ProHoster > Blog > internet nhau > Kusagadzikana muOverlayFS inobvumira ropafadzo kuwedzera

Kusagadzikana muOverlayFS inobvumira ropafadzo kuwedzera

MuLinux kernel, kusazvibata kwakaonekwa mukuitwa kweOverlayFS faira system (CVE-2023-0386), iyo inogona kushandiswa kuwana midzi yekuwana pane masisitimu ane FUSE subsystem yakaiswa uye inobvumidza kukwidziridzwa kweOverlayFS zvikamu ne asina kurongeka mushandisi (kutanga neLinux kernel 5.11 pamwe nekubatanidzwa kweasina kurongeka mushandisi wemazita). Dambudziko rakagadziriswa mubazi re 6.2 kernel. Kuburitswa kwezvigadziriso zvepakeji mukugovera kunogona kuteverwa pamapeji: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Arch.

Kurwiswa kwacho kunoitwa nekukopa mafaera ane setgid/setuid mireza kubva pachikamu chakaiswa mu nosuid modhi kuenda kune OverlayFS chikamu chine dhizaini chine chekuita nechikamu chinobvumira kuurayiwa kwemafaira ekusuwa. Kusagadzikana kuri padyo neiyo CVE-2021-3847 nyaya yakaonekwa muna 2021, asi ine yakaderera kubiridzira zvinodiwa - iyo yekare nyaya inoda manipulation ye xattrs, iyo inogumira kana uchishandisa mazita emushandisi, uye nyaya nyowani inoshandisa bits setgid/setuid, izvo zviri. haina kubatwa zvakananga munzvimbo yezita remushandisi.

Attack algorithm:

  • Uchishandisa iyo FUSE subsystem, faira system inoiswa, umo mune faira rinogoneka riri remudzi mushandisi ane setuid/setgid mireza, inowanikwa kune vese vashandisi pakunyora. Paunenge uchikwira, FUSE inoisa modhi ku "nosuid".
  • Mazita emushandisi/anokwira haana kugovaniswa.
  • OverlayFS inokwidziridzwa, ichitsanangura iyo FS yakambogadzirwa muFUSE seyepasi pasi uye iyo yepamusoro layer yakavakirwa pane inonyorwa dhairekitori. Iyo yepamusoro layer dhairekitori inofanirwa kunge iri mufaira system isingashandisi "nosuid" mureza kana uchiiisa.
  • Kune suid faira muFUSE partition, iyo yekubata inoshandiswa inoshandura nguva yekushandura, iyo inotungamira mukukopa kwayo kumusoro weOverlayFS.
  • Paunenge uchikopa, kernel haijekese setgid/setuid mireza, izvo zvinoita kuti faira rioneke muchikamu chinobvumira setgid/setuid kugadzirisa.
  • Kuti uwane kodzero dzemidzi, ingo mhanyisa faira neiyo setgid/setuid mireza kubva pane dhairekitori yakasungirirwa kumusoro weOverlayFS.

Pamusoro pezvo, isu tinogona kucherechedza kuburitswa kwakaitwa nevaongorori kubva kuGoogle Project Zero timu yeruzivo nezve hutatu hwekusagadzikana hwakagadziriswa mubazi guru reLinux kernel 5.15, asi haina kuendeswa kumapakeji ane kernel kubva kuRHEL 8.x/9. x uye CentOS Stream 9.

  • CVE-2023-1252 - kuwana kune yakatosunungurwa ndangariro nzvimbo mune ovl_aio_req chimiro kana uchiita akawanda maoparesheni panguva imwe chete muOverlayFS akaiswa pamusoro peExt4 faira system. Zvichigona, kusazvibata kunokubvumira kuti uwedzere ropafadzo dzako muhurongwa.
  • CVE-2023-0590 - Kuwana kune yakatosunungurwa ndangariro mune qdisc_graft () basa. Kushanda kunofungidzirwa kuti kunogumira pakugumiswa kusiri kwenguva dzose.
  • CVE-2023-1249 Iyo yakatosunungurwa ndangariro kupinda mucoredump kunyora kodhi inoitika nekuda kwekutadza kufona ku mmap_lock mu file_files_note. Kushanda kunofungidzirwa kuti kunogumira pakugumiswa kusiri kwenguva dzose.

Source: opennet.ru

Voeg