关联漏洞
标题:
Minetest 安全漏洞
(CVE-2022-35978)
描述:Minetest是The Minetest Team团队的一个免费的开源体素游戏引擎。用于模组和游戏创建。 Minetest 5.5.1及之前版本存在安全漏洞,该漏洞源于在single player中,模组可以设置一个全局设置来控制加载的 Lua 脚本以显示主菜单,退出游戏会话后会立即加载该脚本,攻击者利用该漏洞可以干扰用户的系统。
描述
Proof of concept created for CVE-2022-35978 for educational purposes only.
介绍
# CVE-2022-35978 POC
#### Description
CVE-2022-35978 is a critical security vulnerability affecting Minetest versions up to and including 5.5.1.
Minetest is a free, open-source voxel game engine that supports easy modding and game creation. In single-player mode, a mod can set a global setting that controls the Lua script loaded to display the main menu. This script is then loaded as soon as the game session is exited. The Lua environment in which the menu runs is not sandboxed, allowing it to directly interfere with the user's system.
To mitigate this issue, users are advised to update Minetest to version 5.6.0 or later, where the vulnerability has been addressed.
The vulnerability has been assigned a CVSS v3.1 base score of 10.0 (Critical) by NVD, indicating a high potential impact.
For more details, refer to the official Minetest changelog and the GitHub commit addressing this issue.
# Usage
To execute the script(s),
1) Place the directory '`cve_2022_35978`" in your '`[MINETEST_PATH]/mods`' directory.
2) Run the game binary '`[MINETEST_PATH]/bin/mintest.exe`' as Administrator.
3) Join a single player game.
4) Press the `Esc` key to return to the main menu.
# Motivations
I developed this Proof of Concept (PoC) solely for educational purposes and to facilitate learning about application security among my peers. Additionally, I was particularly interested in exploring this CVE due to my strong passion for both application security and video game programming.
**Disclaimer**: This Proof of Concept (PoC) is provided strictly for educational purposes and to promote learning in the field of application security. I do not condone or support any malicious use of this code. Unauthorized exploitation of vulnerabilities may be illegal and unethical. Use this PoC responsibly and only in environments where you have explicit permission.
# Notes
1) If you wish to see the lua and terminal output when the code is executing, you can update the Minetest configuration file (`minetest.conf`) to include the following line:
```
enable_console = true
```
From here, when you launch the game, it also launches the command terminal to output print messages.
2) This PoC was tested and verified to be working on Minetest version 5.0.0 on Windows 10.
# References Used
- https://nvd.nist.gov/vuln/detail/CVE-2022-35978
- https://github.com/luanti-org/luanti/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13
- https://github.com/luanti-org/luanti/issues/15584
- https://github.com/minetest-mods/mesecons/issues/388
- https://github.com/luanti-org/luanti/blob/master/minetest.conf.example#L2580-L2588
- https://thejeshgn.com/2018/10/01/howto-write-your-first-minetest-mod/
- https://minetest.org/assemble/git-trees/trolltest-newline/builtin/init.lua
- https://forum.luanti.org/viewtopic.php?t=25435
- https://forum.luanti.org/viewtopic.php?t=16044
- https://forum.luanti.org/viewtopic.php?t=24129
- https://forum.luanti.org/viewtopic.php?t=6659
文件快照
[4.0K] /data/pocs/0314c93ccbf4cd128080ddc642df982614bc6214
├── [4.0K] cve_2022_35978
│ ├── [ 870] cve_2022_35978.lua
│ ├── [1.3K] init.lua
│ ├── [ 79] mod.conf
│ └── [4.0K] textures
│ └── [ 750] minetest_block.png
├── [4.0K] images
│ └── [4.4M] demo.gif
├── [ 11K] LICENSE
└── [2.9K] README.md
3 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。