Kusagadzikana (CVE-2022-37706) kwakaonekwa munzvimbo yeChiedza chemushandisi inobvumira mushandisi wemuno asina rusarura kuti aite kodhi ine midzi kodzero. Kusagadzikana hakusati kwagadziriswa (0-zuva), asi kwatove nekushandiswa kunowanikwa munharaunda yeruzhinji, yakaedzwa muUbuntu 22.04.
Dambudziko riri mu enlightenment_sys inogoneka, iyo inotakura ne suid mudzi mureza uye inoita mimwe mirairo inotenderwa, sekukwirisa drive nemomo utility, kuburikidza nekufona ku system(). Nekuda kwekusashanda zvisirizvo kwebasa rinogadzira tambo yakapfuudzwa kune system () kufona, makotesheni anochekwa kubva kune nharo dzemurairo uri kutangwa, unogona kushandiswa kumhanyisa yako kodhi. Semuenzaniso, paunenge uchimhanya mkdir -p /tmp/net mkdir -p "/tmp/;/tmp/exploit" echo "/bin/sh"> /tmp/exploit chmod a+x /tmp/exploit enlightenment_sys /bin/mount - o noexec,nosuid,utf8,nodev,iocharset=utf8,utf8=0,utf8=1,uid=$(id -u), β/dev/../tmp/;/tmp/exploitβ /tmp// / mambure
nekuda kwekubviswa kwemakotesheni maviri, pachinzvimbo chemurairo wakataurwa '/ bin/mount ... "/dev/../tmp/;/tmp/exploit" /tmp///net' tambo isina makotesheni kaviri ichave yakapfuura kune iyo system () basa '/bin/mount ... /dev/../tmp/;/tmp/exploit /tmp///net', izvo zvinokonzeresa murairo '/tmp/exploit /tmp///net ' kuurayiwa zvakaparadzana pachinzvimbo chekugadziriswa sechikamu chenzira yekuenda kuchishandiso. Mitsetse "/dev/../tmp/" uye "/tmp///net" inosarudzwa kunzvenga nharo ichitarisa murairo wegomo muinlightenment_sys (mudziyo wegomo unofanira kutanga ne /dev/ uye unongedza kune faira iripo, uye mavara matatu "/" pagomo anotsanangurwa kuti awane saizi yenzira inodiwa).
Source: opennet.ru