Izibuyekezo zokulungisa zenziwe kuwo wonke amagatsha e-PostgreSQL asekelwe 17.3, 16.7, 15.11, 14.16, kanye no-13.19, ukulungisa iziphazamisi ezingaphezu kuka-70 nokuqeda ubungozi (i-CVE-2025-1094) obusetshenziswe ekuhlaselweni kwe-BeyondTrust kanye noMnyango wase-US ngasekupheleni kukaDisemba. Inkinga ku-PostgreSQL itholwe ngesikhathi kuhlaziywa ukuba sengozini okukude (CVE-2024-12356) ku-BeyondTrust PRA (Privileged Remote Access) kanye nezinsizakalo ze-BeyondTrust RS (Remote Support), ukuxhashazwa kwakho okubandakanya ubungozi obungaziwa (0-day) ku-libp.
Njengomphumela wokuhlasela, abahlaseli bakwazile ukuthola ukhiye wokufinyelela i-API esetshenziselwa ukuhlinzeka ngezinsizakalo zosekelo lobuchwepheshe bekude kumakhasimende we-BeyondTrust SaaS. Le API isetshenziselwe ukusetha kabusha amaphasiwedi futhi ifake engcupheni ingqalasizinda yoMnyango Wezezimali wase-US, esebenzisa imikhiqizo ye-BeyondTrust. Ngesikhathi sokuhlasela, abahlaseli bakwazile ukudawuniloda imibhalo eyimfihlo bathola ukungena ezindaweni zokusebenza zabasebenzi bomnyango.
Ubungozi buvela kulabhulali ye-libpq, ehlinzeka nge-API yokusebenzisana ne-DBMS evela ezinhlelweni ze-C (amalabhulali abophayo e-C++, Perl, PHP kanye ne-Python nawo asetshenziswa phezulu kwelabhulali). Udaba luthinta izinhlelo zokusebenza ezisebenzisa imisebenzi ye-PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), noma i-PQescapeStringConn() ukuze zibalekele izinhlamvu ezikhethekile futhi zinciphise izingcaphuno.
Umhlaseli angazuza esikhundleni se-SQL uma umbhalo otholwe ngaphandle uphunyuka kusetshenziswa imisebenzi ye-libpq engenhla ngaphambi kokusetshenziswa ngaphakathi kombuzo we-SQL. Kuzinhlelo zokusebenza ze-BeyondTrust, imibuzo ephunyuke ngale ndlela idluliselwe kusisetshenziswa somugqa womyalo we-psql. Ukuba sengozini kubangelwa ukushoda kwesheke emisebenzini yokuphunyuka ngokunemba kwezinhlamvu ze-Unicode ezisetshenziswe embhalweni, okuvumela ukudlula ukujwayela kwezimpawu zokucaphuna ngokucacisa ukulandelana okungalungile kwe-multi-byte UTF-8.
Ukuze usebenzise ubungozi, uhlamvu lwe-UTF-8 olungavumelekile oluhlanganisa amabhayithi angu-0xC0 no-0x27 (“└'”) lungasetshenziswa. I-Byte 0x27 ekubhaleni ngekhodi kwe-ASCII ihambisana nengcaphuno eyodwa ("'") okufanele yeqe. Ekhodini yokuphunyuka, inhlanganisela yamabhayithi angu-0xC0 no-0x27 kuthathwa njengohlamvu olulodwa lwe-Unicode. Ngakho-ke, i-byte 0x27 ngokulandelana okunjalo ihlala ingaphunyuki, naphezu kweqiniso lokuthi lapho ucubungula umbuzo we-SQL ku-psql utility, icutshungulwa njengengcaphuno.
ngesikhathi ukusebenzisa imibuzo ye-SQL Usebenzisa i-psql utility ukuhlela ukwenziwa kwekhodi engahleliwe, ungasebenzisa ukufaka esikhundleni ku-string yomyalo ethi "\!", ehloselwe ku-psql ukuze kuqhutshwe izinhlelo ezingahleliwe. Isibonelo, ukuze kuqhutshekwe ku- iseva Isisetshenziswa "se-id" singadluliselwa inani elithi "hax\xC0′; \! id #". Isibonelo esingezansi sibiza iskripthi se-PHP i-dbquote yokuphunyuka, kusetshenziswa umsebenzi we-PHP i-pg_escape_string, osebenza phezu komsebenzi we-PQescapeString kusuka ku-libpq: $ echo -e "hello \xC0'world'" | ./dbquote 'sawubona └'umhlaba"' $ quoted=$(echo -e "hax\xC0′; \! id # " | ./dbquote) $ echo "KHETHA IZIBALO(1) KUSUKA KU-gw_sessions LAPHO i-session_key = $quoted FUTHI uhlobo lwe-session_type = 'sdcust' FUTHI (ukuphelelwa yisikhathi AKUKHO NOMA ukuphelelwa yisikhathi>MANJE())" | psql -e KHETHA IZIBALO(1) KUSUKA KU-gw_sessions LAPHO i-session_key = 'hax└'; IPHUTHA: ukulandelana kwe-byte okungavumelekile kokufaka ikhodi "UTF8": 0xc0 0x27 uid=1000(myexamplecompany) gid=1000(myexamplecompany)
Source: opennet.ru
