Ukuba sengozini (CVE-2024-52336) kukhonjwe kunqubo eshuniwe ngemuva ethuthukiswe i-Red Hat, eyenza kahle ngokuzenzakalelayo izilungiselelo zezingxenyekazi zekhompuyutha ne-kernel kuye ngomthwalo wamanje, okuvumela umsebenzisi wendawo ongenalungelo ukuthi akhiphe noma yimiphi imiyalo enamalungelo ezimpande.
Inkinga ikhona ekusetshenzisweni kwendlela ye-DBus ethi “com.redhat.tuned.instance_create”, esetshenziselwa ukudala izimo ze-plugin, lapho amapharamitha we-“script_pre” kanye ne-“script_post” angadluliswa ukuze kucaciswe izikripthi okufanele zisetshenziswe ngaphambi noma ngemva kwalokho. ukwakhiwa kwesibonelo se-plugin. Inkinga ukuthi izilungiselelo ze-Polkit zivumela noma yimuphi umsebenzisi wasendaweni ongene ngemvume ngaphandle kokuqinisekisa ukuthi athumele isicelo se-DBus kule ndlela, kuyilapho inqubo eshuniwe ngokwayo isebenza njengempande futhi isebenzisa imibhalo ecaciswe kumingcele ethi "script_pre" kanye "script_post" nayo enezimpande. amalungelo. Isibonelo, ukuze usebenzise umbhalo /path/to/myscript.sh ngamalungelo ezimpande, umsebenzisi udinga nje ukusebenzisa umyalo: gdbus call -y -d com.redhat.tuned -o /Tuned \ -m com.redhat. tuned.control.instance_create cpu myinstance \ '{"script_pre": "/path/to/myscript.sh", "devices": "*"}'
Indlela ye-DBus ethi “com.redhat.tuned.instance_create” futhi iqukethe ukuba sengozini okuncane (CVE-2024-52337), okudalwe ukwehluleka ukuhlanza inani ngegama lesibonelo se-plugin lapho likhishelwa kulogu. Umhlaseli angakwazi ukwengeza igama eliqukethe izinhlamvu ze-newline kanye ne-escape yesifanisi setheminali, esingasetshenziswa ukuphazamisa isakhiwo selogi futhi senze izenzo lapho kuboniswa okukhiphayo komyalo we-"tuned-adm get_instances" kutheminali. I-EVIL=`echo -e "lokhu akukubi\033[?1047h"` gdbus call -y -d com.redhat.tuned -o /Tuned -m com.redhat.tuned.control.instance_create cpu "$EVIL" ' {"devices": "*"}'
Ubuthakathaka buvele buqala ngenguqulo engu-2.23 elungisiwe, eyakhishwa ekuqaleni kukaJuni 2024, futhi yalungiswa ku-2.24.1 elungisiwe. Phakathi kokusabalalisa okukhulu, izinkinga zilungisiwe ku-RHEL 9, Fedora 40, kanye ne-Arch. Linux kanye neGentoo. Emagatsheni azinzile Ubuntu, Debian futhi i-SUSE/openSUSE ayibonisi ubuthakathaka, njengoba ithumela izinguqulo ezindala ezilungisiwe (<2.23) ezingathinteki ubuthakathaka.
Source: opennet.ru
