has analyzed several popular extensible text editors for both Unix and Linux systems discovered that except for pico/nano all of them are affected by a critical privilege escalation flaw.
“We examined several popular editors for unix environments. Our research shows how these text editors with third-party plugins can be used as another way to gain privilege escalation on a machine. This method succeeds regardless of the file being opened in the editor, so even limitations commonly applied on sudo commands might not protect from it.” states the blog post published by SafeBreach.
“The set of editors that were put to the test include: Sublime, Vim, Emacs, Gedit, pico/nano.”
An attacker can exploit the flaw to run malicious code on a victims’ machines running the vulnerable text editor.
“This method succeeds regardless of the file being opened in the editor, so even limitations commonly applied on sudo commands might not protect from it,” reads the paper published by the company.
“Technical users will occasionally need to edit root-owned files, and for that purpose they will open their editor with elevated privileges, using ‘sudo.’ There are many valid reasons to elevate the privileges of an editor.”
The vulnerability ties the way these text editors load plugins because they don’t properly separate regular and elevated modes when loading plugins.
Attackers with regular user permissions can access the folder permissions to elevate their privileges and execute arbitrary code on the user’s machine.
Azouri suggests Unix users use an open-source host-based intrusion detection system called OSSEC. Of course, users should avoid loading 3rd-party plugins when the editor is elevated and also deny write permissions for non-elevated users.
Below the full list of mitigations provided by the experts:
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Text Editors, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
This website uses cookies.