{"id":6135,"date":"2024-02-11T16:18:59","date_gmt":"2024-02-11T15:18:59","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=6135"},"modified":"2024-02-11T16:18:59","modified_gmt":"2024-02-11T15:18:59","slug":"linux-glibc-ranjivost-omogucava-potpuni-root-pristup","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2024\/02\/11\/linux-glibc-ranjivost-omogucava-potpuni-root-pristup\/","title":{"rendered":"Linux glibc ranjivost omogu\u0107ava potpuni root pristup"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><a href=\"https:\/\/blog.qualys.com\/vulnerabilities-threat-research\/2024\/01\/30\/qualys-tru-discovers-important-vulnerabilities-in-gnu-c-librarys-syslog\" target=\"_blank\" rel=\"noopener\"><em>Linux glibc<\/em> ranjivost omogu\u0107ava potpuni root pristup<\/a> potencijalnom lokalnom napada\u010du na vi\u0161e <em>Linux<\/em> distribucija. Ranjivost je ozna\u010dena kao <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-6246\" target=\"_blank\" rel=\"noopener\"><em>CVE-2023-6246<\/em><\/a> (<em>CVSS<\/em> ocjena: 7.8) i predstavlja veliku prijetnju, jer mo\u017ee omogu\u0107iti neprivilegovanim korisnicima da eskaliraju <em>root<\/em> privilegije putem kreiranih ulaza u aplikacije koje koriste pogo\u0111ene funkcije evidentiranja.<\/span><\/p>\n<div id=\"attachment_6139\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-6139\" class=\"size-full wp-image-6139\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Linux-glibc-ranjivost.jpg\" alt=\"Linux glibc\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Linux-glibc-ranjivost.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Linux-glibc-ranjivost-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Linux-glibc-ranjivost-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Linux-glibc-ranjivost-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Linux-glibc-ranjivost-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Linux-glibc-ranjivost-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Linux-glibc-ranjivost-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-6139\" class=\"wp-caption-text\"><em>Linux glibc ranjivost omogu\u0107ava potpuni root pristup; Source: Bing Image Creator<\/em><\/p><\/div>\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2024\/02\/11\/linux-glibc-ranjivost-omogucava-potpuni-root-pristup\/#GLIBC\" >GLIBC<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2024\/02\/11\/linux-glibc-ranjivost-omogucava-potpuni-root-pristup\/#GLIBC_RANJIVOST\" >GLIBC RANJIVOST<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sajberinfo.com\/en\/2024\/02\/11\/linux-glibc-ranjivost-omogucava-potpuni-root-pristup\/#UTICAJ_NA_LINUX_DISTRIBUCIJE\" >UTICAJ NA LINUX DISTRIBUCIJE<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sajberinfo.com\/en\/2024\/02\/11\/linux-glibc-ranjivost-omogucava-potpuni-root-pristup\/#ZAKLJUCAK\" >ZAKLJU\u010cAK<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/sajberinfo.com\/en\/2024\/02\/11\/linux-glibc-ranjivost-omogucava-potpuni-root-pristup\/#ZASTITA\" >ZA\u0160TITA<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"GLIBC\"><\/span><span style=\"font-size: 14pt;\"><strong><em>GLIBC<\/em><\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Kao osnovni element skoro svakog <em>Linux<\/em> zasnovanog sistema, <em>GNU C<\/em> biblioteka ili <em>glibc<\/em> djeluje kao osnovna biblioteka koja povezuje aplikacije sa <em>Linux<\/em> jezgrom (eng. <em>kernel<\/em>). Pru\u017ea osnovne funkcije za sistemske pozive, ulazno\/izlazne operacije, upravljanje memorijom i druge funkcionalnosti niskog nivoa koje su programima potrebne za interakciju sa operativnim sistemom. Nedavno otkri\u0107e <em>glibc<\/em> gre\u0161ke predstavlja zna\u010dajnu zabrinutost zbog svog potencijalnog uticaja na milione sistema \u0161irom sveta.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"GLIBC_RANJIVOST\"><\/span><span style=\"font-size: 14pt;\"><strong><em>GLIBC<\/em> RANJIVOST<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Ranjivost <em>GNU C<\/em> biblioteke je prona\u0111ena u funkciji <em>_vsyslog_internal()<\/em> koju koriste uobi\u010dajene funkcije evidentiranja kao \u0161to su <em>syslog<\/em> i <em>vsyslog<\/em>. Ova ranjivost omogu\u0107ava <a href=\"https:\/\/sajberinfo.com\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">napada\u010dima<\/a> sa lokalnim pristupom da eskaliraju svoje privilegije na <em>root<\/em>, daju\u0107i im potpunu kontrolu nad sistemom. Ova <em>glibc <\/em>gre\u0161ka poti\u010de od prekora\u010denja <em>heap<\/em> zasnovanog bafera koji je nenamjerno uveden u <em>glibc<\/em> verziji <em>2.37<\/em> u avgustu 2022. godine. Ovaj problem je naknadno prenijet na <em>glibc<\/em> verziju <em>2.36<\/em> dok je adresiran na manje ozbiljnu ranjivost pra\u0107enu kao <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-39046\" target=\"_blank\" rel=\"noopener\"><em>CVE-2022-39046<\/em><\/a>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"UTICAJ_NA_LINUX_DISTRIBUCIJE\"><\/span><span style=\"font-size: 14pt;\"><strong>UTICAJ NA <em>LINUX<\/em> DISTRIBUCIJE<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Ova ranjivost ima zna\u010dajna uticaj na <em>Linux<\/em> distribucije zbog \u0161iroke upotrebe <em>glibc<\/em> biblioteke. Testiranje koje je sprovedeno na <em>Linux<\/em> distribucijama pokazuje ranjivosti kod <em>Debian 12<\/em> i <em>13<\/em>, <em>Ubuntu 23.04<\/em> i <em>23.10<\/em> i <em>Fedora 37<\/em> do <em>39<\/em>. Testovi su potvrdili da da neprivilegovani korisnici na podrazumijevanim instalacijama ovih sistema mogu da iskoriste <em>CVE-2023-6246<\/em> da bi dobili potpune <em>root<\/em> privilegije.