ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Vulnerability nyob rau hauv sudo uas tso cai rau kom muaj cai nce ntxiv thaum siv cov cai tshwj xeeb

Vulnerability nyob rau hauv sudo uas tso cai rau kom muaj cai nce ntxiv thaum siv cov cai tshwj xeeb

Hauv kev siv hluav taws xob Sudo, siv los teeb tsa kev ua tiav ntawm cov lus txib sawv cev ntawm lwm tus neeg siv, txheeb xyuas yooj yim (CVE-2019-14287), uas tso cai rau koj los ua cov lus txib nrog cov cai hauv paus, yog tias muaj cov cai hauv sudoers teeb tsa uas nyob rau hauv tus neeg siv ID kos ntu tom qab tso cai lo lus tseem ceeb "ALL" muaj qhov txwv tsis pub khiav nrog cov cai hauv paus ("... (Txhua, !root) ..."). Qhov tsis zoo tsis tshwm sim hauv kev teeb tsa ua ntej hauv kev faib khoom.

Yog tias sudoers siv tau, tab sis tsis tshua muaj tshwm sim hauv kev xyaum, cov cai uas tso cai rau kev ua tiav ntawm qee qhov kev hais kom ua raws li UID ntawm txhua tus neeg siv tsis yog hauv paus, tus neeg tawm tsam uas muaj txoj cai los ua cov lus txib no tuaj yeem hla qhov kev txwv tsim thiab ua tiav cov lus txib nrog cov cai hauv paus. Txhawm rau hla qhov kev txwv, tsuas yog sim ua kom tiav cov lus txib teev tseg hauv cov chaw nrog UID "-1" lossis "4294967295", uas yuav ua rau nws ua tiav nrog UID 0.

Piv txwv li, yog tias muaj txoj cai nyob rau hauv qhov chaw uas muab rau ib tus neeg siv txoj cai los ua qhov program / usr / bin / id nyob rau hauv ib qho UID:

myhost ALL = (TAU, !root) /usr/bin/id

lossis ib qho kev xaiv uas tso cai rau kev tua tsuas yog rau ib tus neeg siv tshwj xeeb bob:

myhost bob = (TAG NRHO, !root) /usr/bin/id

Tus neeg siv tuaj yeem ua "sudo -u '#-1' id" thiab / usr / bin / id utility yuav raug tso tawm ua hauv paus, txawm tias muaj kev txwv tsis pub muaj nyob hauv cov chaw. Qhov teeb meem tshwm sim los ntawm kev saib xyuas qhov tshwj xeeb qhov tseem ceeb "-1" lossis "4294967295", uas tsis ua rau muaj kev hloov pauv hauv UID, tab sis txij li sudo nws tus kheej twb tau khiav hauv paus, yam tsis hloov UID, lub hom phiaj hais kom ua kuj yog. launched nrog cov cai hauv paus.

Hauv SUSE thiab openSUSE kev faib tawm, yam tsis tau qhia meej "NOPASSWD" hauv txoj cai, muaj qhov tsis zoo. tsis exploitable, txij li hauv sudoers hom "Defaults targetpw" yog qhib los ntawm lub neej ntawd, uas kuaj UID tiv thaiv tus password database thiab ua rau koj nkag mus rau lub hom phiaj tus neeg siv tus password. Rau cov tshuab zoo li no, kev tawm tsam tsuas yog ua tau yog tias muaj cov cai ntawm daim ntawv:

myhost ALL = (TAU, !root) NOPASSWD: /usr/bin/id

Qhov teeb meem kho nyob rau hauv kev tso tawm Rub tawm 1.8.28. Kev kho kuj muaj nyob rau hauv daim ntawv thaj. Hauv cov khoom siv faib khoom, qhov tsis yooj yim tau raug kho rau hauv Debian, Arch Linux, SUSE/openSUSE, Ubuntu, Gentoo ΠΈ FreeBSD. Thaum lub sij hawm sau ntawv, qhov teeb meem tseem unfixed nyob rau hauv RHEL ΠΈ Fedora. Qhov tsis zoo no tau txheeb xyuas los ntawm cov kws tshawb fawb txog kev ruaj ntseg los ntawm Apple.

Tau qhov twg los: opennet.ru

Ntxiv ib saib