{"id":6171,"date":"2024-02-18T17:48:18","date_gmt":"2024-02-18T16:48:18","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=6171"},"modified":"2024-02-18T17:48:18","modified_gmt":"2024-02-18T16:48:18","slug":"ubuntu-command-not-found-se-moze-zloupotrebiti","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2024\/02\/18\/ubuntu-command-not-found-se-moze-zloupotrebiti\/","title":{"rendered":"Ubuntu &#8216;command-not-found&#8217; se mo\u017ee zloupotrebiti"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>Ubuntu<\/em> &#8216;<em>command-not-found<\/em>&#8216; <a href=\"https:\/\/www.aquasec.com\/blog\/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system\/\" target=\"_blank\" rel=\"noopener\">se mo\u017ee zloupotrebiti<\/a> u situaciji kada bi zlonamjerni akteri preporu\u010dili i instalirali zlonamjerne pakete na ure\u0111aje koji koriste <em>Ubuntu<\/em> operativne sisteme. Alat<em> command-not-found<\/em> je podrazumijevano instaliran na <em>Ubuntu<\/em> sistemima i predla\u017ee pakete za instalaciju kada korisnici poku\u0161aju da pokrenu komande koje nisu dostupne.<\/span><\/p>\n<div id=\"attachment_6172\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-6172\" class=\"size-full wp-image-6172\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Ubuntu-command-not-found.jpg\" alt=\"command-not-found\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Ubuntu-command-not-found.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Ubuntu-command-not-found-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Ubuntu-command-not-found-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Ubuntu-command-not-found-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Ubuntu-command-not-found-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Ubuntu-command-not-found-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Ubuntu-command-not-found-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-6172\" class=\"wp-caption-text\">Ubuntu &#8216;command-not-found&#8217; se mo\u017ee zloupotrebiti; Source: Bing Image Creator<\/p><\/div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2024\/02\/18\/ubuntu-command-not-found-se-moze-zloupotrebiti\/#FUNKCIONISANJE_command-not-found\">FUNKCIONISANJE command-not-found<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2024\/02\/18\/ubuntu-command-not-found-se-moze-zloupotrebiti\/#ZAKLJUCAK\">ZAKLJU\u010cAK<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sajberinfo.com\/en\/2024\/02\/18\/ubuntu-command-not-found-se-moze-zloupotrebiti\/#ZASTITA\">ZA\u0160TITA<\/a><\/li><\/ul><\/nav><\/div>\n\n<h2><span style=\"font-size: 14pt;\"><strong>FUNKCIONISANJE <em>command-not-found<\/em><br \/>\n<\/strong><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Alat<em> command-not-found<\/em> oslanja se na naprednu alatku za pakovanje (eng. <em>Advanced Packaging Tool \u2013 APT<\/em>) i <em>snap<\/em> pakete za preporuke. Me\u0111utim, sigurnosni istra\u017eiva\u010di su otkrili potencijalni propust koji omogu\u0107ava napada\u010dima da manipuli\u0161u alatom i preporu\u010duju zlonamjerne pakete preko skladi\u0161ta <em>snap<\/em>. Ova ranjivost mo\u017ee dovesti do napada na lanac nabavke softvera i predstavlja zna\u010dajan bezbjednosni rizik za <em>Ubuntu<\/em> korisnike.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Iskori\u0161tavanjem ove ranjivosti alata <em>command-not-found<\/em>, <a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjerni akteri<\/a> mogu preporu\u010diti i prevariti korisnike da instaliraju la\u017ene pakete, ugro\u017eavaju\u0107i integritet i sigurnost njihovih sistema. Ova ranjivost bi se mogla iskoristiti za napade na lanac nabavke softvera, gdje se zlonamjerni paketi infiltriraju u sistem putem obmanjujuc\u0301ih preporuka.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Propust u u mehanizmu pseudonima omogu\u0107ava zlonamjernim akterima da registruju odgovaraju\u0107a <em>snap<\/em> imena povezana sa pseudonima i obmanu korisnike da instaliraju zlonamjerne pakete. Me\u0111utim, to nije sve, jer zlonamjerni akteri mogu tra\u017eiti ime <em>snap<\/em> paketa koji se odnosi na <em>APT<\/em> paket i isporu\u010diti zlonamjerni <em>snap <\/em>paket umjesto legitimnom <em>APT<\/em> paketa.