An gano wani rauni (CVE-2021-4122) a cikin kunshin Cryptsetup, wanda aka yi amfani da shi don ɓoye ɓangarori na faifai a cikin Linux, wanda ke ba da damar ɓoye ɓoyayyen ɓoyayyen ɓoyayyiyar a cikin tsarin LUKS2 (Linux Unified Key Setup) ta hanyar gyara metadata. Don yin amfani da raunin rauni, dole ne maharin ya sami damar shiga ta zahiri zuwa rufaffen kafofin watsa labarai, watau. Hanyar tana da ma'ana musamman don kai hari kan ɓoyayyun na'urorin ma'ajiyar waje, irin su Flash Drive, waɗanda maharin ke da damar zuwa gare su amma bai san kalmar sirrin da zai yanke bayanan ba.
Harin yana aiki ne kawai don tsarin LUKS2 kuma yana da alaƙa da yin amfani da metadata da ke da alhakin kunna haɓakar "renecryption akan layi", wanda ke ba da damar, idan ya cancanta don canza maɓallin shiga, don fara aiwatar da sake ɓoye bayanan akan tashi. ba tare da tsayawa aiki tare da bangare ba. Tun da tsarin ɓoyewa da ɓoyewa tare da sabon maɓalli yana ɗaukar lokaci mai yawa, "renecryption akan layi" yana ba da damar kada a katse aiki tare da ɓangaren kuma sake yin ɓoyayyen ɓoye a bango, sannu a hankali sake ɓoye bayanan daga maɓalli ɗaya zuwa wani. . Hakanan yana yiwuwa a zaɓi maɓallin manufa mara kyau, wanda ke ba ku damar canza sashin zuwa sigar da aka ɓoye.
Mai kai hari na iya yin canje-canje ga metadata na LUKS2 wanda ke kwaikwayi ɓarna aikin ɓarna sakamakon gazawa da cimma ɓarnawar ɓangaren ɓangaren bayan kunnawa da amfani da injin da mai shi ya gyara. A wannan yanayin, mai amfani da ya haɗa na'urar da aka gyara kuma ya buɗe shi tare da kalmar sirri daidai ba zai sami wani gargadi game da tsarin maido da aikin da aka katse ba kuma zai iya gano ci gaban wannan aikin ta amfani da "luks Dump" kawai. umarni. Adadin bayanan da maharin zai iya yankewa ya dogara da girman rubutun LUKS2, amma a girman tsoho (16 MiB) zai iya wuce 3 GB.
Matsalar ta samo asali ne saboda gaskiyar cewa ko da yake sake ɓoyewa yana buƙatar ƙididdigewa da tabbatar da hashes na sababbin da tsoffin maɓallai, ba a buƙatar hash don fara ƙaddamarwa ba idan sabuwar jihar ta nuna rashin maɓalli na fili don ɓoyewa. Bugu da ƙari, metadata na LUKS2, wanda ke ƙayyadad da algorithm na ɓoyewa, ba a kiyaye shi daga gyare-gyare idan ya faɗa hannun maharin. Don toshe raunin, masu haɓakawa sun ƙara ƙarin kariya don metadata zuwa LUKS2, wanda yanzu ana bincika ƙarin zanta, ƙididdigewa bisa sanannun maɓallan da abubuwan da ke cikin metadata, watau. maharin ba zai iya sake canza metadata ba tare da sanin kalmar sirri ba.
Halin yanayin hari na yau da kullun yana buƙatar cewa maharin su sami damar samun hannayensu akan tuƙi sau da yawa. Da farko, maharin da bai san kalmar sirrin shiga ba yana yin canje-canje ga yankin metadata, yana haifar da ɓarna ɓangaren bayanan a gaba lokacin da aka kunna tuƙi. Ana mayar da motar zuwa wurinsa kuma maharin yana jira har sai mai amfani ya haɗa shi ta hanyar shigar da kalmar sirri. Lokacin da mai amfani ya kunna na'urar, ana fara aiwatar da sake ɓoye bayanan baya, lokacin da ake maye gurbin ɓangaren ɓoyayyen bayanan da bayanan da aka ɓoye. Bugu da ari, idan maharin ya sake samun nasarar sa hannunsa a kan na'urar, wasu bayanan da ke kan tuƙi za su kasance a cikin hanyar da ba a ɓoye ba.
An gano matsalar ta mai kula da aikin cryptsetup kuma an gyara shi a cikin sabuntawar cryptsetup 2.4.3 da 2.3.7. Matsayin sabuntawa da aka samar don gyara matsalar a cikin rabawa ana iya bin diddigin waɗannan shafuka: Debian, RHEL, SUSE, Fedora, Ubuntu, Arch. Rashin lahani yana bayyana kawai tun lokacin da aka saki cryptsetup 2.2.0, wanda ya gabatar da goyon baya ga aikin "renecryption" akan layi. A matsayin tsarin aiki don kariya, ana iya amfani da ƙaddamar da zaɓin "--disable-luks2-reencryption".
source: budenet.ru