e2fsck kayan aikin fsck ne na kunshin e2fsprogs wanda ke kula da saitin abubuwan amfani don kiyaye fayilolin ext2, ext3 da ext4. Saboda waɗannan gabaɗaya tsarin tsarukan fayil ne akan abubuwan rarraba Linux, ana ɗaukar kunshin e2fsprogs mai mahimmanci software.
yanann shine ke da alhakin bincika da kuma gyara rashin daidaituwa a cikin tsarin fayil akan Linux. Kwanan nan an sami rauni a cikin wannan mai amfanin wanne An riga an tsara shi a cikin CVE-2019-5188 kuma mai bincike Lilith ne, daga Cisco Talos wanda ya gano yanayin larurar aiwatar da lambar.
An sami wannan yanayin rauni yana bawa maharin damar aiwatar da lambar ƙira don wannan yayin da mai amfani da e2fsck ke bincikar tsarin fayil Ya ƙunshi kundayen adireshi na musamman.
Rashin lafiyar CVE-2019-5188 an tabbatar dashi a cikin sifofin e2fsprogs 1.43.3, 1.43.4, 1.43.5, 1.43.6, 1.43.7, 1.43.8, 1.43.9, 1.44.0, 1.44.1, 1.44.2, 1.44.3, 1.44.4, 1.44.5, 1.44.6, 1.45.0, 1.45.1, 1.45.2, 1.45.3, 1.45.4.
Rashin lafiyar ya haifar da kwaro a cikin aikin sunan canzawa () daga fayil din rehash.c, An yi amfani dashi lokacin sake ginin tebur masu alaƙa da kundin adireshi waɗanda ke ba da taswirar kundin adireshi don duk fayilolin da ta ƙunsa.
Game da yanayin rauni CVE-2019-5188
A cikin rahoton mai binciken, ya ce:
A cikin aiwatar da kundin adireshi a cikin ext2,3,4 akwai tsarin bayanai da yawa da ake buƙata don inganta girman fayiloli akan faifai...
Akwai raunin aiwatar da lambar a cikin aikin canza adireshin E2fsprogs e2fsck 1.45.4. Rubutun ext4 na musamman wanda aka kirkira na iya haifar da rubuce-rubucen wuce gona da iri zuwa tari, wanda hakan zai haifar da aiwatar da lambar. Mai kawo hari zai iya lalata wani bangare don kunna wannan yanayin rauni.
Lalacewa ga tsarin da ya shafi kundin adireshi zaba yana iya sa maharin ya yi rubutu zuwa wani yanki a waje da abin da aka ware.
Idan ana samun fayiloli masu yawa tare da suna iri ɗaya a cikin teburin zance na hanyar haɗin adireshi, mai amfani na e2fsck ya sake sauya fayilolin ɗin ɗin ɗin tare da ~ 0, ~ 1, da sauransu wanda aka haɗa zuwa sunan. Don ajiyar sabon suna na ɗan lokaci tare da canza sunan iri ɗaya, ana ba da 256-byte buffer a kan tari.
Ana tantance girman bayanan da aka kwafa ta hanyar magana «shigarwa-> name_len & 0xff », amma ƙimar shigar-> name_len an ɗora shi daga tsarin kan faifai kuma ba a lasafta shi bisa ainihin girman sunan.
Idan girman sifili ne, layin tsararru zai dauki darajar -1 kuma an kirkiro yanayi don zubewa na lambobi ta hanyar iyakar iyaka na abin adanawa (adadi mai yawa) da sake sake rubuta wasu bayanai a kan tari tare da ƙimar "~ 0".
Don tsarin 64-bit, yin amfani da yanayin raunin yana da rashin yiwuwar kuma baya buƙatar ƙuntataccen girman girma (ulimit -s Unlimited).
Don tsarin 32-bit, ana ɗaukar aikin mai yiwuwa, amma sakamakon ya dogara ne da yadda mai tattarawar ya aiwatar da aiwatarwa.
Don kai hari, mai kai hari yana buƙatar lalata bayanai akan tsarin tsarin ext2, ext3, ko ext4 fayiloli ta wata hanya.
Tun da wannan aikin yana buƙatar gatan superuser, yanayin rauni yana fuskantar barazana lokacin da mai amfani da e2fsck ya bincika abubuwan sarrafawa na waje ko hotunan FS da aka karɓa daga waje.
Yana da mahimmanci a faɗi hakan ba za a iya amfani da wannan yanayin rauni ba daga nesa, saboda haka an iyakance shi ne kawai don amfani da shi a cikin gida tunda shi neDole maharin ya sami takaddun shaida kuma ya samu nasarar tabbatar da tsarin.
An gano gano yanayin rashin lafiyar a ranar farko ta wannan shekarar kuma an raba shawarwarin ga al'umma. Mai binciken wanda ya gano wannan yanayin rashin lafiyar bai raba bayanan fasaha ko cin amanar jama'a ba. Don haka an daidaita yanayin rauni a cikin sabuntawar e2fsck 1.45.5.
A halin yanzu a cikin rarraba masu zuwa (Debian, Ubuntu, Arch Linux, SUSE / openSUSE, RHEL) matsalar har yanzu ba a gyara ta ba duk da cewa an yi rahoton ne fiye da mako guda da ya gabata.
Idan kana son karin bayani game da raunin da aka samu, zaka iya nemo bayanai da cikakkun bayanai game da shi ta hanyar tuntuɓar su zuwa mahada mai zuwa.