Kevin Backhouse (mai binciken tsaro) raba 'yan kwanakin da suka gabata a kan GitHub blog bayanin kula cewa an sami kuskure a cikin sabis na polkit hade da systemd (tsarin Linux na yau da kullun da mai kula da sabis), wanda tare da raunin shekaru bakwai ke nan ba da izinin aiwatar da haɓaka gata wanda ke cikin ɓoye a cikin rarraba Linux daban-daban kuma wanda aka sintiri a makon da ya gabata a cikin haɗin haɗin gwiwa.
Polkit kayan aiki ne na matakin aikace-aikace don bayyanawa da sarrafa siyasa cewa damar da matakai marasa tsari Yi magana da matakai masu dama, yana shigar da tsoho akan rarraba Linux daban-daban. An gabatar da raunin ne a sigar 0.113 shekaru bakwai da suka gabata (aikata bfa5036) kuma an gyara shi a ranar 3 ga Yuni bayan bayanan da mai binciken tsaro Kevin Backhouse ya fitar kwanan nan.
A matsayina na memba na GitHub Security Lab, aikina shine in taimaka inganta tsaro na kayan masarufin budewa ta hanyar ganowa da kuma bayar da rahoto game da raunin da ake samu. Bayan 'yan makonnin da suka gabata, na sami gatanci da haɓaka rauni a cikin polkit. Bayyanar da yanayin raunin hadewa tare da masu kula da polkit da kungiyar tsaro ta Red Hat. An sanar dashi a fili, an sake gyaran a ranar 3 ga Yuni, 2021 kuma aka sanya CVE-2021-3560
"Kowane tsarin Linux da ke amfani da sigar ririn polkit mai yuwuwa ne ga harin da ke amfani da aibi na CVE-2021-3560," maganganun Backhouse. ya ce aibi abin mamaki ne da sauƙin amfani, tunda kawai yana buƙatar commandsan umarni ta amfani da daidaitattun kayan aikin kamala kamar bash, kisa, da dbus-send.
"Rashin yiwuwar ya samo asali ne ta hanyar fara umarnin dbus-send, amma kashe shi yayin da polkit ke ci gaba da aiwatar da bukatar," in ji Backhouse.
Gidan bayan gida sanya bidiyo PoC na harin da ke amfani da wannan yanayin rashin dacewar yana nuna cewa yana da sauƙi a kunna.
“Raunin yanayin ya ba wa mai amfani na gari mara gata damar samun tushen harsashi kan tsarin. Abu ne mai sauki ayi amfani da wasu ingantattun kayan aikin layin umarni, kamar yadda zaku iya gani a wannan dan gajeren bidiyon, 'in ji masanin a cikin rubutun gidan yanar gizo.
Lokacin kashe dbus-aika (umarnin sadarwa tsakanin tsari), a tsakiyar neman tabbatarwa yana haifar da kuskure Wanne ya fito ne daga polkit yana neman UID na haɗin da babu shi (saboda an faɗi haɗin haɗi).
"A zahiri, polkit yana magance kuskuren ta hanyar da ba ta dace ba: maimakon ƙin amincewa da buƙatar, sai ta bi da shi kamar ta fito ne daga tsari tare da UID 0," in ji Backhouse "A wasu kalmomin, nan da nan kuna ba da izinin neman saboda kuna tsammanin buƙatar ta fito ne daga tushen aiki."
Wannan baya faruwa koyaushe, saboda tambayar UID na polkit zuwa dbus-daemon yana faruwa sau da yawa akan hanyoyi daban-daban. Yawancin lokaci waɗancan hanyoyin lambar suna magance kuskure daidai, in ji Backhouse, amma hanyar lamba tana da rauni, kuma idan cire haɗin yana faruwa yayin da hanyar lambar ke aiki, to haɓaka gata yana faruwa. Lokaci ne na kowane lokaci, wanda ya banbanta ta hanyoyin da ba za'a iya tantancewa ba saboda matakai da yawa suna da hannu.
Har ila yau, mai binciken ya buga tebur mai zuwa wanda ya ƙunshi jerin rashi rarrabawa a halin yanzu:
| RABAWA | MULKI? |
|---|---|
| RHEL 7 | A'a |
| RHEL 8 | Si |
| Fedora 20 (ko a baya) | A'a |
| Fedora 21 (ko kuma daga baya) | Si |
| Debian 10 ("buster") | A'a |
| Gwajin Debian | Si |
| Ubuntu 18.04 | A'a |
| Ubuntu 20.04 | Si |
Rarraba Linux wanda ke da nau'in pikit 0.113 ko daga baya aka girka, kamar Debian (reshe mara ƙarfi), RHEL 8, Fedora 21 da sama, da Ubuntu 20.04, abin ya shafa.
Yanayin tsutsar tsutse, Backhouse yayi hasashe, shine dalilin da yasa ba'a gano shi ba har tsawon shekaru bakwai.
Backhouse ya ce "CVE-2021-3560 na ba da damar wani maharin na cikin gida mara gata don samun gatan sa," in ji Backhouse. "Abu ne mai sauki kuma mai saurin amfani, saboda haka yana da muhimmanci ka sabunta abubuwan shigarwar Linux da wuri-wuri."
Finalmente Idan kuna da sha'awar sanin game da shi, zaka iya duba bayanan A cikin mahaɗin mai zuwa.