An gano wani rauni (CVE-2022-45063) a cikin kwailin tashar tashar xterm, wanda ke ba da izinin aiwatar da umarnin harsashi lokacin da aka sarrafa wasu jerin tserewa a cikin tashar. Don hari a cikin mafi sauƙi, ya isa a nuna abubuwan da ke cikin fayil ɗin da aka tsara musamman, alal misali, ta amfani da kayan aikin cat, ko liƙa layi daga allon allo. printf "\e] 50; i \$(touch /tmp/hack-like-its-1999)\a\e]50;?\a" > cve-2022-45063 cat cve-2022-45063
Matsalar tana faruwa ne ta hanyar kuskuren sarrafa lambar 50 jerin tserewa da aka yi amfani da ita don saita ko dawo da zaɓuɓɓukan rubutu. Idan font ɗin da aka nema bai wanzu ba, aikin zai dawo da sunan rubutun da aka ƙayyade a cikin buƙatar. Ba za ku iya shigar da haruffan sarrafawa kai tsaye a cikin sunan ba, amma za a iya ƙare kirtani da aka dawo tare da jerin "^G", wanda a cikin zsh, lokacin da yanayin gyaran layi na vi-style ke aiki, yana haifar da aikin faɗaɗa jeri, wanda zai iya. a yi amfani da shi don gudanar da umarni ba tare da latsa maɓallin Shigar ba.
Don samun nasarar cin gajiyar rauni, mai amfani dole ne ya yi amfani da harsashin umarni na Zsh tare da editan layin umarni (vi-cmd-mode) saita zuwa yanayin “vi, wanda yawanci ba a amfani da shi ta tsohuwa a cikin rabawa. Matsalar kuma ba ta bayyana lokacin da saitunan xterm ke ba da izinin WindowOps=ƙarya ko ƙyaleFontOps=ƙarya aka saita. Misali, allowFontOps=arya an saita shi a cikin OpenBSD, Debian da RHEL, amma ba a yi amfani da shi ta tsohuwa ba a Arch Linux.
Yin la'akari da jerin canje-canje da kuma bayanin mai binciken wanda ya gano matsalar, an daidaita rashin lafiyar a cikin xterm 375 saki, amma bisa ga wasu kafofin, raunin ya ci gaba da bayyana a cikin xterm 375 daga Arch Linux. Kuna iya bin diddigin buga gyare-gyare ta hanyar rarrabawa akan waɗannan shafuka: Debian, RHEL, Fedora, SUSE, Ubuntu, Arch Linux, OpenBSD, FreeBSD, NetBSD.
source: budenet.ru