Qhov tsis zoo (CVE-2023-22809) tau raug txheeb xyuas nyob rau hauv sudo pob, siv los teeb tsa kev ua tiav ntawm cov lus txib sawv cev ntawm lwm tus neeg siv, uas tso cai rau tus neeg siv hauv zos kho cov ntaub ntawv ntawm lub kaw lus, uas, dhau los, tso cai rau lawv. kom tau txais cov cai hauv paus los ntawm kev hloov /etc/shadow lossis system scripts. Kev siv qhov tsis zoo yuav tsum tau ua kom tus neeg siv hauv cov ntaub ntawv sudoers tau txais txoj cai los khiav cov khoom siv sudoedit lossis "sudo" nrog tus chij "-e".
Qhov tsis zoo yog tshwm sim los ntawm qhov tsis muaj kev tuav pov hwm ntawm "-" cov cim thaum txheeb xyuas qhov hloov pauv ib puag ncig uas txhais tau tias qhov program hu ua hloov kho cov ntaub ntawv. Hauv sudo, qhov "-" ntu yog siv los cais cov editor thiab cov lus sib cav los ntawm cov npe ntawm cov ntaub ntawv raug kho. Tus neeg tawm tsam tuaj yeem ntxiv qhov "-file" tom qab tus editor txoj hauv kev mus rau SUDO_EDITOR, VISUAL, lossis EDITOR ib puag ncig hloov pauv, uas yuav pib kho cov ntaub ntawv teev tseg nrog cov cai tshwj xeeb yam tsis tau kuaj xyuas tus neeg siv cov ntaub ntawv nkag mus.
Qhov tsis zoo tshwm sim txij li ceg 1.8.0 thiab tau kho nyob rau hauv kev kho kho tshiab sudo 1.9.12p2. Kev tshaj tawm ntawm pob hloov tshiab hauv kev faib khoom tuaj yeem taug qab ntawm nplooj ntawv: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Arch, FreeBSD, NetBSD. Raws li kev ruaj ntseg workaround, koj tuaj yeem lov tes taw kev ua haujlwm ntawm SUDO_EDITOR, VISUAL thiab EDITOR ib puag ncig hloov pauv los ntawm kev qhia hauv sudoers: Defaults!sudoedit env_delete+ = "SUDO_EDITOR VISUAL EDITOR"
Tau qhov twg los: opennet.ru