Idan aka yi amfani da su, waɗannan kurakuran na iya ba wa maharan damar samun dama ga bayanai masu mahimmanci ba tare da izini ba ko kuma gabaɗaya haifar da matsala
Kwanan nan labari ya bazu cewa An gano wani mummunan rauni a cikin tsarin ksmbd, wanda aka haɗa a cikin aiwatar da uwar garken fayil bisa ka'idar SMB gina a cikin Linux kernel.
An gano laifin damar mugun cimma code kisa da hakkin kernel. Ana iya kai harin ba tare da tantancewa ba, ya isa cewa an kunna ksmbd module a cikin tsarin.
A halin yanzu ainihin cikakkun bayanai a kan hanyar da ake amfani da ita don yin amfani da rauni ba a bayyana ba tukuna An san rashin lafiyar ne kawai ta hanyar samun damar shiga wurin ƙwaƙwalwar ajiya (Amfani-Bayan-Kyauta) da aka riga aka warware saboda gazawar bincika wanzuwar abu kafin gudanar da ayyuka a kansa.
BAYANI BAYANIN RAUNI
Wannan raunin yana bawa maharan nesa damar aiwatar da lambar sabani akan abubuwan shigarwa na Linux Kernel. Ba a buƙatar tabbaci don amfani da wannan raunin, amma tsarin kawai tare da kunna ksmbd suna da rauni.Takamammen aibi yana wanzuwa a cikin sarrafa umarnin SMB2_TREE_DISCONNECT. Matsalar tana faruwa ne sakamakon rashin tabbatar da kasancewar wani abu kafin gudanar da ayyuka akan abun. Mai hari zai iya yin amfani da wannan raunin don aiwatar da lamba a cikin mahallin kernel.
An ambata cewa matsalar tana da alaka da gaskiyar cewa a cikin aikin smb2_itace_disconnect(), Ƙwaƙwalwar ajiya da aka ware don tsarin ksmbd_tree_connect, amma bayan haka har yanzu ana amfani da mai nuni yayin sarrafa wasu buƙatun waje waɗanda ke ɗauke da umarnin SMB2_TREE_DISCONNECT.
Baya ga raunin da aka ambata a cikin ksmbd, An kuma gyara batutuwa 4 marasa haɗari:
- ZDI-22-1688 - Yin aiwatar da lambar nesa tare da haƙƙin kwaya saboda gazawar bincika ainihin girman bayanan waje kafin kwafa shi zuwa madaidaicin buffer a cikin lambar sarrafa sifa na fayil. Ana rage haɗarin rashin lahani ta gaskiyar cewa mai amfani kawai na iya aiwatar da harin.
- ZDI-22-1691 - Kernel memorin bayanan nesa ya zube saboda kuskuren duba sigogin shigarwa a cikin SMB2_WRITE mai sarrafa umarni (mai amfani kawai na iya yin harin).
- ZDI-22-1687: Ƙin kiran sabis na nisa saboda gajiyar da ake samu na ƙwaƙwalwar ajiyar tsarin saboda kuskuren sakin albarkatu a cikin mai sarrafa umarni na SMB2_NEGOTIATE (ana iya kai hari ba tare da tantancewa ba).
- ZDI-22-1689 - Rashin gazawar kwaya mai nisa saboda rashin ingantaccen ma'aunin umarni na SMB2_TREE_CONNECT, wanda ya haifar da karantawa daga wurin buffer (mai amfani kawai na iya yin harin).
Taimako don gudanar da sabar SMB ta amfani da tsarin ksmbd yana cikin fakitin Samba tun sigar 4.16.0.
Ba kamar uwar garken SMB na sarari mai amfani ba, ksmbd ya fi dacewa ta fuskar aiki, yawan ƙwaƙwalwar ajiya, da haɗin kai tare da ci-gaba na kernel. Ksmbd ana ciyar da shi azaman babban aiki, toshe-da-wasa Samba tsawo, wanda ke haɗawa da kayan aikin Samba da ɗakunan karatu kamar yadda ake buƙata.
Namjae Jeon na Samsung da Hyunchul Lee na LG ne suka rubuta lambar ksmbd, kuma Steve French ne ke kula da shi a Microsoft, mai kula da tsarin CIFS/SMB2/SMB3 a cikin Linux kernel kuma ya daɗe yana cikin ƙungiyar. Samba developer, wanda ya yi. muhimmiyar gudunmawa ga aiwatar da tallafin yarjejeniya na SMB/CIFS a Samba da Linux.
Yana da kyau a faɗi hakan matsalar ta kasance tun daga kernel 5.15, wanda aka saki a cikin Nuwamba 2021, kuma an daidaita shiru cikin sabuntawa 5.15.61, 5.18.18 da 5.19.2, waɗanda aka samar a watan Agusta 2022. Tun da har yanzu ba a sanya batun mai gano CVE ba, har yanzu babu takamaiman bayani kan yadda ake gyara matsalar. matsala a rabawa.
a karshe idan kun kasance sha'awar ƙarin sani game da shi, zaka iya duba bayanan A cikin mahaɗin mai zuwa.