{"id":3534,"date":"2022-03-15T11:45:03","date_gmt":"2022-03-15T10:45:03","guid":{"rendered":"https:\/\/sajberinfo.com\/2022\/11\/21\/text-75\/"},"modified":"2022-12-04T12:48:44","modified_gmt":"2022-12-04T11:48:44","slug":"velika-sigurnosna-linux-ranjivost","status":"publish","type":"post","link":"http:\/\/sajberinfo.com\/en\/2022\/03\/15\/velika-sigurnosna-linux-ranjivost\/","title":{"rendered":"Velika sigurnosna Linux ranjivost"},"content":{"rendered":"<p class=\"MsoNormal\" style=\"text-align: left;\"><span style=\"font-size: 14pt;\"><span style=\"font-family: inherit;\">Otkrivena je veoma ozbiljna <span lang=\"sr-Latn-BA\"><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released\/\" target=\"_blank\" rel=\"noopener\">ranjivost u <em>Linux <\/em>operativnom sistemu<\/a><\/span> koja omogu\u0107ava napada\u010du da pokrene razne zlonamjerne akcije na ure\u0111aju, <em>backdoor<\/em> instalacije, pravljenje novih korisni\u010dkih naloga, modifikovanje skripti, privilegovanih servisa ili aplikacija. <\/span><\/span><\/p>\n<div id=\"attachment_3815\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-3815\" class=\"size-full wp-image-3815\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/03\/background-ga05f8d2fd_1024.jpg\" alt=\"Linux Security\" width=\"1024\" height=\"576\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/03\/background-ga05f8d2fd_1024.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/03\/background-ga05f8d2fd_1024-300x169.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/03\/background-ga05f8d2fd_1024-768x432.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/03\/background-ga05f8d2fd_1024-18x10.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-3815\" class=\"wp-caption-text\">Source: <a href=\"https:\/\/pixabay.com\/illustrations\/background-security-linux-3d-1900329\/\" target=\"_blank\" rel=\"noopener\"><em>Pixabay<\/em><\/a>; Edit by Sa\u0161a \u0110uri\u0107<\/p><\/div>\n<p class=\"MsoNormal\" style=\"text-align: left;\"><span style=\"font-size: 14pt;\"><span style=\"font-family: inherit;\">Ranjivost je nazvana <em>Dirty Pipe<\/em> je najozbiljnija ranjivost operativnog sistema <em>Linux<\/em> od 2016. godine kada je problem bila ranjivost nazvana <em><span lang=\"sr-Latn-BA\"><a href=\"https:\/\/arstechnica.com\/information-technology\/2016\/10\/most-serious-linux-privilege-escalation-bug-ever-is-under-active-exploit\/\" target=\"_blank\" rel=\"noopener\">Dirty Cow<\/a><\/span><\/em>. <em>Dirty Cow<\/em> ranjivost je omogu\u0107avala da se uradi <em>root Android<\/em> telefona bez obzira na verziju. Jedanaest mjeseci kasnije, sigurnosni istra\u017eiva\u010di su otkrili \u010dak 1200 aplikacija koje iskori\u0161tavaju ovu ranjivost. <em>Dirty Pipe<\/em> se odnosi na mehanizam u <em>Linux<\/em> operativnom sistemu pod nazivom <em>pipeline <\/em>koji omogu\u0107ava jednom sistemskom procesu da prenese podatke drugom. U su\u0161tini\u00a0 <em>pipeline<\/em> \u010dine dva ili vi\u0161e procesa koji su povezani tako da izlazni podatak jednog procesa bude proslije\u0111en drugom procesu kao ulazni podatak.<\/span><\/span><\/p>\n<p class=\"MsoNormal\" style=\"text-align: left;\"><span style=\"font-size: 14pt;\"><span style=\"font-family: inherit;\">Sigurnosni istra\u017eiva\u010d <em>Max Kellermann<\/em> je otkrio ovu ranjivost koja obuhvata <em>Linux<\/em> jezgro od verzije 5.8 i novije, \u0161to se odnosi i na <em>Android<\/em> ure\u0111aje. Ranjivost je ozna\u010dena kao <em><span lang=\"sr-Latn-BA\"><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-0847\" target=\"_blank\" rel=\"noopener\">CVE-2022-0847<\/a><\/span> <\/em>i otkrivena je dok je\u00a0 <em>Kellermann<\/em> istra\u017eivao o\u0161te\u0107ene datoteke dnevnika na serveru. Lako\u0107a koja omogu\u0107ava napada\u010dima da dobiju <em>root<\/em> privilegije zna\u010di da bi napada\u010di mogli uskoro da po\u010dnu masovno koristiti ovu ranjivost. <em>Dirty Cow<\/em> ranjivost je bilo te\u017ee iskoristiti, ali napada\u010di su za nju uspjeli napraviti zlonamjerni softver za napad na korisnike. <em>Dirty Pipe<\/em> ranjivost bi posebno trebala da brine pru\u017eaoce usluga <em>hosting<\/em>-a ili <em>Linux<\/em> okru\u017eenja sa vi\u0161ekorisni\u010dkim pristupom.<\/span><\/span><\/p>\n<div id=\"attachment_3817\" style=\"width: 1260px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-3817\" class=\"size-full wp-image-3817\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/03\/index1.jpg\" alt=\"Demonstration of the CVE-2022-0847 Dirty Pipe vulnerability\" width=\"1250\" height=\"525\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/03\/index1.jpg 1250w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/03\/index1-300x126.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/03\/index1-1024x430.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/03\/index1-768x323.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/03\/index1-18x8.jpg 18w\" sizes=\"auto, (max-width: 1250px) 100vw, 1250px\" \/><p id=\"caption-attachment-3817\" class=\"wp-caption-text\">Demonstracija <em>CVE-2022-0847<\/em> <em>Dirty Pipe<\/em> ranjivosti, Source: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-linux-bug-gives-root-on-all-major-distros-exploit-released\/\" target=\"_blank\" rel=\"noopener\"><em>BleepingComputer<\/em><\/a><\/p><\/div>\n<p class=\"MsoNormal\" style=\"text-align: left;\"><span style=\"font-size: 14pt;\"><span style=\"font-family: inherit;\">Sa ranjivo\u0161\u0107u su upoznate razne organizacije koje odr\u017eavaju <em>Linux<\/em> krajem februara 2022. godine, tako da je problem ispravljen u verzijama\u00a0 5.16.11, 5.15.25 i 5.10.102, me\u0111utim problem su jo\u0161 mnogi serveri koji nisu a\u017eurirani.<\/span><\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Otkrivena je veoma ozbiljna ranjivost u Linux operativnom sistemu koja omogu\u0107ava napada\u010du da pokrene razne zlonamjerne akcije na ure\u0111aju, backdoor instalacije, pravljenje novih korisni\u010dkih naloga, modifikovanje skripti, privilegovanih servisa ili aplikacija. Ranjivost je nazvana&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":3815,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[142,141,167,64,126],"class_list":["post-3534","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-backdoor","tag-linux","tag-privilege-escalation","tag-sajber-prijetnja","tag-vulnerability"],"_links":{"self":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/3534","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=3534"}],"version-history":[{"count":0,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/3534\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/3815"}],"wp:attachment":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=3534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=3534"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=3534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}