An gano wani rauni (CVE-2025-62876) a cikin LightDM KDE Greeter, aiwatar da allon shiga ta hanyar KDE kuma an gina shi akan tsarin LightDM. Wannan raunin yana ba da damar haɓaka gata daga mai amfani mara amfani na lightdm, wanda LightDM ke gudana, zuwa tushen mai amfani. An daidaita raunin a cikin lightdm-kde-greeter 6.0.4.
Kungiyar aikin SUSE ce ta gano raunin bayan sun sake nazarin shawara don ƙara fakitin lightdm-kde-greeter zuwa ma'ajiyar buɗaɗɗen SUSE Tumbleweed. Matsalar ta wanzu a cikin sabis na DBus, wanda ke ba masu amfani damar tsara jigogi na allo na shiga. Ana aiwatar da sabis ɗin azaman mai sarrafa KAuth, yana gudana tare da tushen gata. Rashin lahani yana faruwa ta hanyar dabaru daban-daban a cikin lambar don sarrafa saitunan farawa da kirtani "copy_." Don irin waɗannan saitunan, ana kiran aiki tare da tushen gata waɗanda suka kwafi ƙayyadaddun fayil zuwa ga /var/lib/lightdm directory, mallakar mai amfani da lightdm. Anyi amfani da wannan aikin don loda hotuna daga kundin adireshin mai amfani, wanda LightDM ba zai iya karantawa kai tsaye ba yayin nunin allo na shiga saboda haƙƙin samun dama.
Ana yin aikin kwafin tare da gata na tushen, kuma mai mallakar fayil ɗin da aka samu yana canzawa bayan kwafi. Don haka, ana iya amfani da wannan fasalin don kwafin fayiloli waɗanda masu amfani na yau da kullun ba su da damar yin amfani da su, kamar /etc/shadow, zuwa ga adireshi na /var/lib/lightdm ga jama'a. Bugu da ƙari, ta hanyar ƙirƙirar hanyar haɗi ta alama a /var/lib/lightdm tare da sunan fayil ɗin da ake motsawa, zaku iya sake rubuta kowane fayiloli akan tsarin.
Idan an kunna mai sarrafa canjin jigon LightDM a cikin saitunan Polkit don masu amfani marasa gata, raunin da ke cikin tambaya yana ba kowane mai amfani damar haɓaka gatansu zuwa tushen. Koyaya, a aikace, Polkit yawanci yana buƙatar izinin "auth_admin_keep" don aiwatar da wannan aikin, wanda ke buƙatar shigar da kalmar wucewar mai gudanarwa. A ƙarƙashin waɗannan yanayi, ana iya kai hari tare da haƙƙin shiga azaman mai amfani da lightdm.
Tunda harin yana buƙatar yin amfani da gata na mai amfani na lightdm, an ƙididdige batun a matsayin ƙananan tsanani. An yi imanin cewa za a iya amfani da raunin a matsayin hanya ta biyu don haɓaka gata bayan samun nasarar yin amfani da wani rauni a cikin LightDM, yana ba da damar aiwatar da lambar tare da gata na mai amfani na lightdm.
source: budenet.ru
