{"id":10485,"date":"2025-07-16T12:36:50","date_gmt":"2025-07-16T05:36:50","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10485"},"modified":"2026-02-05T12:36:57","modified_gmt":"2026-02-05T05:36:57","slug":"canh-bao-lo-hong-nghiem-trong-trong-git-cli-cho-phep-ghi-tuy-y-va-thuc-thi-ma-tu-xa-2","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/07\/16\/canh-bao-lo-hong-nghiem-trong-trong-git-cli-cho-phep-ghi-tuy-y-va-thuc-thi-ma-tu-xa-2\/","title":{"rendered":"C\u1ea3nh b\u00e1o l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong Git CLI cho ph\u00e9p ghi t\u00f9y \u00fd v\u00e0 th\u1ef1c thi m\u00e3 t\u1eeb xa"},"content":{"rendered":"

M\u1ed9t l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng v\u1eeba \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong Git CLI, c\u00f4ng c\u1ee5 ph\u1ed5 bi\u1ebfn b\u1eadc nh\u1ea5t trong gi\u1edbi l\u1eadp tr\u00ecnh, v\u1edbi m\u00e3 \u0111\u1ecbnh danh CVE-2025-48384. L\u1ed7 h\u1ed5ng n\u00e0y mang m\u1ee9c \u0111i\u1ec3m CVSS 8,1, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ghi t\u1ec7p t\u00f9y \u00fd v\u00e0 th\u1ef1c thi m\u00e3 t\u1eeb xa (RCE) tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng Linux v\u00e0 macOS th\u00f4ng qua m\u1ed9t thao t\u00e1c clone kho ch\u1ee9a \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1eb7c bi\u1ec7t.<\/b><\/p>\n

\n
\"Git.png\"<\/div>\n<\/div>\n

L\u1ed7 h\u1ed5ng CVE-2025-48384 xu\u1ea5t ph\u00e1t t\u1eeb c\u00e1ch Git x\u1eed l\u00fd kh\u00f4ng nh\u1ea5t qu\u00e1n k\u00fd t\u1ef1 \u0111i\u1ec1u khi\u1ec3n carriage return (\\r) trong t\u1ec7p c\u1ea5u h\u00ecnh .gitmodules. Khi Git \u0111\u1ecdc c\u1ea5u h\u00ecnh t\u1eeb t\u1ec7p n\u00e0y, c\u00e1c k\u00fd t\u1ef1 \\r c\u00f3 th\u1ec3 b\u1ecb b\u1ecf qua ho\u1eb7c l\u00e0m s\u1ea1ch, nh\u01b0ng khi ghi l\u1ea1i v\u00e0o t\u1ec7p .git\/config, ch\u00fang l\u1ea1i \u0111\u01b0\u1ee3c gi\u1eef nguy\u00ean. \u0110i\u1ec1u n\u00e0y t\u1ea1o ra m\u1ed9t t\u00ecnh hu\u1ed1ng \u0111\u1eb7c bi\u1ec7t nguy hi\u1ec3m khi attacker ch\u00e8n th\u00eam k\u00fd t\u1ef1 \\r v\u00e0o cu\u1ed1i \u0111\u01b0\u1eddng d\u1eabn submodule. Trong qu\u00e1 tr\u00ecnh git clone –recursive, Git s\u1ebd ghi c\u1ea5u h\u00ecnh submodule ch\u1ee9a k\u00fd t\u1ef1 \u0111i\u1ec1u khi\u1ec3n v\u00e0o v\u00f9ng c\u1ea5u h\u00ecnh c\u1ee5c b\u1ed9, t\u1eeb \u0111\u00f3 v\u00f4 t\u00ecnh ghi \u0111\u00e8 ho\u1eb7c ch\u00e8n c\u1ea5u h\u00ecnh \u0111\u1ed9c h\u1ea1i m\u00e0 kh\u00f4ng sinh ra l\u1ed7i.<\/p>\n

C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u ph\u00e1t hi\u1ec7n r\u1eb1ng k\u1ef9 thu\u1eadt n\u00e0y c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 ghi \u0111\u00e8 c\u00e1c tr\u01b0\u1eddng nh\u1ea1y c\u1ea3m trong c\u1ea5u h\u00ecnh Git, v\u00ed d\u1ee5 nh\u01b0 m\u1ee5c [remote “origin”], \u0111\u1ec3 chuy\u1ec3n h\u01b0\u1edbng to\u00e0n b\u1ed9 lu\u1ed3ng m\u00e3 sang m\u00e1y ch\u1ee7 do attacker ki\u1ec3m so\u00e1t. Trong k\u1ecbch b\u1ea3n kh\u00e1c, attacker c\u00f3 th\u1ec3 ghi t\u1ec7p v\u00e0o th\u01b0 m\u1ee5c .git\/hooks\/, n\u01a1i Git h\u1ed7 tr\u1ee3 th\u1ef1c thi script t\u1ef1 \u0111\u1ed9ng khi ng\u01b0\u1eddi d\u00f9ng thao t\u00e1c nh\u01b0 git commit, git merge. B\u1eb1ng c\u00e1ch n\u00e0y, m\u00e3 \u0111\u1ed9c c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t v\u00e0 ch\u1ea1y ng\u1ea7m d\u01b0\u1edbi d\u1ea1ng hook, m\u1edf \u0111\u01b0\u1eddng cho t\u1ea5n c\u00f4ng k\u00e9o d\u00e0i m\u00e0 kh\u00f4ng b\u1ecb ph\u00e1t hi\u1ec7n ngay l\u1eadp t\u1ee9c.<\/p>\n

