The swap file sticks around until Vim exits properly, at which point the swap file is deleted. What is not as well known is that the swap file also contains the entire contents of the file you’re editing. This file contains recovery information in case your vim session crashes: you can recover what you were editing next time you go to edit that file. Anyone who’s ever used Vim knows it creates a swap file whenever you edit a file. This vulnerability works by exploiting the way Vim handles swap files. This vulnerability allowed a remote attacker to obtain the database credentials for a WordPress database from a WordPress site. If you are not familiar with him, he does a lot of really great work and a lot of really cutting-edge Linux vulnerability research. CVE-2017-100382 was discovered by Hanno Bock of The Fuzzing Project. I wasn’t looking to discover a CVE and at that time I had no idea I was going to discover my first CVE that day. It was slightly different but very closely related to the vulnerability I ultimately discovered. This was a new vulnerability that had just come through in Vim. I set out that morning to analyze the vulnerability CVE-2017-1000382 on Cucumber Linux. This is a security vulnerability in Vim that allows for a couple interesting exploits. Today I am writing about how I accidentally discovered CVE-2017-17087.
0 kommentar(er)
