Sun gano mummunan rauni a cikin Apache OpenOffice

Wasu kwanaki da suka gabata an bayyana wani rauni cewa an gane a cikin Apache OpenOffice suite ofishin, wannan kwaro da aka jera a ƙarƙashin CVE-2021-33035 yana ba da damar aiwatar da lambar yayin buɗe fayil ɗin da aka ƙera musamman a cikin tsarin DBF.

Matsalar shi ne saboda OpenOffice ya dogara ne akan ƙimar FieldLength da filinType a cikin kanun fayilolin DBF don rarraba ƙwaƙwalwar ajiya ba tare da bincika ainihin nau'in bayanai a cikin filayen ba.

Game da rauni

Don kai hari, zaku iya tantance nau'in INTEGER a cikin darajarType, amma sanya manyan bayanai da kuma ƙayyade ƙimar filin filin wanda bai yi daidai da girman bayanan INTEGER ba, wanda zai haifar da gaskiyar cewa za a rubuta bayanan layin filin daga cikin bukkar da aka ware.

Sakamakon ambaliyar ruwa mai sarrafawa, mai binciken ya sami damar sake fasalta alamar dawo da aikin kuma ta amfani da dabarun komar da shirye -shiryen dawowa (ROP), cimma nasarar aiwatar da lambar sa.

Pieceaya daga cikin shawarwarin da na samu da wuri a cikin balaguron binciken raunin rauni shine mayar da hankali kan tsarin fayil ɗaya, ba takamaiman yanki na software ba. Akwai manyan fa'idodi guda biyu na wannan hanyar. Na farko, a matsayin mai farawa, ba ku da ƙwarewa don hanzarta gano madaidaitan hare -hare na musamman a cikin aikace -aikacen mutum ɗaya, yayin da nazarin tsarin fayil ya zama babban hanyar shiga tsakanin aikace -aikace da yawa. 

Bugu da ƙari, tsarin fayil ɗin gama gari an yi rikodin su sosai ta amfani da buƙatun don Ra'ayoyin (RFCs) ko lambar tushe, ta rage adadin ƙoƙarin da ake buƙata don juyar da injiniyan tsarin..

Lokacin amfani da dabarun ROP, maharin baya ƙoƙarin saka lambar sa cikin ƙwaƙwalwar ajiya, amma a maimakon haka wanda ke aiki a sassan sassa umarnin injin da aka riga aka samu a cikin ɗakunan karatu da aka ɗora, yana ƙarewa tare da bayanin dawowar sarrafawa (a matsayin ƙa'ida, waɗannan sune ƙarshen ɗakin karatu na ayyuka).

Aikin fa'ida yana saukowa don gina sarkar kira zuwa irin wannan tubalan ("na'urori") don samun aikin da ake buƙata.

Kamar yadda na'urori a cikin amfani don OpenOffice, an ambaci cewa an yi amfani da lambar daga ɗakin karatu na libxml2 da aka yi amfani da shi a cikin OpenOffice, wanda, sabanin OpenOffice, ya zama an haɗa shi ba tare da hanyoyin kariya ba DEP (Rigakafin aiwatar da Bayanai) da ASLR (Adadin Layout Randomization) ).

An sanar da masu haɓaka OpenOffice game da matsalar a ranar 4 ga Mayu, bayan haka an shirya bayyana bainar jama'a game da rauni a ranar 30 ga Agusta.

Tunda ba a sabunta reshe mai tsayayye akan kwanan wata ba shirya, kumaMai binciken ya jinkirta fitar da cikakkun bayanai har zuwa ranar 18 ga Satumba, amma masu haɓaka OpenOffice ba su da lokacin gina sigar 4.1.11 a wancan lokacin. Ya kamata a lura cewa a yayin wannan binciken, an bayyana irin wannan rauni a cikin lambar don tallafawa tsarin DBF a cikin Microsoft Office Access (CVE-2021-38646), wanda za a bayyana cikakkun bayanansa daga baya. Babu matsaloli da aka samu a LibreOffice.

Takaddun tsarin fayil don dBase ya kasance mai sauƙin ganowa; Wikipedia yana da kwatancen sauƙi na sigar 5 na tsari kuma dBase LLC kuma yana ba da takamaiman ƙayyadaddun bayanai. Laburaren Majalisa ya lissafa kundin kundin tsarin fayil mai ban mamaki, gami da DBF. Daban -daban iri da haɓaka tsarin DBF suna ba da dama ga masu shirye -shirye don gabatar da raunin raunin bincike.

Tsarin DBF ya ƙunshi manyan sassan biyu: kanun labarai da jiki. Labarin ya haɗa da prefix wanda ke bayanin sigar bayanan dBase, timestamp na ƙarshe na ƙarshe, da sauran metadata. Mafi mahimmanci, yana ƙayyade tsawon kowane rikodin a cikin rumbun bayanai, tsayin tsarin kanun labarai, adadin rikodin, da filayen bayanai a cikin rikodin.

Mai binciken da ya gano matsalar yayi gargadi game da ƙirƙirar fa'idar aiki don dandamalin Windows. Gyara don raunin yana samuwa ne kawai azaman faci a cikin ma'ajiyar aikin, wanda aka haɗa a cikin gwajin gwajin OpenOffice 4.1.11.

A ƙarshe, idan kuna sha'awar ƙarin sani game da shi, kuna iya tuntuɓar bayanin kula na asali a mahada mai zuwa.


Abubuwan da ke cikin labarin suna bin ka'idodinmu na ka'idojin edita. Don yin rahoton kuskure danna a nan.

2 comments, bar naka

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Mai alhakin bayanan: Miguel Ángel Gatón
  2. Dalilin bayanan: Gudanar da SPAM, gudanar da sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   Diego Vallejo mai sanya hoto m

    Shin har yanzu ana amfani da OpenOffice a cikin 2021?
    Shin baku ji cewa ana tallafawa LibreOffice.org ba?

  2.   Paul Cormier Shugaba Red Hat, Inc. m

    Shin a yau akwai mutanen da ke amfani da wannan aljanar da ake kira openoffice?