I-Nimbuspwn, ubuthathaka kwi-networkd-dispatcher evumela imiyalelo ukuba iqhutywe njengengcambu.

Darkcrizt

Imizuzu ye4

Los Abaphandi bokhuseleko beMicrosoft batyhilile iindaba zokuba bachonge ubuthathaka obubini (I-CVE-2022-29799, i-CVE-2022-29800) kwinkonzo ye-networkd-dispatcher I-Nimbuspwn ene-codenamed evumela umsebenzisi ongenanto ukuba aphumeze imiyalelo engafanelekanga njengengcambu.

networkd-dispatcher isetyenziswa lunikezelo lweLinux oluninzi, kuquka Ubuntu, esebenzisa inkqubo yangasemva ye-systemd-networkd ukuqwalasela izicwangciso zenethiwekhi kwaye yenza imisebenzi efanayo kwi-NetworkManager-dispatcher, o.k.t. ithatha unyanzeliso lokwenziwa kwescript xa uqhagamshelo lwemeko yothungelwano lutshintsha, umzekelo, lusetyenziswa ukuqalisa iVPN emva kokumisela uqhagamshelo lwenethiwekhi yokuqala.

UMicrosoft ufumene ubuthathaka obuninzi, ngokudibeneyo obubizwa ngokuba yiNimbuspwn, enokuvumela umhlaseli ukuba aphakamise amalungelo okukhula kwiindawo ezininzi zeLinux desktop. Ubuthathaka bunokubotshelelwa ukufumana amalungelo engcambu kwiinkqubo zeLinux, ezivumela abahlaseli ukuba babeke umthwalo ohlawulelwayo njengengcambu yangasemva kwaye benze ezinye iintshukumo ezikhohlakeleyo ngokuqhutywa kwekhowudi yengcambu. Ukongeza, ubuthathaka be-Nimbuspwn bunokuthi busetyenziswe njenge-vector yokufikelela kwiingcambu ngezisongelo ezintsonkothileyo, ezinje nge-malware okanye i-ransomware, ukufezekisa impembelelo enkulu kwizixhobo ezisesichengeni.

Sifumene ubuthathaka bokumamela imiyalezo kwi-System Bus ngelixa sisenza uphononongo lwekhowudi kunye nohlalutyo oluguqukayo kwiinkonzo ezisebenza njengengcambu, kwaye saqaphela ipateni engaqhelekanga kwiyunithi yenkqubo ebizwa ngokuba yi-networkd-dispatcher.

Inkqubo yangasemva edityaniswe ne-networkd-dispatcher isebenza njengengcambu kwaye uphulaphule iziganeko phezu D-Bus. Inkonzo ye-systemd-networkd ithumela ulwazi malunga neziganeko ezinxulumene notshintsho lwemeko yoqhagamshelo lwenethiwekhi. Ingxaki kukuba abasebenzisi abangenalungelo banokuphakamisa isiganeko sombuso esingekhoyo kwaye baqalise ukuphunyezwa kweskripthi sakho, esiya kuphunyezwa njengengcambu.

I-Systemd-networkd yenzelwe ukuqhuba izikripthi kuphela yomqhubi wenkqubo ebekwe kwi/etc/networkd-dispatcher directory kwaye ayinakuthathelwa indawo ngumsebenzisi, kodwa ngenxa yobuthathaka (I-CVE-2022-29799) bekunokwenzeka ukuba ikhowudi yokuphatha indlela yefayile isuswe kulawulo lwesiseko yemida kunye nokusebenzisa imibhalo engafanelekanga.

Ngokukodwa, xa kusenziwa indlela yefayile kwisikripthi, ixabiso le-OperationalState kunye ne-AdministrationState lisetyenziswe nge-D-Bus, apho abalinganiswa abakhethekileyo abazange bacinywe. Umhlaseli angavelisa eyakhe imeko ngo "../" amagama egameni kwaye aphinde aqondise umnxeba we-networkd-dispatcher komnye uvimba weefayili.

Ubungozi besibini (I-CVE-2022-29800) inxulumene nemeko yogqatso: phakathi kokujonga iparameters zescript (ezengcambu) kunye nokuyenza, bekukho ixesha elifutshane, elaneleyo lokubuyisela ifayile kwaye utsibe ukujonga iscript esiphethwe ngumsebenzisi wengcambu. Ukongeza, i-networkd-dispatcher ayizange ijonge amakhonkco omfuziselo, naxa kusenziwa izikripthi nge-subprocess.Popen call, eyenze lula kakhulu umbutho wohlaselo.

Uvimba weefayili "/tmp/nimbuspwn" wenziwa kwaye ikhonkco eliwumfuziselo "/tmp/nimbuspwn/poc.d" lenziwe lalatha kuvimba weefayili "/sbin" osetyenziselwa ukudlulisa itshekhi kwiingcambu eziphunyeziweyo.

Kuba "/sbin" eziphunyeziweyo, iifayile ezinegama elifanayo zenziwe kwi-"/tmp/nimbuspwn" ulawulo, umzekelo, kwifayile "/sbin/vgs", i "/tmp/nimbuspwn/" ifayile ephunyeziweyo vgs" i yenziwe, ephethwe ngumsebenzisi ongenanto, apho ikhowudi umhlaseli afuna ukuyiphumeza ibekwe khona.

Umqondiso we-D-Bus uthunyelwa kwinkqubo ye-networkd-dispatcher ene-OperationalState ebekwe ku- "../../../tmp/nimbuspwn/poc". Ukuthumela umqondiso kwisithuba segama "org.freedesktop.network1", ukukwazi ukuqhagamshela abaqhubi bayo kwi-systemd-networkd isetyenzisiwe, umzekelo, ngokukhohlisa nge gpgv okanye epmd, okanye ungasebenzisa inyani yokuba systemd-networkd Yiyo. ayisebenzi ngokungagqibekanga (umzekelo kwi Linux mint).

Emva kokufumana umqondiso, i-Networkd-dispatcher yenza uluhlu lweefayile eziphunyezwayo ezizezabasebenzisi beengcambu kwaye zifumaneka kuluhlu "/etc/networkd-dispatcher/../../../tmp/nimbuspwn/poc.d", ebhekisa kwi "/sbin".

Ngexesha apho uluhlu lweefayile lufunyenwe, kodwa iskripthi asikasetyenziswa, ikhonkco elingumfuziselo liphinda liqondiswe ukusuka ku-"/tmp/nimbuspwn/poc.d" ukuya ku-"/tmp/nimbuspwn" kwaye i-networkd-dispatcher iya kusetyenziswa. njengengcambu. umbhalo obekwe ngumhlaseli.

Ingxaki esisigxina kwi-networkd-dispatcher 2.2 ukukhululwa, nangona kungekho lwazi malunga nokupapashwa kokuhlaziywa ngokusasazwa.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   luyo sitsho
    yenzayo 2 iminyaka

    Batsho iwaka elinanye amaxesha: i-systemd yinkunkuma. Okungafunekiyo, kuyilwe kakubi, kugcwele kakhulu, kuyathandeka ukwenza iimpazamo. Lihlazo ukuba ifakwe kwi-distro yam endiyithandayo (debian)

    Phendula ku-luix