I-Nimbuspwn, ubuthathaka kwi-networkd-dispatcher evumela imiyalelo ukuba iqhutywe njengengcambu.

Los Abaphandi bokhuseleko beMicrosoft bakhululiwe iindaba zokuba bachonge ubuthathaka obubini (I-CVE-2022-29799, i-CVE-2022-29800) kwinkonzo ye-networkd-dispatcher I-Nimbuspwn enekhowudi evumela umsebenzisi ongenanto ukuba aphumeze imiyalelo engafanelekanga njengengcambu.

networkd-dispatcher en isetyenziswa lunikezelo oluninzi lweLinux, kuquka Ubuntu, esebenzisa inkqubo yangasemva ye-systemd-networkd ukuqwalasela izicwangciso zenethiwekhi kwaye yenza imisebenzi efana ne-NetworkManager-dispatcher, o.k.t. iphatha uphumezo lwescript xa imeko yoqhagamshelo lomsebenzi womnatha itshintsha, umzekelo, isetyenziselwa ukuqala iVPN emva kokumisela uqhagamshelo lwenethiwekhi engundoqo.

IMicrosoft ifumene ubuthathaka obuninzi, ngokudibeneyo ebizwa ngokuba yi-Nimbuspwn, enokuvumela umhlaseli ukuba aphakamise amalungelo okukhula kwiindawo ezininzi zeLinux desktop. Ubuthathaka bunokubotshwa ukufumana amalungelo engcambu kwiinkqubo zeLinux, ezivumela abahlaseli ukuba babeke umthwalo ohlawulayo njengengcambu yangasemva kwaye benze ezinye iintshukumo ezikhohlakeleyo ngokwenza ngokungenamkhethe kwekhowudi yengcambu. Ukongeza, ubuthathaka be-Nimbuspwn bunokuthi busetyenziswe njenge-vector yokufikelela kwiingcambu ngosoyikiso oluntsonkothileyo, olunje nge-malware okanye i-ransomware, ukuchaphazela ngakumbi izixhobo ezisesichengeni.

Sifumene ubuthathaka ngokumamela imiyalezo kwiSistim yeBhasi ngelixa sisenza uphononongo lwekhowudi kunye nohlalutyo oluguqukayo kwiinkonzo ezisebenza njengengcambu, kwaye saqaphela ipateni engaqhelekanga kwiyunithi ye-systemd ebizwa ngokuba yi-networkd-dispatcher.

Inkqubo yangasemva eyayanyaniswa ne-networkd-dispatcher isebenza njengengcambu kwaye imamele iminyhadala ngeD-Bus. Inkonzo ye-systemd-networkd ithumela ulwazi malunga neziganeko ezinxulumene notshintsho lwemeko yoqhagamshelo lwenethiwekhi. Ingxaki kukuba abasebenzisi abangenalo ilungelo banokuphakamisa isiganeko esingekhoyo kwaye baqalise ukwenza iskripthi sakho, esiya kuqhuba njengengcambu.

systemd-networkd yenzelwe ukuqhuba izikripthi kuphela isilawuli senkqubo esibekwe kwi/etc/networkd-dispatcher directory kwaye ayithathelwa indawo ngumsebenzisi, kodwa ngenxa yobuthathaka (I-CVE-2022-29799) kwakunokwenzeka ukuba ikhowudi yokuphatha indlela yefayile icinyiwe kulawulo lwesiseko yemida kunye nokusebenzisa imibhalo engafanelekanga.

Ngokukodwa, xa kusenziwa indlela yefayile kwiskripthi, amaxabiso e-OperationalState kunye ne-AdministrationState athunyelwa nge-D-Bus asetyenzisiweyo, apho abalinganiswa abakhethekileyo abazange basuswe. Umhlaseli angavelisa eyakhe imeko ngoonobumba "../" egameni kwaye aphinde aqondise umnxeba we-networkd-dispatcher komnye uvimba weefayili.

Ubungozi besibini (I-CVE-2022-29800) inxulumene nemeko yogqatso: Phakathi kokujonga iiparamitha zescript (eziphethwe yingcambu) kunye nokuyenza, bekukho ixesha elifutshane, elaneleyo lokubuyisela ifayile kwaye utsibe ukujonga iskripthi esiphethwe yingcambu. Kwakhona, i-networkd-dispatcher ayizange ijonge amakhonkco omfuziselo, naxa kusenziwa izikripthi nge-subprocess.Popen call, eyenze lula kakhulu iokhestra yohlaselo.

Uluhlu "/tmp/nimbuspwn" lwenziwe kwaye i-symlink "/tmp/nimbuspwn/poc.d" esalatha kulawulo "/sbin" yenziwe esetyenziselwa ukudlulisa itshekhi yeefayile eziphunyeziweyo eziphethwe yingcambu.

Ukwenzela "/sbin" iifayile eziphunyeziweyo, iifayile ezinegama elifanayo zenziwe kwi-"/tmp/nimbuspwn" ulawulo, umzekelo, "/sbin/vgs" ifayile, ifayile ephunyeziweyo "/tmp/nimbuspwn/ vgs" yenziwe , eyeyomsebenzisi ngaphandle kwamalungelo, apho ikhowudi umhlaseli afuna ukuyiphumeza ibekwe khona.

Umqondiso we-D-Bus uthunyelwa kwinkqubo ye-networkd-dispatcher ene-OperationalState ebekwe ku "../../../tmp/nimbuspwn/poc". Ukuthumela umqondiso kwi "org.freedesktop.network1" indawo yegama, usebenzise ukukwazi ukuqhagamshela abalawuli bakho kwi-systemd-networkd, umzekelo, ngegpgv okanye epmd manipulations, okanye ungasebenzisa inyani yokuba inkqubod-networkd ayiyo. isebenza ngokungagqibekanga (umzekelo, kwi Linux mint).

Emva kokufumana umqondiso, i-Networkd-dispatcher yenza uluhlu lweefayile eziphunyezwayo ezizezabasebenzisi beengcambu kwaye ziyafumaneka "/etc/networkd-dispatcher/../../../tmp/nimbuspwn/poc.d" directory, ebhekisa kwi "/sbin".

Nje ukuba uluhlu lweefayile lufunyenwe, kodwa iskripthi asikasetyenziswa, ikhonkco elingumfuziselo liphinda liqondiswe ukusuka ku-"/tmp/nimbuspwn/poc.d" ukuya ku-"/tmp/nimbuspwn" kwaye i-networkd-dispatcher iya kusetyenziswa njenge. ingcambu. umbhalo obekwe ngumhlaseli.

Ingxaki esisigxina kwi-networkd-dispatcher 2.2 ukukhululwa, nangona kungekho lwazi malunga nokukhululwa kohlaziyo ngokusasazwa.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Izimvo, shiya eyakho

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa.

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   luyo sitsho

    Kuye kwathiwa iwaka kunye namaxesha: i-systemd yinkunkuma. Okungafunekiyo, kuyilwe kakubi, kugcwele kakhulu, kuyathandeka ukwenza iimpazamo. Usizi lokuba ifakwe kwi-distro yam endiyithandayo (debian)