ProHoster > Блог > labaran intanet > Rashin lahani a cikin Linux kernel ksmbd module wanda ke ba da izinin aiwatar da lambar nesa

Rashin lahani a cikin Linux kernel ksmbd module wanda ke ba da izinin aiwatar da lambar nesa

A cikin tsarin ksmbd, wanda ke ba da aiwatar da uwar garken fayil bisa ka'idar SMB da aka gina a cikin kernel na Linux, an gano lahani 14, wanda huɗu ke ba da izinin aiwatar da lambar nesa tare da haƙƙin kwaya. Ana iya kai harin ba tare da tantancewa ba, ya isa cewa an kunna ksmbd module akan tsarin. Matsaloli sun bayyana suna farawa da kernel 5.15, wanda ya haɗa da ƙirar ksmbd. An daidaita rashin lafiyar a cikin sabuntawar kwaya 6.3.2, 6.2.15, 6.1.28 da 5.15.112. Kuna iya bin diddigin gyara a cikin rabawa akan shafuka masu zuwa: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Gentoo, Arch.

Abubuwan da aka gano:

  • CVE-2023-32254, CVE-2023-32250, CVE-2023-32257, CVE-2023-32258 - aiwatar da code mai nisa tare da gatan kwaya saboda rashin makullin abu daidai lokacin sarrafa buƙatun waje mai ɗauke da SMB2_TREE_DIMBES 2_RUFE, yana haifar da yanayin tseren amfani. Ana iya kai harin ba tare da wucewa ta tantancewa ba.
  • CVE-2023-32256 - Abubuwan da ke cikin wuraren ƙwaƙwalwar kernel sun yoyo saboda yanayin tsere yayin sarrafa umarnin SMB2_QUERY_INFO da SMB2_LOGOFF. Ana iya kai harin ba tare da wucewa ta tantancewa ba.
  • CVE-2023-32252, CVE-2023-32248 - Ƙin sabis na nisa saboda rashin kuskuren mai nuni lokacin sarrafa SMB2_LOGOFF, SMB2_TREE_CONNECT da SMB2_QUERY_INFO umarni. Ana iya kai harin ba tare da wucewa ta tantancewa ba.
  • CVE-2023-32249 - Yiwuwar satar zaman mai amfani saboda rashin warewar da ya dace lokacin sarrafa id ɗin zaman a cikin yanayin tashoshi da yawa.
  • CVE-2023-32247, CVE-2023-32255 - Ƙin sabis saboda ƙwanƙwasa ƙwaƙwalwar ajiya yayin sarrafa umarnin SMB2_SESSION_SETUP. Ana iya kai harin ba tare da wucewa ta tantancewa ba.
  • CVE-2023-2593 - Ƙin sabis saboda gajiyar da ake samu na ƙwaƙwalwar ajiya, wanda ya haifar da bug wanda ke sa ba za a dawo da ƙwaƙwalwar ajiya lokacin sarrafa sababbin hanyoyin sadarwa na TCP ba. Ana iya kai harin ba tare da wucewa ta tantancewa ba.
  • CVE-2023-32253 - Ƙin sabis saboda kulle-kulle da ke faruwa yayin aiwatar da umarnin SMB2_SESSION_SETUP. Ana iya kai harin ba tare da wucewa ta tantancewa ba.
  • CVE-2023-32251 - Babu kariya daga hare-haren karfi.
  • CVE-2023-32246 - Mai amfani da tsarin gida yana da hakkin sauke ksmbd module na iya haifar da aiwatar da lambar su a matakin kernel na Linux.

Bugu da ƙari, an gano ƙarin lahani 5 a cikin kunshin ksmbd-tools, wanda ya haɗa da abubuwan amfani don sarrafawa da aiki tare da ksmbd waɗanda ke gudana a cikin sararin mai amfani. Mafi haɗari masu haɗari (ZDI-CAN-17822, ZDI-CAN-17770, ZDI-CAN-17820, CVE ba a sanya shi ba tukuna) yana ba da damar maharin da ba a tabbatar da shi ba don aiwatar da lambar sa a matsayin tushen. Matsalolin suna faruwa ne ta hanyar rashin bincika girman bayanan da aka karɓa kafin a kwafi shi zuwa buffer a cikin lambar sabis na WKSSVC da kuma a cikin LSARPC_OPNUM_LOOKUP_SID2 da SAMR_OPNUM_QUERY_USER_INFO masu sarrafa opcode. Ƙarin lahani guda biyu (ZDI-CAN-17823, ZDI-CAN-17821) na iya haifar da ƙin sabis na nesa ba tare da tabbaci ba.

Ksmbd ana ɗaukarsa a matsayin babban aiki, haɓaka shirye-shiryen tsawaita zuwa Samba, haɗawa da kayan aikin Samba da ɗakunan karatu idan an buƙata. An haɗa tallafi don gudanar da sabar SMB ta amfani da tsarin ksmbd a cikin kunshin Samba tun lokacin da aka saki 4.16.0. Ba kamar uwar garken SMB mai amfani da sararin samaniya ba, ksmbd ya fi dacewa ta fuskar aiki, amfani da ƙwaƙwalwar ajiya, da haɗin kai tare da ci-gaban fasalin kernel.Steve French na Microsoft, mai kula da tsarin CIFS/SMB2/SMB3 a cikin Linux kernel kuma memba na dogon lokaci. ƙungiyar ci gaban Samba, ta ba da gudummawa mai mahimmanci ga aiwatar da tallafin yarjejeniya na SMB/CIFS a Samba da Linux.

Bugu da ƙari, ana iya lura da lahani biyu a cikin vmwgfx graphics direban da aka yi amfani da shi don aiwatar da haɓakar 3D a cikin mahallin VMware. Rashin lahani na farko (ZDI-CAN-20292) yana bawa mai amfani na gida damar haɓaka gatansu a cikin tsarin. Rashin lafiyar yana faruwa ne sakamakon rashin bincika yanayin buffer kafin yantar da shi lokacin sarrafa abin vmw_buffer_object, wanda zai iya haifar da kira sau biyu zuwa aikin kyauta. Rashin lahani na biyu (ZDI-CAN-20110) yana zubar da abubuwan da ke cikin ƙwaƙwalwar kernel saboda kurakurai a cikin tsara kulle abubuwan GEM.

source: budenet.ru

Add a comment