T\u00ecnh tr\u1ea1ng n\u00e0y \u0111\u1eb7c bi\u1ec7t nguy hi\u1ec3m v\u00ec l\u1ec7nh git clone –recursive th\u01b0\u1eddng xu\u1ea5t hi\u1ec7n trong README ho\u1eb7c t\u00e0i li\u1ec7u h\u01b0\u1edbng d\u1eabn c\u1ee7a c\u00e1c d\u1ef1 \u00e1n m\u00e3 ngu\u1ed3n m\u1edf. Ng\u01b0\u1eddi d\u00f9ng \u00edt c\u1ea3nh gi\u00e1c c\u00f3 th\u1ec3 d\u1ec5 d\u00e0ng sao ch\u00e9p l\u1ec7nh n\u00e0y m\u00e0 kh\u00f4ng bi\u1ebft r\u1eb1ng h\u1ecd \u0111ang kh\u1edfi ch\u1ea1y m\u1ed9t chu\u1ed7i h\u00e0nh vi \u0111\u1ed9c h\u1ea1i ngay trong b\u01b0\u1edbc \u0111\u1ea7u ti\u00ean. Tr\u00ean h\u1ec7 \u0111i\u1ec1u h\u00e0nh macOS, GitHub Desktop m\u1eb7c \u0111\u1ecbnh c\u0169ng s\u1eed d\u1ee5ng ch\u1ebf \u0111\u1ed9 clone \u0111\u1ec7 quy, d\u1eabn \u0111\u1ebfn kh\u1ea3 n\u0103ng b\u1ecb khai th\u00e1c m\u00e0 kh\u00f4ng c\u1ea7n d\u00f2ng l\u1ec7nh th\u1ee7 c\u00f4ng. Trong khi \u0111\u00f3, c\u00e1c h\u1ec7 th\u1ed1ng Windows kh\u00f4ng b\u1ecb \u1ea3nh h\u01b0\u1edfng b\u1edfi l\u1ed7 h\u1ed5ng n\u00e0y do c\u00e1ch x\u1eed l\u00fd k\u00fd t\u1ef1 \u0111i\u1ec1u khi\u1ec3n kh\u00e1c bi\u1ec7t gi\u1eefa h\u1ec7 sinh th\u00e1i Unix v\u00e0 Windows.<\/p>\n

C\u00e1c phi\u00ean b\u1ea3n b\u1ecb \u1ea3nh h\u01b0\u1edfng bao g\u1ed3m to\u00e0n b\u1ed9 t\u1eeb v2.50.0 tr\u1edf v\u1ec1 tr\u01b0\u1edbc \u0111\u1ebfn v2.43.6. C\u00e1c b\u1ea3n v\u00e1 \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u00e1t h\u00e0nh trong \u0111\u1ee3t c\u1eadp nh\u1eadt ng\u00e0y 8\/7\/2025, g\u1ed3m: v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1 v\u00e0 v2.50.1.<\/p>\n

\u0110\u1ec3 gi\u1ea3m thi\u1ec3u r\u1ee7i ro ph\u00e1t sinh t\u1eeb l\u1ed7 h\u1ed5ng n\u00e0y, c\u1ea3 ng\u01b0\u1eddi d\u00f9ng c\u00e1 nh\u00e2n v\u00e0 t\u1ed5 ch\u1ee9c c\u1ea7n ch\u1ee7 \u0111\u1ed9ng th\u1ef1c hi\u1ec7n c\u00e1c bi\u1ec7n ph\u00e1p ph\u00f2ng ng\u1eeba t\u1eeb s\u1edbm, \u0111\u1eb7c bi\u1ec7t trong c\u00e1c quy tr\u00ecnh l\u00e0m vi\u1ec7c c\u00f3 s\u1eed d\u1ee5ng Git v\u00e0 c\u01a1 ch\u1ebf submodule. Ng\u01b0\u1eddi d\u00f9ng n\u00ean c\u00e2n nh\u1eafc \u00e1p d\u1ee5ng c\u00e1c b\u01b0\u1edbc sau \u0111\u1ec3 b\u1ea3o v\u1ec7 m\u00f4i tr\u01b0\u1eddng l\u00e0m vi\u1ec7c m\u1ed9t c\u00e1ch hi\u1ec7u qu\u1ea3:<\/p>\n