Qhov tsis zoo (CVE-2022-37706) tau raug txheeb xyuas nyob rau hauv Enlightenment tus neeg siv ib puag ncig uas tso cai rau tus neeg siv hauv zos uas tsis muaj cai ua cov cai nrog cov cai hauv paus. Qhov teeb meem tseem tsis tau raug kho (0-hnub), tab sis twb muaj kev siv dag zog muaj nyob rau hauv pej xeem sau, sim hauv Ubuntu 22.04.
Qhov teeb meem yog nyob rau hauv lub enlightenment_sys executable, uas ships nrog lub suid paus chij thiab ua tej yam tso cai commands, xws li mounting tus tsav nrog lub mount utility, los ntawm kev hu mus rau system(). Vim qhov kev ua haujlwm tsis raug ntawm cov haujlwm uas tsim cov hlua hla mus rau qhov system() hu, cov lus txiav tawm raug txiav los ntawm cov lus sib cav ntawm cov lus txib tau pib, uas tuaj yeem siv los khiav koj tus kheej cov cai. Piv txwv li, thaum khiav mkdir -p /tmp/net mkdir -p "/tmp/;/tmp/exploit" ncha "/bin/sh"> /tmp/exploit chmod a+x /tmp/exploit enlightenment_sys /bin/mount - o noexec,nosuid,utf8,nodev,iocharset=utf8,utf8=0,utf8=1,uid=$(id -u), β/dev/../tmp/;/tmp/exploitβ /tmp// / net
vim qhov kev tshem tawm ntawm ob nqe lus, es tsis txhob ntawm cov lus txib '/bin/mount ... "/dev/../tmp/;/tmp/exploit" /tmp///net' ib txoj hlua tsis muaj ob nqe lus yuav yog dhau mus rau qhov system() muaj nuj nqi '/bin/mount β¦ /dev/../tmp/;/tmp/exploit /tmp///net', uas yuav ua rau cov lus txib '/tmp/exploit /tmp///net ' yuav tsum tau txiav txim cais es tsis txhob ua tiav raws li ib feem ntawm txoj kev mus rau ntaus ntawv. Cov kab "/dev/../tmp/" thiab "/tmp///net" raug xaiv los hla kev sib cav kuaj xyuas cov lus txib mount hauv enlightenment_sys (lub mount ntaus ntawv yuav tsum pib nrog /dev/ thiab taw tes rau cov ntaub ntawv uas twb muaj lawm, thiab peb "/" cov cim ntawm qhov taw tes mount tau teev kom ua tiav txoj kev xav tau loj).
Tau qhov twg los: opennet.ru