<\/span><\/p>\n<p>&nbsp;<\/p>\n<blockquote><p><span style=\"font-size: 14pt;\"><em>\u201cDok &#8216;command-not-found&#8217; slu\u017ei kao zgodan alat za predlaganje instalacija za deinstalirane komande, napada\u010di mogu nenamjerno manipulisati njime preko skladi\u0161ta snap, \u0161to dovodi do obmanjujuc\u0301ih preporuka zlonamjernih paketa\u201d<\/em><\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><span style=\"font-size: 14pt;\"><em>&#8211; Aqua, cloud security firm &#8211;<\/em><\/span><\/p>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Visok procenat komandi <em>APT<\/em> paketa koje su podlo\u017ene la\u017enom predstavljanju od strane zlonamjernih aktera predstavlja zna\u010dajnu zabrinutost i dovodi mnoge <em>Ubuntu<\/em> korisnike u opasnost, potencijalno kompromitujuc\u0301i njihove sisteme i osvetljive podatke.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZAKLJUCAK\"><\/span><span style=\"font-size: 14pt;\"><strong>ZAKLJU\u010cAK<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Rizik da napada\u010di iskoriste uslu\u017eni alat <em>command-not-found d<\/em>a bi preporu\u010dili sopstvene zlonamjerne <em>snap<\/em> pakete je zabrinjavaju\u0107i rizik. Prava opasnost le\u017ei u potencijalnom obimu ovog problema, sa napada\u010dima koji su sposobni da opona\u0161aju hiljade komandi iz \u0161iroko kori\u0161tenih paketa. Prethodni slu\u010dajevi zlonamjernih paketa koji su se pojavljivali u <em>Snap<\/em> prodavnici posebno nagla\u0161avaju ovaj problem.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZASTITA\"><\/span><strong><span style=\"font-size: 14pt;\">ZA\u0160TITA<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Nije jo\u0161 jasno utvr\u0111eno koliko se ova ranjivost iskori\u0161tava, \u0161to pove\u0107anu budnost i primjenu proaktivnih strategija odbrane. Da bi se za\u0161titili od ovakvih prijetnji, korisnici i oni koji odr\u017eavaju pakete treba da usvoje nekoliko preventivnih mjera:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\">Korisnici bi trebalo da provjere izvor paketa pre instalacije, provjeravaju\u0107i kredibilitet onog ko odr\u017eava i preporu\u010denu platformu \u2013 bilo da je <em>snap<\/em> ili <em>APT<\/em>,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Snap<\/em> programeri sa pseudonimom treba da odmah registruju odgovaraju\u0107e ime ako je uskla\u0111eno sa njihovom aplikacijom kako bi sprije\u010dili zloupotrebu,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Programeri <em>APT<\/em> paketa se podsti\u010du da registruju povezano <em>snap<\/em> ime za svoje komande, preventivno ih \u0161tite\u0107i od potencijalnog la\u017enog predstavljanja od strane napada\u010da.<\/span><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Ubuntu &#8216;command-not-found&#8216; se mo\u017ee zloupotrebiti u situaciji kada bi zlonamjerni akteri preporu\u010dili i instalirali zlonamjerne pakete na ure\u0111aje koji koriste Ubuntu operativne sisteme. Alat command-not-found je podrazumijevano instaliran na Ubuntu sistemima i predla\u017ee pakete&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":6172,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[784,62,783,785,747],"class_list":["post-6171","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-advanced-packaging-tool","tag-apt","tag-command-not-found","tag-snap","tag-ubuntu"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/6171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=6171"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/6171\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/6172"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=6171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=6171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=6171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}