Munguva pfupi yapfuura muongorori weRussia akaburitsa ruzivo rwekushushikana kwemazuva-zero muVirtualBox iyo inobvumidza anorwisa kuti abude muchina chaiwo kuti aite yakaipa code pane iyo inomiririra inoshanda sisitimu.
Muongorori weRussia Sergey Zelenyuk akawana zero-zuva kushushikana iyo inobata zvakananga vhezheni 5.2.20 ye Virtual Bhokisi, pamwe neshanduro dzakapfuura.
Uku kunetsekana kwaonekwa yaizobvumira anorwisa kuti atize muchina chaiwo (muenzi anoshanda system) uye fambisa kuRing 3, kuitira kuti kubva ipapo iwe ugone kushandisa matekinoroji aripo kukwidziridza rombo uye kusvika kune inomiririra inoshanda sisitimu (kernel kana rin'i 0).
Zvinoenderana neyekutanga ruzivo rwekuburitswa, dambudziko riripo mune yakagovaniswa codebase yeiyo virtualization software, inowanikwa pane ese anotsigirwa mashandiro masisitimu.
Nezve iyo Zero-Zuva kushushikana kwakawanikwa muVirtualBox
Zvinoenderana nefaira remavara rakaiswa kuGitHub, Saint Petersburg-based muongorori Sergey Zelenyuk, yakasangana neketani yezvikanganiso izvo zvinogona kubvumira yakaipa kodhi kutiza kubva pa VirtualBox chaiyo muchina (iyo yevaenzi inoshanda sisitimu) uye inomhanya pane yepasi inoshanda system (inomiririra).
Kamwe kunze kweVirtualBox VM, iyo yakaipa kodhi inomhanya mune isina mushandisi nzvimbo yeanoshanda system.
"Izvo zvinoshandiswa zvakavimbika 100%," akadaro Zelenyuk. "Zvinoreva kuti inogara kana isingamboshandi nekuda kwekusaenzana mabhinari kana zvimwe zvikonzero zvakavanzika zvandisina kufunga nezvazvo."
Muongorori weRussia inoti zero-zuva inokanganisa zvese zvazvino shanduro dze VirtualBox, inoshanda zvisinei neyakagamuchirwa kana muenzi OS kuti mushandisi ari kumhanya, uye anovimbwa maringe neyakagadzika marongero eachangogadzirwa chaiwo michina.
Sergey Zelenyuk, mukusawirirana zvachose nemhinduro yaOracle kuchirongwa chavo chebug bounty uye panjodzi iriko "kushambadzira," akatumirawo vhidhiyo nePoC inoratidza 0-zuva richirwisa muchina weUbuntu chaiwo uyo inomhanya mukati meVirtualBox pane inomiririra OS zvakare kubva kuUbuntu.
Zelenyuk anoratidza ruzivo rwekuti bug ingashandiswa sei pamamishini chaiwo ne "Intel PRO / 1000 MT Desktop (82540EM)" network adapta muNAT modhi. Iyo ndiyo yekumisikidza marongero eese maeni masisitimu ekuwana ekunze network.
Mashandiro acho anoita sei
Zvinoenderana negwara rehunyanzvi rakagadzirwa naZelenyuk, iyo network adapta iri panjodzi, ichibvumira uyo anorwisa aine mudzi rombo / admin kutizira kunotora ring 3. Zvino, uchishandisa aripo matekinoroji, anorwisa anogona kuwedzera runyararo runyararo - kuburikidza / dev / vboxdrv.
"Iyo [Intel PRO / 1000 MT Desktop (82540EM)] ine njodzi iyo inobvumidza anorwisa aine manejimendi / rombo remidzi pane muenzi kutizira kune inomiririra ring3. Anorwisa anogona kushandisa matekinoroji aripo kuwedzera mikana yekufonera 0 kuburikidza / dev / vboxdrv, ”Zelenyuk anorondedzera mupepa rake reChipiri Chipiri.
zelenyuk inoti yakakosha chikamu chekunzwisisa mashandiro anoita kushomeka kunzwisisa kuti mabato anogadziriswa pamberi pevatsananguri ve data.
Iye muongorori anotsanangura nzira dzakanangana nekukanganisa kwekuchengetedza zvakadzama, achiratidza maitiro ekukonzeresa mamiriro anodikanwa kuti awedzere buffer iyo ingangoshungurudzwa kutiza kusungwa kweiyo chaiyo inoshanda system.
Kutanga, zvakakonzeresa huwandu hwekufashukira mamiriro uchishandisa mapaketi tsananguro - dhata zvikamu zvinobvumidza iyo network adapta kutsvaga network network packet data mune system memory.
Nyika ino yakashandiswa kuverenga data kubva kune yevaenzi sisitimu yekushandisa kuita murwi buffer uye kukonzera mafashama mamiriro ayo anogona kutungamira kune ekushandira mapoinzi anyorwa; kana kukonzeresa mamiriro ekupfumisa.
Iyo nyanzvi inoratidza kuti vashandisi vadzikise dambudziko nekushandura kiredhiti kadhi mune yavo chaiyo michina kune AMD PCnet kana paravirtualized network adapta kana nekudzivirira kushandiswa kweNAT.
“Kusvikira yakavakirwa VirtualBox yakavakwa, unogona kuchinja kadhi redandemutande remuchina wako kuita PCnet (ingava imwe) kana Paravirtualized Network.
Yakanyanyisa kukwira uye hunyanzvi hwehuropi hwangu ... Ini handinzwisise chikamu chechina chemazwi aanoshandisa.
Huye, dambudziko hombe nderekuti vazhinji vane Linux vanoshandisa VirtualBox kuva neWindows, uye zvinobva zvaitika kuti Windows 7 haina mutyairi wemakadhi anorayirwa nenyanzvi kuisa, uye zvakatonyanya, kana iwe ukatsvaga PCnet mutyairi online, imwe inoratidzika kuti Kana iwe ukaiongorora ine virustotal kana chero imwe iwe unowana makumi maviri nemaviri ehutachiona positives, iwe uchaona kuti mumwe munhu anoiisa sei.