'Yan da suka gabata kwanaki suka fitar da labari na abin da aka gano yanayin rauni a cikin Ghostscript (CVE-2020-15900) abin da zai iya haifar da gyare-gyaren fayil da zartar da umarnin kisan kai lokacin buɗe takaddun PostScript da aka tsara na musamman.
Ga waɗanda basu san Ghostscript ba ya kamata su san hakan wannan injin fassara ne don Postcript da abun ciki na PDF kuma galibi ana amfani da shi don sauya fayilolin PDF da Postcript zuwa hotuna don samfoti, thumbnail da dalilai na ɗab'i.
Hakanan ana amfani dashi don samar da cikakken takardu don yawancin PDF masu kallo, gami da mashahuran masu kallo akan Android, kuma manyan kamfanoni da yawa kamar Google sun ba da lasisi don fassarawa a cikin gajimare.
Game da yanayin rauni a cikin Ghostscript
An gano kwaro a cikin yin amfani da na'urar bincike Ba-misali PostScript a cikin takaddar da ke ba da damar haifar da ambaliyar nau'in uint32_t lokacin kirga girman, sake rubuta wuraren ƙwaƙwalwar ajiya daga ma'aji sanyawa da samun damar yin amfani da fayiloli akan tsarin fayil ɗin, wanda za'a iya amfani dashi don ƙaddamar da hari don aiwatar da lambar izini akan tsarin (misali, ta ƙara umarni zuwa ~ / .bashrc ko ~ / .profile).
Snippet da AFL ta samo sun tura kirtani mai laushi akan tari: madogarar wofi (), kwafa abin da ake nufi da wannan, wanda hakan ya haifar da tari tare da zaren igiya guda biyu () () sannan kuma ya juya baya Watau, tana neman zaren fanko a cikin zaren fanko, farawa daga ƙarshe.
Abun takaici sun rasa shari'ar kan iyaka inda aka binciko zaren mara amfani. Lokacin neman layin fanko, ana bayyana wannan azaman cin nasara kai tsaye: babu wani abu don bincika, don haka mukayi tsalle zuwa ƙarshen. Koyaya, dole ne a raba sakamakon zuwa ƙimar wasa, wasan, da na bayan wasa. Abun takaici, lambar ta dauka cewa mun kalla sau daya kuma mun lissafa tsawon sakamakon wasan bayan munyi kuskure ta hanyar cire daya daga sifili, wanda hakan ya haifar da komawar zuwa mafi girman darajar: 4,294,967,295.
Wannan kuskure nakasu ne na lalacewar ƙwaƙwalwar ajiya inda akwai yuwuwar gazawa kuma yakan faru koyaushe. Babu buƙatar ma'amala da masu gadi, da sauransu, kawai karanta da rubuta duk abin da kake so zuwa ɓangaren ƙwaƙwalwar ajiya mai yawa. Wannan ya sauƙaƙa sauƙi ga wanda ba ƙwararren marubuci ba don amfani da shi.
Saboda wannan ambaliyar, wannan layin ba a taba raba shi ba kuma bai dauki sarari ba, amma yana da tsayi wanda ya kai ga wani ƙwaƙwalwar. Ingoƙarin karantawa ko rubuta wannan ƙwaƙwalwar a adiresoshin bazuwar zai fita daga iyakokin ƙwaƙwalwar ajiya, saboda haka duk kuskuren cikin fuzzing. Koyaya, za mu iya adana bayanin don ba da izinin amfani da shi ta hanyar amfani da wannan lambar yanki:
Yana da mahimmanci a la'akari da hakan yanayin rauni a cikin Ghostscript sun fi tsananikamar yadda ake amfani da wannan kunshin a cikin shahararrun aikace-aikacen PostScript da aikace-aikacen sarrafa PDF. Misali, ana kiran Ghostscript lokacinda ake ƙirƙirar hotuna a kan tebur, lokacin sanya bayanai a bango, da kuma yayin canza hotuna.
Don kai hari cikin nasara, a cikin lamura da yawa, ya isa kawai zazzage fayil ɗin amfani ko bincika kundin adireshin tare da shi a cikin Nautilus.
Hakanan ana iya amfani da damar aiki a cikin Ghostscript ta hanyar direbobin hoto dangane da kunshin ImageMagick da GraphicsMagick, wucewa JPEG ko PNG fayil, wanda ya ƙunshi lambar PostScript maimakon hoto (za a sarrafa wannan fayil ɗin a cikin Ghostscript, tunda nau'in MIME ana gane shi ta hanyar abun ciki, kuma ba tare da dogaro da ƙarin ba).
Magani
Batun ya shafi sigar 9.50 zuwa 9.52 (Kwaron ya kasance tun daga sigar 9.28rc1, amma a cewar masu binciken da suka gano raunin, ya bayyana tun sigar 9.50).
Amma an riga an gabatar da gyara a sigar 9.52.1 ban da wancan kumaAn buga sabuntawa na facin fakiti don wasu rarrabuwa na Linux kamar Debian, Ubuntu da SUSE.
Ganin cewa fakitoci a cikin RHEL basu shafa ba.
Source: https://insomniasec.com