A cikin uwar garken ftpd da aka kawo tare da FreeBSD m rauni (CVE-2020-7468), kyale masu amfani iyakance ga gidansu directory ta amfani da ftpchroot zaɓi don samun cikakken tushen tushen tsarin.
Matsalar tana faruwa ne ta hanyar haɗuwa da kwaro a aiwatar da tsarin keɓewar mai amfani ta amfani da kiran chroot (idan tsarin canza uid ko aiwatar da chroot da chdir ya gaza, an jefa kuskuren da ba mai mutuwa ba wanda ba ya ƙare zaman) da ba da ingantacciyar mai amfani da FTP isassun haƙƙoƙi don ketare ƙuntatawar tushen hanyar a cikin tsarin fayil. Rashin lahani baya faruwa lokacin samun dama ga uwar garken FTP a yanayin da ba a sani ba ko lokacin da mai amfani ya cika shiga ba tare da ftpchroot ba. An warware batun a cikin sabuntawa 12.1-SAUKI-p10, 11.4-SAUKI-p4 da 11.3-SAKI-p14.
Bugu da ƙari, za mu iya lura da kawar da ƙarin lahani guda uku a cikin 12.1-SAUKI-p10, 11.4-SAKI-p4 da 11.3-SAKI-p14:
- - rashin lahani a cikin Bhyve hypervisor, wanda ke ba da damar yanayin baƙo don rubuta bayanai zuwa wurin ƙwaƙwalwar ajiya na mahallin mahallin kuma samun cikakken damar shiga tsarin tsarin. Matsalar tana faruwa ne ta hanyar rashin ƙuntatawa ga umarnin sarrafawa wanda ke aiki tare da adiresoshin runduna ta jiki, kuma kawai yana bayyana akan tsarin tare da AMD CPUs.
- - rashin lahani a cikin hypervisor na Bhyve wanda ke ba da damar maharin tare da tushen haƙƙin cikin mahallin keɓe ta amfani da Bhyve don aiwatar da lamba a matakin kernel. Matsalar ta samo asali ne ta rashin ƙayyadaddun ƙuntatawa ga tsarin VMCS (Virtual Machine Control Structure) akan tsarin tare da Intel CPUs da VMCB (Virtual).
Block Control Block) akan tsarin tare da AMD CPUs. - - rashin lahani a cikin direban ure (USB Ethernet Realtek RTL8152 da RTL8153), wanda ke ba da izinin fakiti daga wasu runduna ko maye gurbin fakiti zuwa wasu VLAN ta hanyar aika manyan firam (fiye da 2048).
source: budenet.ru