Nuglaanta (CVE-2022-37706) ayaa lagu aqoonsaday deegaanka isticmaalaha Iftiinka taasoo u oggolaanaysa isticmaale maxalli ah oo aan mudnayn inuu fuliyo koodka xuquuqda xididka. Nuglaanta weli lama go'in (0-maalin), laakiin waxaa horayba u jiray ka faa'iidaysi laga heli karo qaybta dadweynaha, oo lagu tijaabiyay Ubuntu 22.04.
Dhibaatadu waxay ku jirtaa enlightenment_sys executable, kaas oo maraakiibta calanka suid suid oo fuliyaa amarrada qaarkood ee la oggol yahay, sida ku dhejinta darawalka tamarta buurta, iyada oo loo marayo wicitaanka nidaamka (). Sababtoo ah hawlgalka khaldan ee shaqada ee abuura xadhigga loo gudbiyay nidaamka () wicida, xigashooyinka ayaa laga gooyaa doodaha amarka la bilaabay, kaas oo loo isticmaali karo in lagu socodsiiyo koodkaaga. Tusaale ahaan, marka uu ordo mkdir -p /tmp/net mkdir -p "/tmp/;/tmp/exploit" echo"/bin/sh"> /tmp/ka faa'iidayso chmod a+x /tmp/ka faa'iidayso enlightenment_sys /bin/mount - o noexec,nosuid,utf8,nodev,iocharset=utf8,utf8=0,utf8=1,uid=$(id-u), "/dev/../tmp/;/tmp/exploit" /tmp// / shabaqa
sababtoo ah ka saarista xigashooyinka labanlaaban, halkii laga heli lahaa amarka la cayimay '/bin/mount ... "/dev/../tmp/;/tmp/exploit" /tmp///net' xarig aan lahayn laba-xigasho ayaa noqon doona loo gudbiyay nidaamka () shaqada '/bin/mount β¦ /dev/../tmp/;/tmp/exploit /tmp///net', taas oo keeni doonta amarka '/tmp/exploit /tmp///net ' in si gaar ah loo fuliyo halkii lagu farsamayn lahaa qayb ka mid ah dariiqa aaladda. Khadadka "/ dev/../tmp/" iyo "/tmp///net" ayaa loo doortay in ay ka gudbaan xujada hubinta amarka buurta ee enlightenment_sys (qalabka buuruhu waa inuu ka bilaabmaa / dev / oo tilmaamaya faylka jira, iyo saddexda xaraf "/" ee ku yaal barta buurta ayaa lagu qeexay si loo gaaro cabbirka waddada loo baahan yahay).
Source: opennet.ru