He whakaraeraetanga (CVE-2022-45063) kua kitea i roto i te xterm terminal emulator, e taea ai te whakahaere i nga whakahau anga ina whakahaerea etahi raupapa mawhiti i roto i te tauranga. Mo te whakaeke i te keehi ngawari, he nui noa ki te whakaatu i nga ihirangi o tetahi konae i hangaia, hei tauira, ma te whakamahi i te taputapu ngeru, te whakapiri ranei i tetahi raina mai i te papatopenga. printf "\e]50;i\$(pa /tmp/hack-like-its-1999)\a\e]50;?\a" > cve-2022-45063 cat cve-2022-45063
Ko te raruraru i puta mai i te hapa i roto i te whakahaere i te raupapa mawhiti waehere 50 i whakamahia hei tautuhi, hei tiki mai ranei i nga whiringa momotuhi. Ki te kore te momotuhi i tonohia, ka whakahokia e te mahi te ingoa momotuhi kua tohua ki te tono. Kaore e taea e koe te whakauru tika i nga tohu mana ki te ingoa, engari ka taea te whakamutu te aho kua whakahokia mai ki te raupapa "^G", i roto i te zsh, i te wa e kaha ana te aratau whakatika raina vi-style, ka mahia he mahi roha rarangi, ka taea whakamahia ki te whakahaere i nga tono me te kore e tino pehi i te paatene Whakauru.
Kia pai ai te whakamahi i te whakaraeraetanga, me whakamahi te kaiwhakamahi i te anga whakahau Zsh me te ētita raina whakahau (vi-cmd-mode) kua tautuhia ki te aratau "vi", i te nuinga o te waa kaore e whakamahia taunoa i nga tohatoha. Kare hoki te raru e puta mai i te wa e whakatauhia ana nga tautuhinga xterm allowWindowOps=false, allowFontOps=false ranei. Hei tauira, allowFontOps=false kua tautuhia ki OpenBSD, Debian me RHEL, engari kaore e whakamahia taunoa i Arch Linux.
Ma te whakatau i te rarangi o nga huringa me te korero a te kairangahau nana i tautuhi i te raruraru, i whakatauhia te whakaraeraetanga i roto i te tukunga xterm 375, engari e ai ki etahi atu puna korero, kei te haere tonu te whakaraerae i te xterm 375 mai i te Arch Linux. Ka taea e koe te whai i te whakaputanga o nga whakatika ma te tohatoha i enei wharangi: Debian, RHEL, Fedora, SUSE, Ubuntu, Arch Linux, OpenBSD, FreeBSD, NetBSD.
Source: opennet.ru