Ghostscript, saitin kayan aiki don sarrafawa, juyawa da samar da takardu a cikin PostScript da tsarin PDF, yana da rauni mai mahimmanci (CVE-2021-3781) wanda ke ba da damar aiwatar da lambar sabani lokacin sarrafa fayil ɗin da aka tsara musamman. Da farko, an gabatar da matsalar ga Emil Lerner, wanda ya yi magana game da raunin da ya faru a ranar 25 ga Agusta a taron ZeroNights X da aka gudanar a St. sami kari don nuna hare-hare akan ayyukan AirBNB, Dropbox da Yandex.Real Estate).
A ranar 5 ga Satumba, cin zarafi na aiki ya bayyana a cikin jama'a wanda ke ba ku damar kai hari kan tsarin da ke gudana Ubuntu 20.04 ta hanyar watsa daftarin aiki na musamman da aka ɗora azaman hoto zuwa rubutun gidan yanar gizo da ke gudana akan sabar ta amfani da kunshin php-imagemagick. Bugu da ƙari, bisa ga bayanan farko, ana amfani da irin wannan amfani tun Maris. An yi iƙirarin cewa tsarin da ke gudana GhostScript 9.50 za a iya kai hari, amma ya zama cewa raunin yana nan a cikin duk nau'ikan GhostScript na gaba, gami da ci gaba na 9.55 daga Git.
An ba da shawarar gyarawa a ranar 8 ga Satumba kuma, bayan nazarin takwarorinsu, an karɓi su cikin ma'ajiyar GhostScript a ranar 9 ga Satumba. A cikin yawancin rarrabawa, matsalar ta kasance ba a gyara ba (ana iya duba matsayin buga sabuntawa akan shafukan Debian, Ubuntu, Fedora, SUSE, RHEL, Arch Linux, FreeBSD, NetBSD). An shirya sakin GhostScript tare da gyara don rashin lafiyar da za a buga kafin ƙarshen wata.
Matsalar tana faruwa ne ta hanyar yuwuwar ƙetare yanayin keɓewar "-dSAFER" saboda rashin isassun duba sigogin na'urar Postscript "% pipe%", wanda ya ba da izinin aiwatar da umarnin harsashi na sabani. Misali, don kaddamar da id utility a cikin takarda, kawai saka layin "(% bututu%/tmp/&id)(w)file"ko"(% bututu%/tmp/;id)(r)fayil".
Bari mu tunatar da ku cewa raunin da ke cikin Ghostscript yana haifar da ƙarin haɗari, tunda ana amfani da wannan fakitin a cikin shahararrun aikace-aikace don sarrafa tsarin PostScript da PDF. Misali, ana kiran Ghostscript yayin ƙirƙirar babban hoto na tebur, firikwensin bayanan baya, da canza hoto. Don cin nasara kai hari, a yawancin lokuta ya isa kawai zazzage fayil ɗin tare da amfani ko duba kundin adireshi tare da shi a cikin mai sarrafa fayil wanda ke goyan bayan nunin takaitaccen siffofi, alal misali, a cikin Nautilus.
Hakanan ana iya amfani da rashin ƙarfi a cikin Ghostscript ta hanyar masu sarrafa hoto dangane da fakitin ImageMagick da GraphicsMagick ta hanyar wuce su fayil ɗin JPEG ko PNG mai ɗauke da lambar PostScript maimakon hoto (irin wannan fayil ɗin za a sarrafa shi a cikin Ghostscript, tunda ana gane nau'in MIME ta hanyar abun ciki, kuma ba tare da dogara ga tsawo ba).
source: budenet.ru