An gano raunin uku wanda ya ba da izini ga mai kai hari ga ɗaukaka gata akan tsarin da kuma kunna lambar azaman tushe a cikin systemd-journald wanda ke da alhakin shiga cikin tsarin.
Ularfafawa bayyana a cikin duk rarrabawa waɗanda suke amfani da systemd, Ban da SUSE Linux Ciniki 15, openSUSE Leap 15.0, da Fedora 28/29, wanda aka tattara abubuwanda aka tsara cikin tsarin tare da hada "-fstack-karo-kariya".
Menene rauni?
Ularfafawa an riga an yi rijista a ciki CVE-2018-16864 y CVE-2018-16865 ba ka damar ƙirƙirar yanayi don rubuta bayanai a waje da iyakar ƙwaƙwalwar ajiyar da aka ware, yayin da rauni CVE-2018-16866 ba ka damar karanta abin da ke cikin wuraren ƙwaƙwalwar ajiyar waje.
Masu binciken sun shirya samfurin aiki na amfani wanda, ta amfani da raunin CVE-2018-16865 da CVE-2018-16866.
Zuwa ga abin da ke cikakke game da waɗannan lahani masu binciken Suna gaya mana cewa wannan yana ba ku damar samun gatanci na asali bayan kusan minti 10 na kai hari kan tsarin gine-ginen i386 da mintuna 70 akan tsarin amd64.
An gwada wannan amfani akan Debian 9.5.
Sun kuma bayyana cewa:
Lokacin da aka rubuta amfani, Ana amfani da fasahar Stack Сlash, ainihin ma'anar shine ƙirƙirar yanayi lokacin da abubuwan da ke cikin ambaliyar suka cika a wurin tari ko kuma, akasin haka, tarin zai iya sake rubuta yankin tulin.
Wanne ke bayyana kansa a cikin yanayin da aka sanya tari da tsibirin kusa da juna (wurin tari zai biyo bayan ƙwaƙwalwar da aka ware don tsibi).
Amfani da shawarar da aka gabatar ya tabbatar da zaton cewa kariya daga hare-haren ajin Stack Сlash a matakin kernel na Linux bai isa ba.
A lokaci guda, an sami nasarar toshe harin ta hanyar sake gina GCC tare da ba da damar "-fstack-rikici-kariya"
Game da rauni
Ularfafawa An gano CVE-2018-16864 bayan nazarin halin da ake ciki inda canja wurin aikace-aikacen da ke adana bayanai zuwa log ta hanyar kira zuwa syslog (), yawancin maganganun layin umarni (da yawa megabytes) yana haifar da faɗuwar tsarin systemd-journald.
Binciken ya nuna cewa ta hanyar sarrafa kirtani tare da mahawara na layin umarni, ana iya sanya jerin gwano mai sarrafawa a farkon tari.
Amma don cin nasara kai tsaye, ya zama dole a tsallake dabarun kariya na shafin kariya na tari wanda aka yi amfani dashi a cikin kwaya., wanda asalinsa ke cikin maye gurbin shafukan ƙwaƙwalwar ajiya na iyakoki. don haɓaka banda (kuskuren shafi).
Kewaye wannan kariyar a layi daya systemd farawa da “yanayin tsere”, Bada lokaci don kamawa tsarin sarrafawa yana durkushewa saboda shigarwar ƙwaƙwalwar shafi, karanta kawai.
A cikin tsarin nazarin yanayin raunin farko, ƙarin matsaloli biyu sun tashi.
Na biyu yanayin rauni CVE-2018-16865 yana ba ku damar ƙirƙirar yanayin ɗimbin ɗimbin Stack Сlash makamantan ta hanyar rubuta babban sako zuwa fayil din run / systemd / journal / soket.
Na uku yanayin rauni CVE-2018-16866 yana bayyana idan ka aika da sakon syslog tare da halin ƙarshe ":"
Saboda kuskure a cikin ɓatar da kirtani, layin ƙarshe '\ 0' bayan za a jefar da shi kuma rikodin zai ƙunshi ɓangaren ɓoyewa a waje da '\ 0', yana ba ku damar gano adiresoshin jigon da mmap.
- CVE-2018-16864 yanayin rauni ya bayyana tun watan Afrilu 2013 (ya bayyana a cikin 203 mai tsari), amma ya dace da aiki kawai bayan canji zuwa tsarin 230 a cikin watan Fabrairun 2016.
- Rashin lafiyar CVE-2018-16865 ya bayyana tun daga Disamba 2011 (wanda aka tsara 38) kuma yana nan don aiki kamar na Afrilu 2013 (wanda aka tsara 201).
- An daidaita al'amuran CVE-2018-16864 da CVE-2018-16865 awanni kaɗan da suka gabata a cikin babban ɓangaren tsarin.
Raunin CVE-2018-16866 ya bayyana a watan Yunin 2015 (wanda aka tsara 221) kuma an gyara shi a watan Agusta 2018 (ba a nuna a cikin tsarin 240 ba).
An sake sakin wani aiki mai amfani har sai an saki faci ta hanyar rarrabawa.
A halin yanzu, har yanzu ba a riga an rarrabu da raunin raunin abubuwa ba sune mashahuri kamar Debian, Ubuntu, RHEL, Fedora, SUSE, da kuma danginsu.
tsarin tsotsa!
'yanci it yeah !!!!