sakin kunshin riga-kafi na kyauta , wanda aka kawar da uku :
- - maharin cikin gida mara gata yana iya tsara gogewa ko motsi na fayilolin sabani akan tsarin; misali, zaku iya share /etc/passwd ba tare da samun izini ba. Rashin lahani yana haifar da yanayin tseren da ke faruwa a lokacin da ake duba fayilolin ƙeta kuma ya ba mai amfani damar samun damar harsashi akan tsarin don maye gurbin jagorar manufa don a duba shi tare da hanyar haɗin yanar gizo na alama da ke nuna wata hanya ta daban.
Misali, mai hari zai iya ƙirƙirar kundin adireshi “/ gida/mai amfani/amfani/” sannan ya loda fayil tare da sa hannun ƙwayar cuta a ciki, yana sanya wa wannan fayil suna “passwd”. Bayan gudanar da shirin duba ƙwayoyin cuta, amma kafin share fayil ɗin da ke da matsala, za ku iya maye gurbin adireshin "yi amfani" tare da hanyar haɗin yanar gizo na alama da ke nunawa "/ sauransu" directory, wanda zai sa riga-kafi ta goge fayil ɗin /etc/passwd. Rashin lahani yana bayyana kawai lokacin amfani da clamscan, clamdscan da clamonac tare da zaɓin "-move" ko "--cire".
- CVE-2020-3327, CVE-2020-3481 suna da rauni a cikin kayayyaki don tantance wuraren adana bayanai a cikin tsarin ARJ da EGG, suna ba da izinin hana sabis ta hanyar canja wurin kayan tarihin da aka kera na musamman, wanda sarrafa su zai haifar da faɗuwar tsarin binciken. .
source: budenet.ru