ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Vulnerability nyob rau hauv OverlayFS tso cai rau escalation

Vulnerability nyob rau hauv OverlayFS tso cai rau escalation

Qhov tsis zoo tau raug txheeb xyuas nyob rau hauv Linux ntsiav hauv kev ua haujlwm ntawm OverlayFS cov ntaub ntawv kaw lus (CVE-2023-0386), uas tuaj yeem siv tau kom tau txais cov hauv paus nkag ntawm cov tshuab uas muaj FUSE subsystem tau nruab thiab tso cai rau mounting ntawm OverlayFS partitions los ntawm qhov tsis muaj qhov tshwj xeeb. tus neeg siv (pib nrog Linux 5.11 ntsiav nrog suav nrog cov neeg siv npe tsis muaj npe). Qhov teeb meem tau raug kho nyob rau hauv 6.2 kernel ceg. Kev tshaj tawm ntawm pob hloov tshiab hauv kev xa tawm tuaj yeem taug qab ntawm nplooj ntawv: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Arch.

Qhov kev tawm tsam yog ua los ntawm kev luam cov ntaub ntawv nrog setgid / setuid chij los ntawm ib qho kev faib mounted nyob rau hauv nosuid hom mus rau ib tug OverlayFS muab faib uas muaj ib txheej txuam nrog cov muab faib uas tso cai rau suid cov ntaub ntawv mus tua. Qhov teeb meem zoo ib yam li CVE-2021-3847 qhov teeb meem tau txheeb xyuas xyoo 2021, tab sis txawv ntawm cov kev siv qis dua - qhov teeb meem qub xav tau kev tswj hwm nrog xattrs, uas txwv tsis pub siv cov npe siv npe (tus neeg siv lub npe), thiab qhov teeb meem tshiab siv cov khoom siv setgid. /setuid uas tsis tshwj xeeb tuav hauv tus neeg siv lub npe.

Attack algorithm:

  • Nrog kev pab los ntawm FUSE subsystem, ib lub kaw lus yog mounted, nyob rau hauv uas muaj ib tug executable ntaub ntawv los ntawm cov neeg siv hauv paus nrog tus chij setuid / setgid, muaj rau txhua tus neeg siv sau ntawv. Thaum mounting, FUSE teeb lub hom rau "nosuid".
  • Unshare user namespaces thiab mount point (user/mount namespace).
  • OverlayFS yog mounted nrog FS yav dhau los tsim hauv FUSE raws li txheej hauv qab thiab txheej saum toj kawg nkaus raws li cov ntawv sau tau. Daim ntawv teev cov txheej txheem saum toj kawg nkaus yuav tsum nyob rau hauv cov ntaub ntawv kaw lus uas tsis siv tus chij "nosuid" thaum mounted.
  • Rau cov ntaub ntawv suid hauv FUSE muab faib, cov khoom siv kov hloov lub sijhawm hloov kho, uas ua rau nws luam tawm mus rau sab saum toj txheej ntawm OverlayFS.
  • Thaum luam tawm, cov ntsiav tsis tshem tawm cov chij setgid/setuid, uas ua rau cov ntaub ntawv tshwm rau ntawm qhov muab faib uas tuaj yeem ua tiav los ntawm setgid/setuid.
  • Txhawm rau kom tau txais cov cai hauv paus, nws txaus los khiav cov ntaub ntawv nrog tus chij setgid / setuid los ntawm cov ntawv teev npe txuas rau sab saum toj txheej ntawm OverlayFS.

Tsis tas li ntawd, peb tuaj yeem nco ntsoov qhov kev tshaj tawm los ntawm cov kws tshawb fawb los ntawm Google Project Zero pab pawg ntawm cov ntaub ntawv hais txog peb qhov tsis zoo uas tau kho nyob rau hauv ceg tseem ceeb ntawm Linux 5.15 kernel, tab sis tsis tau xa mus rau pob pob los ntawm RHEL 8.x/9.x thiab CentOS Stream 9.

  • CVE-2023-1252 - Nkag mus rau thaj chaw nco tau tso tawm hauv ovl_aio_req qauv thaum ua haujlwm ntau lub sijhawm tib lub sijhawm hauv OverlayFS xa mus rau sab saum toj ntawm Ext4 cov ntaub ntawv kaw lus. Muaj peev xwm, qhov tsis zoo tso cai rau koj los ua kom koj cov cai hauv qhov system.
  • CVE-2023-0590 - Xa mus rau thaj chaw nco tau tso tawm hauv qdisc_graft() ua haujlwm. Kev ua haujlwm yog suav tias yog txwv rau rho menyuam.
  • CVE-2023-1249 - Nkag mus rau thaj chaw nco tau tso tawm hauv coredump nkag code vim ploj lawm mmap_lock hu hauv file_files_note. Kev ua haujlwm yog suav tias yog txwv rau rho menyuam.

Tau qhov twg los: opennet.ru

Ntxiv ib saib