Kutholwe ubungozi obubili ku-Sudo obuvumela ukukhuphuka kwamalungelo ku-Linux nasezinhlelweni ezifanayo

  • Kutholwe ubungozi obubili (CVE-2025-32462 kanye ne-CVE-2025-32463) ku-Sudo, okuvumela abasebenzisi bendawo ukuthi bathole ukufinyelela kwezimpande.
  • Ukuba sengozini kokuqala kukhona iminyaka engaphezu kwe-12 futhi kuthinta inketho yokusingatha i-Sudo; okwesibili kusebenzisa umsebenzi we-chroot.
  • Ukuxhaphaza kulula futhi kuhlolwe ekusabalaliseni okudumile okufana no-Ubuntu ne-Fedora, kanye ne-macOS Sequoia.
  • Isixazululo esisebenzayo kuphela ukuthuthukela ku-Sudo 1.9.17p1 noma ngaphezulu, njengoba zingekho ezinye izindlela zokunciphisa.
PablinuxKubuyekezwe ngomhla ka-

Imizuzu ye-5

Ukuba sengozini kweSudo

Izigidi zezinhlelo ze-Linux ne-Unix zivezwe ezingozini ezinkulu zokuphepha ngenxa yokuvela kwe ubungozi obubili ku-Sudo, ithuluzi eliyisisekelo elivumela abasebenzisi ukuthi basebenzise imiyalo enezimvume eziphakeme ngendlela elawulwayo. Lawa maphutha, ahlonzwe ngokuthi I-CVE-2025-32462 y I-CVE-2025-32463, zisanda kuhlaziywa futhi zabikwa ngochwepheshe be-cybersecurity, bexwayisa ngomthelela wabo kanye nokuphuthuma kokufaka iziqephu.

Ukutholwa kufake abaphathi besistimu nezinkampani eziqaphile, njengoba i-Sudo ikhona ngokuzenzakalelayo ekusatshalalisweni okuningi kwe-GNU/Linux nezinhlelo ezifanayo, njenge-macOS. Zombili iziphazamisi zivumela ukukhuphuka kwelungelo kusuka kuma-akhawunti ngaphandle kwezimvume zokuphatha, okufaka engozini ubuqotho bamakhompyutha athintekile.

Iyini i-Sudo futhi kungani ibaluleke kangaka?

I-Sudo iyinsiza ebalulekile ezindaweni ze-Unix, esetshenziswa ukwenza imisebenzi yokuphatha ngaphandle kokungena njengempandeLeli thuluzi linikeza ukulawula okunemininingwane lapho abasebenzisi bangasebenzisa khona imiyalo ethile, okusiza ukugcina isimiso selungelo elincane nokuloga zonke izenzo ngezinjongo zokuhlola.

Ukucushwa kwe-Sudo kulawulwa kusuka kufayela / njll / ama-sudoers, okukuvumela ukuthi uchaze imithetho ethile ngokusekelwe kumsebenzisi, umyalo, noma umsingathi, umkhuba ovamile wokuqinisa ukuvikeleka kuzingqalasizinda ezinkulu.

Imininingwane Yobuchwepheshe Yobungozi be-Sudo

I-CVE-2025-32462: Ukwehluleka kwenketho yokusingatha

Lokhu kuba sengozini bekufihliwe kukhodi ye-Sudo isikhathi esingaphezu kweshumi leminyaka., ethinta izinguqulo ezizinzile ukusuka ku-1.9.0 kuye ku-1.9.17 nezinguqulo zefa ukusuka ku-1.8.8 ukuya ku-1.8.32. Umsuka wayo usekukhetheni -h o --host, okwaqala kufanele ikhawulelwe ekufakeni kuhlu amalungelo amanye amakhompyutha Nokho, ngenxa yokwehluleka kokulawula, ingasetshenziswa ukwenza imiyalo noma ukuhlela amafayela njengempande ohlelweni ngokwalo.

Ivektha yokuhlasela isekela ukulungiselelwa okuthile lapho imithetho ye-Sudo ikhawulelwe kubasingathi abathile noma amaphethini egama lomethuleli.. Ngakho, umsebenzisi wendawo angakhohlisa isistimu ngokwenza sengathi ukhipha imiyalo komunye umsingathi ogunyaziwe futhi athole ukufinyelela kwezimpande. ngaphandle kokudinga ukuxhashazwa okuyinkimbinkimbi.

Ukuxhashazwa kwalesi siphazamisi kuyakhathaza ikakhulukazi ezindaweni zebhizinisi, lapho iziqondiso ze-Host noma Host_Alias ​​​​zivame ukusetshenziselwa ukuhlukanisa ukufinyelela. Ayikho ikhodi yokuxhaphaza eyengeziwe edingekayo, vele ucele i-Sudo ngenketho -h kanye nomsingathi ovunyelwe ukweqa imikhawulo.

