Mobile platform developers , uas hloov CyanogenMod, hais txog kev txheeb xyuas cov kab ntawm kev nyiag ntawm qhov project infrastructure. Nws tau raug sau tseg tias thaum 6 teev sawv ntxov (MSK) Lub Tsib Hlis 3, tus neeg tawm tsam tau tswj hwm kom nkag mus rau lub server tseem ceeb ntawm kev tswj hwm kev tswj hwm hauv nruab nrab. los ntawm exploitation ntawm unpatched vulnerability. Qhov xwm txheej tam sim no raug tshuaj xyuas thiab cov ntsiab lus tseem tsis tau muaj.
tsuas yog hais tias qhov kev tawm tsam tsis cuam tshuam rau cov yuam sij rau kev tsim cov ntawv kos npe digital, cov txheej txheem sib dhos thiab cov cai ntawm lub platform - cov yuam sij ntawm cov tswv tsev sib cais tag nrho los ntawm cov txheej txheem tseem ceeb uas tswj hwm los ntawm SaltStack, thiab kev tsim kho tau raug tso tseg vim yog vim li cas rau lub Plaub Hlis 30. Kev txiav txim los ntawm cov ntaub ntawv ntawm nplooj ntawv Cov neeg tsim khoom tau rov qab kho cov neeg rau zaub mov nrog Gerrit code tshuaj xyuas, lub vev xaib thiab wiki. Cov neeg rau zaub mov nrog cov rooj sib txoos (builds.lineageos.org), lub portal rau rub tawm cov ntaub ntawv (download.lineageos.org), mail servers thiab lub kaw lus rau kev sib koom ua ke xa mus rau iav tseem raug kaw.
Qhov kev tawm tsam tau ua tiav vim qhov tseeb tias qhov chaw nres nkoj network (4506) rau kev nkag mus rau SaltStack thaiv kev thov sab nraud los ntawm firewall - tus neeg tawm tsam yuav tsum tau tos kom muaj qhov cuam tshuam tseem ceeb hauv SaltStack kom tshwm sim thiab siv nws ua ntej cov thawj coj teeb tsa qhov hloov tshiab nrog kev kho. Txhua tus neeg siv SaltStack tau qhia kom hloov kho lawv cov tshuab sai sai thiab tshawb xyuas cov cim ntawm kev nyiag.
Thaj, kev tawm tsam ntawm SaltStack tsis txwv rau kev nyiag nkas LineageOS thiab tau nthuav dav - thaum nruab hnub, ntau tus neeg siv uas tsis muaj sijhawm los hloov kho SaltStack txheeb xyuas qhov kev cuam tshuam ntawm lawv cov infrastructures nrog kev tso kawm ntawm mining code lossis backdoors ntawm servers. suav nrog hais txog qhov zoo sib xws ntawm kev nyiag khoom ntawm cov ntsiab lus kev tswj hwm kev tsim kho vaj tse , uas cuam tshuam rau Ghost(Pro) cov vev xaib thiab them nqi (nws tau lees tias cov lej credit card tsis cuam tshuam, tab sis tus password hashes ntawm Ghost cov neeg siv tuaj yeem poob rau hauv txhais tes ntawm cov neeg tawm tsam).
Plaub Hlis 29 yog SaltStack platform hloov tshiab ΠΈ , nyob rau hauv uas lawv raug tshem tawm (cov ntaub ntawv hais txog qhov tsis zoo tau tshaj tawm rau lub Plaub Hlis 30), uas tau muab rau qib siab tshaj plaws ntawm kev phom sij, vim lawv tsis muaj kev lees paub tseeb tej thaj chaw deb code execution ob qho tib si ntawm tus tswv tsev tswj (ntse-master) thiab ntawm tag nrho cov servers tswj los ntawm nws.
- Thawj qhov tsis zoo () yog tshwm sim los ntawm qhov tsis muaj kev kuaj xyuas kom zoo thaum hu txoj hauv kev ntawm chav kawm ClearFuncs hauv cov txheej txheem ntsev-master. Qhov tsis muaj peev xwm tso cai rau tus neeg siv cov chaw taws teeb nkag mus rau qee txoj hauv kev yam tsis muaj kev lees paub. Xws li los ntawm cov txheej txheem teeb meem, tus neeg tawm tsam tuaj yeem tau txais lub token rau kev nkag mus nrog cov cai hauv paus rau tus tswv server thiab khiav ib qho lus txib ntawm tus tswv tsev uas lub daemon tab tom khiav. . Lub thaj tshem tawm qhov tsis zoo no yog 20 hnub dhau los, tab sis tom qab siv nws lawv ntog , ua rau tsis ua hauj lwm thiab cuam tshuam ntawm cov ntaub ntawv synchronization.
- Thib ob vulnerability () tso cai, los ntawm kev tswj hwm nrog chav kawm ClearFuncs, kom tau txais kev nkag mus rau txoj hauv kev los ntawm kev dhau ntawm ib txoj hauv kev formatted paths, uas tuaj yeem siv rau kev nkag mus rau tag nrho cov npe tsis txaus ntseeg hauv FS ntawm tus tswv server nrog cov cai hauv paus, tab sis yuav tsum muaj kev nkag mus rau qhov tseeb ( xws li kev nkag tau tuaj yeem tau txais los ntawm kev siv thawj qhov tsis muaj zog thiab siv qhov tsis zoo thib ob kom cuam tshuam tag nrho cov txheej txheem).
Tau qhov twg los: opennet.ru