Kutholwe ubungozi obuningana kusixhumi esibonakalayo sewebhu ye-J-Web, esetshenziswa kumadivayisi enethiwekhi yeJuniper afakwe uhlelo lokusebenza lwe-JunOS, okuyingozi kakhulu (CVE-2022-22241) ekuvumela ukuthi usebenzise ikhodi yakho ukude ohlelweni ngaphandle ukufakazela ubuqiniso ngokuthumela isicelo se-HTTP esiklanywe ngokukhethekile. Abasebenzisi bemishini yeJuniper bayelulekwa ukuthi bafake isibuyekezo se-firmware, futhi uma lokhu kungenakwenzeka, qinisekisa ukuthi ukufinyelela ku-interface yewebhu kuvinjiwe kumanethiwekhi angaphandle futhi kukhawulelwe kubabungazi abathembekile kuphela.
Ingqikithi yokuba sengozini iwukuthi indlela yefayela edluliselwe umsebenzisi icutshungulwa kusikripthi /jsdm/ajax/logging_browse.php ngaphandle kokuhlunga isiqalo nohlobo lokuqukethwe esiteji ngaphambi kokuhlolwa kokuqinisekisa. Umhlaseli angadlulisela ifayela eliyingozi le-phar ngaphansi kwesithunzi sesithombe futhi afeze ukusetshenziswa kwekhodi ye-PHP ebekwe kungobo yomlando ye-phar esebenzisa indlela yokuhlasela ethi “Phar deserialization” (isibonelo, ngokucacisa “filepath=phar:/path/pharfile .jpg” esicelweni).
Inkinga ukuthi uma kuhlolwa ifayela elilayishiwe elinomsebenzi we-PHP's is_dir(), lo msebenzi ususa ngokuzenzakalelayo imethadatha ku-Phar Archive (PHP Archive) lapho ucubungula izindlela eziqala ngo-"phar://". Umthelela ofanayo uyabonwa lapho kucubungula izindlela zefayela elinikezwe umsebenzisi emisebenzini yefayela_get_contents(), fopen(), ifayela(), file_exists(), md5_file(), filemtime(), kanye ne-filesize() imisebenzi.
Ukuhlasela kuyinkimbinkimbi yiqiniso lokuthi ngaphezu kokuqala ukukhishwa kwe-archive ye-phar, umhlaseli kufanele athole indlela yokuyilanda kudivayisi (ngokufinyelela /jsdm/ajax/logging_brows.php, ungacacisa kuphela indlela ye- ukwenza ifayela elikhona). Ezimweni ezingaba khona zokungena kwamafayela kudivayisi, ukulayisha ifayela le-phar ngaphansi kwesithunzi sesithombe ngesevisi yokudlulisa izithombe nokufaka ifayela endaweni yenqolobane yokuqukethwe kwewebhu kuyashiwo.
Okunye ubungozi:
- I-CVE-2022-22242 - Ukufakwa esikhundleni kwemingcele yangaphandle engahlungiwe ekuphumeni kweskripthi sephutha.php, esivumela ukubhalwa kwe-cross-site kanye nokukhishwa kwekhodi ye-JavaScript engafanele esipheqululini somsebenzisi uma uchofoza isixhumanisi (ngokwesibonelo, "https:/ /JUNOS_IP/error.php?SERVER_NAME= alert(0) ". Ukuba sengozini kungase kusetshenziswe ukuze kuvinjwe imingcele yeseshini yomlawuli uma umhlaseli ephumelela ukwenza umlawuli avule isixhumanisi esiklanywe ngokukhethekile.
- I-CVE-2022-22243, СVE-2022-22244 - Ukushintsha kwenkulumo ye-XPATH nge-jsdm/ajax/wizards/setup/setup.php kanye nemibhalo /modules/monitor/interfaces/interface.php, ivumela umsebenzisi ongenalungelo ogunyazwe ukuba alawule iseshini yokuphatha.
- I-CVE-2022-22245 - Ukwehluleka ukuhlanza kahle ".." ukulandelana ezindleleni ezicutshungulwe kusikripthi se-Upload.php kuvumela umsebenzisi oqinisekisiwe ukuthi alayishe ifayela lakhe le-PHP kunkomba evumela ukuthi imibhalo ye-PHP isetshenziswe (ngokwesibonelo, ukudlulisa indlela ethi "fileName=\. .\..\..\..\www\dir\new\shell.php").
- I-CVE-2022-22246 - Amathuba okusebenzisa ifayela le-PHP lendawo ngokunganaki ngokukhohlisa umsebenzisi ogunyazwe ngombhalo we-jrest.php, lapho kusetshenziswa khona amapharamitha angaphandle ukuze kwakhiwe igama lefayela elilayishwe umsebenzi othi "require_once ()" ( isibonelo, "/jrest.php?payload =alol/lol/any\..\..\..\..\any\file")
Source: opennet.ru