I-CVE-2025-32463: Ukuhlukunyezwa komsebenzi we-Chroot

Endabeni CVE-2025-32463, ubunzima bukhulu: Iphutha elethulwe kunguqulo 1.9.14 ka-2023 kumsebenzi we-chroot livumela noma yimuphi umsebenzisi wasendaweni ukuthi asebenzise ikhodi engafanele ezindleleni ezingaphansi kolawulo lwakhe, athole amalungelo omlawuli.

Ukuhlasela kusekelwe ekukhohlisweni kohlelo lwe-Name Service Switch (NSS). Ngokusebenzisa i-Sudo ngenketho -R (chroot) bese usetha uhla lwemibhalo olulawulwa umhlaseli njengempande, i-Sudo ilayisha ukucupha namalabhulali kusuka kule ndawo eshintshiwe. Umhlaseli angaphoqa ukulayishwa kwelabhulali eyabiwe enonya (ngokwesibonelo, ngokusebenzisa /etc/nsswitch.conf (okungelona iqiniso kanye nomtapo wolwazi olungiselelwe impande ye-chroot) ukuze uthole igobolondo lempande kusistimu. Ukuba khona kwaleli phutha kuqinisekisiwe ekusatshalalisweni okuningana, ngakho-ke kuyancomeka ukuthi uhlale unolwazi lwakamuva ngezibuyekezo zakamuva.

Ubulula bale nqubo buqinisekiswe ezimeni zomhlaba wangempela, kusetshenziswa kuphela isihlanganisi esingu-C ukuze kudalwe ilabhulali nokuqalisa umyalo ofanele nge-Sudo. Abukho ubunkimbinkimbi bobuchwepheshe noma ukucupha okuyinkimbinkimbi okudingekayo.

Lezi zingozi ezimbili ziqinisekisiwe ezinguqulweni zakamuva ze-Ubuntu, Fedora, ne-macOS Sequoia, nakuba okunye ukusatshalaliswa kungase kuthinteke. Ukuze uthole ukuvikelwa okukhulu, kubalulekile ukusebenzisa izibuyekezo ezinconywe onjiniyela.

Okufanele bakwenze abalawuli nabasebenzisi

Ukuphela kwesilinganiso esisebenzayo ukubuyekeza i-Sudo enguqulweni engu-1.9.17p1 noma entsha, njengalokhu kukhishwa onjiniyela balungise zombili izinkinga: Inketho yomsingathi ikhawulelwe ekusetshenzisweni okusemthethweni futhi umsebenzi we-chroot uthole izinguquko endleleni yawo nokuphathwa kwelabhulali.Ukusabalalisa okukhulu, okufana no-Ubuntu, i-Debian, i-SUSE, ne-Red Hat, sekuvele kukhiphile ama-patches ahambisanayo, futhi amaqoqo awo anezinguqulo ezivikelekile.

Ochwepheshe bezokuphepha nabo bayatusa hlola amafayela /etc/sudoers y /etc/sudoers.d ukuze kutholwe ukusetshenziswa okungenzeka kweziqondiso Zokusingathwa noma Zokubamba_Iziqondiso, kanye nokuhlola ukuthi ayikho yini imithetho evumela ukuthi isiphazamisi sisetshenziswe.

Azikho ezinye izixazululo ezisebenzayo. Uma ungakwazi ukubuyekeza ngokushesha, kuyanconywa ukuthi uqaphe eduze imikhawulo yokufinyelela neyokuphatha, nakuba ubungozi bokuchayeka buhlala buphezulu. Ukuze ufunde kabanzi mayelana nezinyathelo nezincomo, bheka lo mhlahlandlela ku izibuyekezo zokuphepha ku-Linux.

Lesi sigameko sigcizelela ukubaluleka kokuhlolwa kokuphepha okuvamile nokugcina izingxenye ezibalulekile njenge-Sudo zisesikhathini samanje. Ukuba khona kwamaphutha afihlekile isikhathi esingaphezu kweshumi leminyaka kunsiza esabalele kangaka kuyisikhumbuzo esiqinile sezingozi zokuthembela ngobumpumputhe kumathuluzi engqalasizinda ngaphandle kokubuyekezwa njalo.

Ukutholwa kwalobu bungozi ku-Sudo kugcizelela ukubaluleka kokuchibiyela okusebenzayo namasu okuhlola. Abalawuli nezinhlangano kufanele babuyekeze amasistimu abo, basebenzise iziqephu ezitholakalayo, futhi bahlale beqaphele izinkinga ezizayo ezithinta izingxenye zesistimu yokusebenza ebalulekile.

iMacOS Big Sur Sudo
I-athikili ehlobene:
Ukuba sengozini kweSudo nakho kuthinta ama-macOS, futhi akukakhunjulwa

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.