Ukuba zixhatshaziwe, ezi ziphene zinokuvumela abahlaseli ukuba bafumane ukufikelela okungagunyaziswanga kulwazi olubuthathaka okanye ngokubanzi babangele iingxaki.
Apha kwibhlog Ndithanda ukwabelana ngeendaba ezininzi malunga nokufunyanwa kwebug kunye nobuthathaka obuchongiweyo Kwi-linux ngaphakathi kwe subsystems zayo ezahlukeneyo, kunye nezinye izicelo ezidumileyo.
Uninzi lwenu luya kwazi inkqubo yokubhengeza ukuba sesichengeni ithande ukunika ixesha lobabalo ukuze abaphuhlisi babe nexesha lokukwazi ukusombulula ibug kwaye bandulule iinguqulelo zolungiso okanye iipetshi. Kwiimeko ezininzi phambi kokuba ubuthathaka buvezwe, iibhugi zilungisiwe, kodwa oku akusoloko kunjalo kwaye ulwazi kunye nee-xplots ezilungisiweyo zikhululwa kuluntu.
Into yokufika kweli nqanaba kukuba Ayisosihlandlo sokuqala ukuba kutyhilwe ukuba "i-xploit" ukusuka kwiziphumo zobuthathaka kunye "nebhaso elifihliweyo", ukususela phakathi kuJuni, ubuthathaka (odweliswe phantsi kwe-CVE-2023-35829) buchazwe kwimodyuli ye-Linux kernel rkvdec.
Kule meko, i-PoC yingcuka eyambethe ufele lwegusha, eneenjongo ezikhohlakeleyo phantsi kwengubo yesixhobo sokufunda esingenabungozi. Umnyango wayo ofihliweyo ubonisa isoyikiso esifihlakeleyo kwaye esizingileyo. Isebenza njengokhuphelo, ikhuphela ngokuthe cwaka kwaye yenze iskripthi se-Linux bash, ngelixa izifihla imisebenzi yayo njengenkqubo yenqanaba le-kernel.
Indlela yokusebenza kwayo ilula kakhulu. Isetyenziselwa ukwakha izinto eziphunyeziweyo kwiifayile zomthombo, ithatha ithuba lokwenza umyalelo ukwenza ifayile yokworker kwaye yongeza umendo wayo wefayile kwifayile ye bashrc, ivumela i-malware ukuba iqhubeke nokusebenza ngaphakathi kwenkqubo yexhoba.
Ubuthathaka obufunyenweyo bukhokelela ekufikeleleni kwindawo yememori emva kokuyikhulula ngenxa yemeko yogqatso kumqhubi wokukhuphela. Kwakucingelwa ukuba ingxaki yayinqunyelwe ukukhanyela umnxeba wenkonzo, kodwa kutshanje, kwiindawo ezithile kwiTelegram kunye ne-Twitter, ulwazi lubonakala ukuba ubuthathaka bunokusetyenziswa ukufumana amalungelo engcambu ngumsebenzisi ongenalungelo.
Ukubonisa oku, iiprototypes ezimbini ezisebenzayo ze-xploits zakhululwa njengobungqina eyiphi zithunyelwe kwi-Github kwaye kamva zasuswa, ngenxa yokuba kwakufunyenwe iingcango ezingemva kuzo.
Uhlalutyo lwemisebenzi epapashiweyo lubonise oko Iqulathe ikhowudi enobungozi ehlohla imalware kwi Linux, njengoko bamisela i-backdoor yokungena okude kwaye bathumele ezinye iifayile kubahlaseli.
Ukuxhaphaza ngobubi wenze ngathi ufumana ukufikelela kweengcambu ngokubonisa imiyalezo yoxilongo malunga nenkqubela-phambili yohlaselo, ngokwenza isithuba somsebenzisi esahlukileyo esinomsebenzisi wengcambu, kunye nokusebenzisa i/bin/bash iqokobhe kwindawo eyedwa kwinqununu edale uluvo lofikelelo lwengcambu xa uqhuba izinto eziluncedo njenge whoami.
Ikhowudi enobungozi yenziwe yasebenza ngokubiza ifayile ephunyeziweyo aclocal.m4 ukusuka kwiscript I-Makefile yokuqulunqa iskripthi (abaphandi abafumene ikhowudi enobungozi bothuswa kukuba xa bequlunqa i-exploit, ifayile ephunyeziweyo kwifomathi ye-ELF ibizwa ngokuba yi-autoconf script) . Emva kokuqaliswa, okuphunyeziweyo kudala ifayile kwindlela eyongeza kwi "~/.bashrc" kuqalo oluzenzekelayo.
Ngale ndlela, Inkqubo ithiywe ngokutsha ecebisa ukuba umsebenzisi akayi kuqaphela kuluhlu lwenkqubo kumxholo wobuninzi beenkqubo ze kworker kwi Linux kernel.
Inkqubo yokworker izakukhuphela iscript sebash kumncedisi wangaphandle kwaye ingayiqhuba kwinkqubo. Ngaloo ndlela, iskripthi esikhutshiweyo songeza isitshixo sokuxhuma kubangeneleli nge-SSH, kwaye nayo igcina ifayile enomxholo woluhlu lwasekhaya lomsebenzisi kunye nezinye iifayile zenkqubo, ezifana / etc/passwd, kwinkonzo yokugcina transfer.sh, emva koko ithunyelwa njengekhonkco kwifayile egciniweyo kwiseva ehlaselayo.
Okokugqibela, kufanelekile ukukhankanya ukuba ukuba ungumntu onomdla othanda ukuvavanya ii-xploits okanye ubuthathaka obuveziweyo, thatha amanyathelo okhuseleko kwaye akunakuze kube buhlungu ukwenza olu mvavanyo kwindawo ekwanti (VM) okanye kwenye inkqubo yesibini / izixhobo ezikhethekileyo kule nto.
Ukuba ukhona unomdla wokwazi ngakumbi ngayo, ungajonga iinkcukacha kwi eli khonkco lilandelayo.