Kusagadzikana (CVE-2022-4415) yakaonekwa musystemd-coredump chikamu, iyo inogadzirisa mafaera epakati anogadzirwa mushure mekuparara kwemaitiro, zvichibvumira mushandisi wemuno asina rusarura kuti atarise zviri mukati mendangariro dzemaitiro akasarudzika anomhanya nemudzi we suid mureza. Iyo yekusarudzika yekumisikidza nyaya yakasimbiswa pane yakavhurikaSUSE, Arch, Debian, Fedora uye SLES kugovera.
Kusagadzikana kunokonzerwa nekushaikwa kweiyo fs.suid_dumpable sysctl parameter mu systemd-coredump, iyo, kana yaiswa kune iyo default kukosha ye2, inobvumira kugadzirwa kwepakati pekurasira kwemaitiro ane suid mureza. Zvinonzwisiswa kuti mafaera epakati e suid maitiro akanyorwa ne kernel anofanirwa kuve nekodzero dzekuwana dzakasetwa kubvumidza kuverenga chete nemudzi mushandisi. Iyo systemd-coredump utility, iyo inodaidzwa nekernel kuchengetedza yakakosha mafaera, inochengeta iyo yakakosha faira pasi pemudzi ID, asi nekuwedzera inopa ACL-yakavakirwa kuverenga kuverenga kune iwo musimboti mafaira zvichienderana neID yemuridzi akatanga chirongwa ichi. .
Ichi chimiro chinokutendera kuti utore epakati mafaera pasina hanya nenyaya yekuti chirongwa chinogona kushandura ID yemushandisi uye kumhanya neropafadzo dzakakwirira. Kurwiswa kwacho kunowira kunyaya yekuti mushandisi anogona kuvhura suid application uye otumira iyo SIGSEGV siginecha, uye obva atakura zviri mukati meiyo faira repakati, iro rinosanganisira ndangariro chidimbu chemaitiro panguva yekumisa zvisina kujairika.
Semuenzaniso, mushandisi anogona kumhanya "/ usr/bin/su" uye mune imwe terminal kumisa kuurayiwa kwayo nemurairo "kuuraya -s SIGSEGV `pidof su`", mushure meizvozvo systemd-coredump ichachengetedza iyo yakakosha faira mu / var. /lib/systemd/ directory coredump, kuseta ACL yayo inobvumira kuverenga nemushandisi aripo. Sezvo suid utility 'su' ichiverenga zviri mukati me /etc/mumvuri mundangariro, anorwisa anogona kuwana ruzivo nezve password hashes yevashandisi vese pane system. Iyo sudo utility haibatike kurwisa, sezvo ichirambidza chizvarwa chepakati mafaera kuburikidza neulimit.
Sekureva kwevagadziri vesystemd, kusazvibata kunoonekwa kutanga nesystemd kuburitswa 247 (Mbudzi 2020), asi sekureva kwemuongorori akaona dambudziko, kuburitsa 246 kunokanganisa zvakare. kugoverwa kwese kwakakurumbira). Iyo gadziriso iripo ikozvino sechigamba. Iwe unogona kutevedzera zvigadziriso mukugoverwa pamapeji anotevera: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Gentoo, Arch. Senzira yekuchengetedza, unogona kuseta sysctl fs.suid_dumpable ku0, iyo inodzima kutumira dumps kune systemd-coredump mubato.
Source: opennet.ru