Dhawaan cilmibaare Ruush ah ayaa sii daayay faahfaahinta nuglaanta eber-maalin ee VirtualBox taas oo u oggolaaneysa weeraryahan inuu ka baxo mashiinka farsamada si uu ugu fuliyo koodh xun nidaamka hawlgalka martida loo yahay.
Cilmi-baare Ruush ah Sergey Zelenyuk wuxuu helay u-nuglaansho eber-maalin ah oo si toos ah u saameysa nooca 5.2.20 ee Sanduuqa Virtual, iyo sidoo kale noocyadii hore.
Jilicsanaantaan ayaa la ogaaday waxay u oggolaan lahayd weeraryahan inuu ka baxsado mashiinka casriga ah (nidaamka hawlgalka martida) una guur Ring 3, si markaa aad uga faa'iideysato farsamooyinka jira si aad ugu kordhiso mudnaanta una gaarto nidaamka hawlgalka martigeliyaha (kernel ama ring 0).
Sida ku cad faahfaahinta bilowga ah ee shaacinta, dhibaatadu waxay ku jirtaa saldhig wadaag wadaag ah oo ku saabsan barnaamijka softiweerka, oo laga heli karo dhammaan nidaamyada hawlgalka ee taageera.
Ku saabsan u nuglaanta Zero-Day ee lagu ogaadey VirtualBox
Sida ku xusan feyl qoraal ah oo loo soo geliyay GitHub, Cilmi baare fadhigiisu yahay Saint Petersburg, Sergey Zelenyuk, la kulantay silsilad khaladaad ah oo u oggolaan kara koodhka xun inuu ka baxsado mashiinka kumbuyuutarka ee VirtualBox (nidaamka hawlgalka martida) wuxuuna ku shaqeeyaa nidaamka hawlgalka salka ku haya (martida loo yahay).
Marka ka baxsan VirtualBox VM, koodhka xaasidnimada ah wuxuu ku socdaa meesha isticmaalaha xaddidan ee nidaamka hawlgalka.
"Faa'iidada waa 100% lagu kalsoonaan karo," ayuu yiri Zelenyuk. "Waxay ka dhigan tahay inay marwalba ama waligeedba shaqeyso sababo la xiriira khaldamayaal ama sababo kale oo xariif ah oo aanan xisaabta ku darin."
Cilmibaaraha Ruushka ayaa leh eber-maalin waxay saameysaa dhammaan noocyada hadda jira ee VirtualBox, way shaqeysaa iyadoon loo eegin martida ama martida OS in isticmaaluhu soconayo, laguna kalsoon yahay goobaha caadiga ah ee mashiinnada casriga ah ee dhowaan la abuuray.
Sergey Zelenyuk, ismaandhaafka guud ee jawaabta Oracle ee barnaamijkooda dhibka cayayaanka iyo u nuglaanta hadda "suuq geynta," ayaa sidoo kale soo duubay fiidiyow leh PoC oo muujinaya 0-maalin ficil ah oo ka dhan ah mashiinka Ubuntu ee ka dhex shaqeeya gudaha VirtualBox ee OS martigaliyaha ah sidoo kale Ubuntu.
Zelenyuk wuxuu muujinayaa faahfaahinta sida cayayaanka looga faa'iideysan karo on mashiinada dalwaddii oo leh "Intel PRO / 1000 MT Desktop (82540EM)" adabtarada shabakadda qaabka NAT. Waa dejinta aasaasiga ah ee dhammaan nidaamyada martida si ay u helaan shabakadaha dibedda.
Sidee baylahnimadu u shaqaysaa
Sida ku cad hagaha farsamada ee uu sameeyay Zelenyuk, adabtarada shabakaddu waa mid nugul, oo u oggolaanaysa weeraryahan leh mudnaan xidid / maamule inuu u baxsado inuu marti geliyo giraanta 3. Kadib, adoo adeegsanaya farsamooyinka jira, weeraryahanku wuxuu kordhin karaa mudnaanta Giraanta - via / dev / vboxdrv.
«The Intel Intel PRO / 1000 MT Desktop (82540EM)] wuxuu leeyahay u nuglaansho u oggolaaneysa weeraryahan leh maamule / mudnaanta xididdada martida inuu u baxsado giraanta martida loo yahay3. Markaas weeraryahanku wuxuu adeegsan karaa farsamooyinka jira si uu u kordhiyo mudnaanta uu ku soo wici karo 0 via / dev / vboxdrv, ”Zelenyuk ayaa ku sharraxay jariidadiisa cad Talaadada.
zelenyuk ayaa leh dhinac muhiim ah oo fahamka sida nuglaanta u shaqeyso ayaa ah fahamka in gacmo-qabashada la shaqeynayo kahor sharraxayaasha xogta.
Cilmi-baaraha wuxuu si faahfaahsan u sharaxayaa farsamooyinka ka dambeeya cilladda amniga, isagoo muujinaya sida loo kicin karo xaaladaha lagama maarmaanka u ah helitaanka qulqulka qulqulka oo la xumeyn karo si looga badbaado xirnaanshaha nidaamka hawlgalka dalwaddii.
Marka hore, waxay sababtay xaalad qulqulka integerka ah iyadoo la adeegsanayo sharraxaadda baakadaha - qaybaha xogta ee u oggolaanaya adabtarada shabakadda inay raadraacaan xogta xirmada shabakadda ee nidaamka xusuusta.
Gobolkan waxaa looga faa'iideystay inuu ka akhriyo xogta nidaamka qalliinka martida qashin-qub iyo inuu keeno xaalad buux dhaaf ah oo u horseedi karta tilmaamayaasha shaqada in dib loo qoro; ama inuu sababo xaalad buux dhaaf ah.
Khabiirka ayaa soo jeedinaya in dadka isticmaala ay yareeyaan dhibaatada iyaga oo u bedelaya kaarka shabakada ee mishiinadooda meertada ah AMD PCnet ama adabtarada shabakad paravirtualized ah ama ka fogaanaya isticmaalka NAT.
“Ilaa iyo inta dhismaha VirtualBox ah ee la duugay uu ka baxayo, waxaad ka beddeli kartaa kaarka shabakadda mashiinnadaada makiinadaha ah PCnet (ama) ama Paravirtualized Network.
Aad u horumarsan oo farsamo u leh maskaxdayda ... Waxaan si dhib yar u fahmay rubuc ka mid ah eraybixinta ay isticmaasho.
Hagaag, dhibaatada ugu weyni waxay tahay in qaar badan oo kamid ah Linux ay isticmaalaan VirtualBox si ay u yeeshaan Windows, waxaana soo baxday in Windows 7 uusan lahayn darawal kaararka uu khabiirku kugula talinayo in la dhigo, waxaana taas kasii daran, hadaad raadiso darawalka PCnet. khadka tooska ah, mid ayaa u muuqda in Haddii aad ku falanqeyso falsafada ama wixii kale aad hesho 29 fayras oo faafa, waxaad arki doontaa sida qof u rakibo.