Hackers Can Abuse Plugins for Popular Unix Text Editors to Escalate Privileges
Mar 19, 2018, 11:00 (0 Talkback[s])
(Other stories by Gurubaran)
Advanced Unix Text Editors offers extensibility by allowing users to install third-party plugins for ease of use and to enhance the Text Editors functionalities. Server administrators often run text editors with elevated privileges ???sudo gedit??? to edit root-owned configuration files. If the text editor contains vulnerable third-party plugin it enlarges attack surface. A vulnerable third-party text editor plugin could be abused by attackers to escalate the privileges of your system/server.