<\/span><\/p>\n<p>&nbsp;<\/p>\n<blockquote><p><span style=\"font-size: 14pt;\"><em>\u201cOva gre\u0161ka omogu\u0107ava lokalnu eskalaciju privilegija, omogu\u0107avaju\u0107i neprivilegovanom korisniku da dobije potpuni root pristup. Iako ranjivost zahteva da se iskoriste specifi\u010dni uslovi (kao \u0161to je neuobi\u010dajeno duga\u010dak argument argv[0] ili openlog() ident), njen uticaj je zna\u010dajan zbog \u0161iroko rasprostranjene upotrebe zahva\u0107ene biblioteke.\u201d<\/em><\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><span style=\"font-size: 14pt;\"><em>&#8211; Saeed Abbasi, Product Manager &#8211; Threat Research Unit, Qualys &#8211;<\/em><\/span><\/p>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Analiziraju\u0107i <em>CVE-2023-6246<\/em>, sigurnosni istra\u017eiva\u010di su jo\u0161 otkrili tri ranjivosti <em>glibc<\/em> biblioteke. Ranjivosti ozna\u010dene kao <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-6779\" target=\"_blank\" rel=\"noopener\"><em>CVE-2023-6779<\/em><\/a> i <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-6780\" target=\"_blank\" rel=\"noopener\"><em>CVE-2023-6780<\/em><\/a> su prisutne u funkciji <em>_vsyslog_internal()<\/em> i slo\u017eene su za iskori\u0161tavanje. Trec\u0301a ranjivost, povezana sa o\u0161te\u0107enjem podataka u memoriji u <em>glibc<\/em> funkciji <em>qsort()<\/em> i jo\u0161 uvijek \u010deka <em>CVE<\/em> identifikaciju.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZAKLJUCAK\"><\/span><span style=\"font-size: 14pt;\"><strong>ZAKLJU\u010cAK<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Uticaj ranjivosti\u00a0 je pove\u0107an jer se <em>glibc<\/em> biblioteka koristi u velikoj ve\u0107ini <em>Linux<\/em> distribucija i verzija operativnog sistema. Napada\u010di koji dobijaju pristup na niskom nivou putem <a href=\"https:\/\/sajberinfo.com\/2022\/01\/02\/phishing-meta-su-ljudi-ne-tehnologija\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>phishing<\/em> napada<\/a>, eksploatacije ili putem fizi\u010dkog pristupa mogu potencijalno da iskoriste nedostatak kako bi u potpunosti kompromitovali sisteme.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Me\u0111utim, iskori\u0161tavanje ranjivosti zahteva specifi\u010dne uslove kao \u0161to je neobi\u010dno dugo ime programa ili korisni\u010dko ime. Sa druge strane, iako eksploatacija mo\u017ee biti slo\u017eena, \u0161iroko rasprostranjeno prisustvo ranjivog k\u00f4da zna\u010di da se ranjivost treba tretirati kao visokorizi\u010dna.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZASTITA\"><\/span><span style=\"font-size: 14pt;\"><strong>ZA\u0160TITA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Korisnicima <em>Linux<\/em> operativnog sistema i sistemskim administratorima se preporu\u010duje da a\u017euriraju <em>glibc<\/em> pakete na verzije koje sadr\u017ee ispravke za <em>CVE-2023-6246<\/em> i druge rije\u0161ene probleme. Glavne distribucije kao \u0161to su <em>Ubuntu<\/em>, <em>Debian<\/em>, <em>Fedora<\/em> i <em>SUSE Linux<\/em> su izdale savjete i a\u017euriranja.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linux glibc ranjivost omogu\u0107ava potpuni root pristup potencijalnom lokalnom napada\u010du na vi\u0161e Linux distribucija. Ranjivost je ozna\u010dena kao CVE-2023-6246 (CVSS ocjena: 7.8) i predstavlja veliku prijetnju, jer mo\u017ee omogu\u0107iti neprivilegovanim korisnicima da eskaliraju root&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":6139,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[756,755,757,758,746,759,754,753,141,373,760,747],"class_list":["post-6135","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-cve-2022-39046","tag-cve-2023-6246","tag-cve-2023-6779","tag-cve-2023-6780","tag-debian","tag-fedora","tag-glibc","tag-gnu-c","tag-linux","tag-root","tag-suse-linux","tag-ubuntu"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/6135","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=6135"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/6135\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/6139"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=6135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=6135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=6135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}