Kana dzikashandiswa, zvikanganiso izvi zvinogona kubvumira vanorwisa kuti vawane mukana usina mvumo kune ruzivo rwakadzama kana kuti kazhinji kukonzera matambudziko.
Yakazozivikanwa ruzivo rwekusagadzikana (yakatonyorwa pasi peCVE-2023-43641) yakaonekwa muLibcue library, iyo inoshandiswa kuongorora metadata neruzivo nezve kurongeka uye nguva yemateki ekuteerera.
Kune avo vasingazive nezve libcue, iwe unofanirwa kuziva kuti iraibhurari iyo kushandiswa kuongorora mareferensi mapepa, chimiro che metadata yekutsanangura marongerwo emateki paCD. Cheat sheets anowanzoshandiswa pamwe chete neFLAC audio file format, zvinoreva kuti libcue inotsamira kune vamwe vanoteerera.
Zvinonzi kuoma kwekusagadzikana kunokonzerwa nekuti izvi inobvumira kuurayiwa kwekodhi paunenge uchigadzira mafaira ecue zvakanyatsogadzirwa. Pamusoro pezvo, raibhurari ye libcue inoshandiswa mune tracker-miners yekutsvaga injini inoshandiswa muGNOME mushandisi nharaunda.
Sezvo tracker-miners otomatiki indexes matsva midhiya mafaera mudhairekitori remba, kurwisa GNOME masisitimu uye ita kuti kodhi yeanorwisa iite, zvese zvinotora ndezvemushandisi ingo wedzera faira rakagadzirirwa mune rimwe remaforodha anotevera ~/Kudhawunirodha, ~/Mumhanzi kana e muVhidhiyo folda, pasina kuivhura (semuenzaniso, mune dzimwe nguva, kungodzvanya chinongedzo mubrowser).
Iwo maviri-maitiro ekuvaka evanokambaira-miners anobatsira pakushandisa. Chekutanga pane zvese, zviri nyore kufanotaura kurongeka kwendangariro mune ichangobva kutangwa pane imwe yagara ichimhanya kwemaawa, saka chokwadi chekuti tracker-extract inongotanga pakudiwa iri nyore kwazvo.
Kunyangwe zvirinani, tracker-extract inogara ichigadzira tambo nyowani kuti itarise faira rakatorwa, uye ndakaona kuti mirwi yekumisikidza mumunda weshinda malloc inopindirana: inosiyana pakati pekugovera...
Nezvekusagadzikana, zvinonzi izvi inokonzerwa nekuwanda kwehuwandu muINDEX parameter parsing code uye inoitika kana yakawandisa manhamba nhamba akatsanangurwa mune iyi parameter isingaenderane ne "int" mhando.
Mumuenzaniso wakapfava:
TRACK 01 AUDIO MUSORO "Haambofi Ndakakusiya" ... INDEX 01 00:00:00 TRACK 02 AUDIO MUSORO "Pese Paunenge Wada Mumwe Munhu" ... INDEX 01 03:35:00
Kusagadzikana kuri mukubata kweiyo INDEX syntax, inoitika pakutsiva chimwe chezvirevo izvozvo. Izvi zvinokonzeresa kukanganisa:
INDEX 4294567296 0
Kushandura tambo kuva nhamba, basa reatoi rinoshandiswa, semuenzaniso. Kana iwe ukatsanangura nhamba 4294567296, inoshandurwa kuita -400000. Kusagadzikana kunokonzerwa zvakananga nekutadza kutarisa kukosha kunoguma kuve nechokwadi kuti inogona kunge isina kunaka. Chikamu chechipiri chedambudziko (uye uku ndiko kusagadzikana chaiko) ndechekuti track_set_index haina kutariswa i ≥ 0:
void track_set_index(Track *track, int i, long ind) {kana (i> MAXINDEX) {fprintf(stderr, "too many indexes\n"); return; } track-> index[i] = ind;
Kusagadzikana kunoitika semhedzisiro yekodhi mushure mekushandurwa kweatoi, kuvhiyiwa kunoitwa, umo "i" inogona kupihwa nhamba isina kunaka kuti inyore nzvimbo yekurangarira kunze kwebuffer ine kukosha kwe "ind", iyo inotakurwawo kubva. faira iri kugadziriswa.
Vatsvakurudzi vakaona kusagadzikana vanotaura izvozvo Vakagadzirira basa rekushanda uye yakaratidza kugona kushandisa Ubuntu 23.04 uye Fedora 38-yakavakirwa nharaunda. Exploit kodhi ichaburitswa gare gare kupa vashandisi nguva yekuisa imwe update inobvisa kusagadzikana. Iko kushandiswa kwakagadzikana mukushanda, asi kunoda kugadziriswa kwekugovera kwega kwega.
Muzhinji kugoverwa kweGNOME, tracker-miners inogoneswa nekukasira uye inotakurwa seyakamira yemuviri weNautilus faira maneja (GNOME mafaera). Zvinonzi tracker-miners inogona kuremara zvakananga nemushandisi. Unogona kutarisa ruzivo kuti ukwanise kudzima tracker-miners mu inotevera chinongedzo.
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu inotevera chinongedzo.