Kufunyenwe ubuthathaka (CVE-2022-37706) kwindawo yomsebenzisi we-Enlightenment, nto leyo evumela umsebenzisi wasekuhlaleni ongenamalungelo ukuba asebenzise ikhowudi enamalungelo eengcambu. Ubuthathaka abukalungiswa (usuku olungenanto), kodwa i-exploit evavanyiweyo kuluntu sele ikhona. Ubuntu 22.04.
Ingxaki ikwi-enlightenment_sys ephunyeziweyo, ethumela ngenqanawe yengcambu ye-suid kwaye yenze imiyalelo ethile evunyelweyo, njengokunyusela idrayivu nge-mount eluncedo, ngokufowunela inkqubo (). Ngenxa yokusebenza okungachanekanga komsebenzi ovelisa umtya ogqithiselwe kwindlela () umnxeba, ucaphulo luyasikwa kwiimpikiswano zomyalelo oqalwayo, onokusetyenziswa ukwenza eyakho ikhowudi. Umzekelo, xa usebenzisa mkdir -p /tmp/net mkdir -p "/tmp/;/tmp/exploit" echo "/bin/sh"> /tmp/exploit chmod a+x /tmp/exploit enlightenment_sys /bin/mount - o noexec,nosuid,utf8,nodev,iocharset=utf8,utf8=0,utf8=1,uid=$(id -u), β/dev/../tmp/;/tmp/exploitβ /tmp// / umnatha
ngenxa yokususwa kwamagama acatshulweyo kabini, endaweni yomyalelo ochaziweyo '/umgqomo/intaba ... "/dev/../tmp/;/tmp/exploit" /tmp///net' umtya ongenacatshulo kabini uya kuba igqithiselwe kwindlela () umsebenzi ' / bin/mount ... /dev/../tmp/;/tmp/exploit /tmp///net', eya kubangela umyalelo '/tmp/exploit /tmp///net ' iya kuphunyezwa ngokwahlukeneyo endaweni yokuba iqwalaselwe njengenxalenye yendlela eya kwisixhobo. Imigca "/dev/../tmp/" kunye "/tmp///umnatha" zikhethiwe ukuba zingagqithanga kwimpikiswano ejonga umyalelo wentaba kwi-enlightenment_sys (isixhobo sokunyuka kufuneka siqale nge /dev/ kwaye salathe kwifayile ekhoyo, kunye nabathathu "/" abalinganiswa kwindawo yokunyuka baxeliwe ukufezekisa ubungakanani bendlela efunekayo).
umthombo: opennet.ru
