Kwanan nan muhimmanci bayanai game da da ganewa na yanayin rauni (an lasafta shi azaman CVE-2021-27365) a cikin lambar ƙaramin tsarin iSCSI Linux kwaya cewa ba da damar mai amfani na gari mara izini don gudanar da lambar a matakin kernel kuma ya sami damar tushen tushen akan tsarin.
Matsalar ta samo asali ne ta hanyar kwaro a cikin aikin tsarin libiscsi iscsi_host_get_param (), wanda aka gabatar a shekarar 2006 yayin ci gaban tsarin tsarin iSCSI. Saboda rashin ingantattun abubuwan lura, wasu halayen halayen iSCSI, kamar su sunan mai masauki ko sunan mai amfani, na iya wuce darajar PAGE_SIZE (4KB).
Za'a iya amfani da raunin ta hanyar aika saƙonnin Netlink ta mai amfani mara izini wanda ya saita halayen iSCSI zuwa ƙimomin da suka fi PAGE_SIZE. Lokacin karanta bayanan sifa ta hanyar sysfs ko seqfs, ana kiran lambar don ƙaddamar da halayen zuwa zage don a kwafe su cikin maɓallin da yake PAGE_SIZE a girma.
Subsayyadadden tsarin da ake magana a kai shi ne jigilar bayanai na SCSI (Smallananan Kwamfutar Kwamfuta), wanda shine mizani don canja bayanan da aka yi don haɗa kwamfutoci zuwa na'urorin gefe, asali ta hanyar kebul na zahiri, kamar rumbun kwamfutoci. SCSI misali ne mai daraja wanda aka buga shi a farko a shekara ta 1986 kuma shine ma'aunin zinare don daidaitawar sabar, kuma iSCSI shine SCSI akan TCP. Har yanzu ana amfani da SCSI a yau, musamman a wasu yanayi na ajiya, amma ta yaya wannan ya zama farfaɗowa akan tsarin Linux na yau da kullun?
Yin amfani da rauni a cikin rarrabawa ya dogara da tallafi don ɗora kwatancen ƙwaƙwalwar ajiya scsi_transport_iscsi lokacin da ake kokarin kirkirar soket din NETLINK_ISCSI.
A cikin rarrabawa inda wannan rukunin ya ɗora kansa ta atomatik, ana iya aiwatar da harin ba tare da yin amfani da aikin iSCSI ba. A lokaci guda, don cin nasarar amfani da riba, ana buƙatar rajistar aƙalla safarar iSCSI ɗaya. Hakanan, don yin rijistar sufuri, zaku iya amfani da ƙirar ib_iser kernel, wanda aka ɗora kansa ta atomatik lokacin da mai amfani mara izini yayi ƙoƙarin ƙirƙirar soket na NETLINK_RDMA.
Loadingaukar kayayyaki ta atomatik da ake buƙata don amfani da amfani yana tallafawa CentOS 8, RHEL 8, da Fedora ta hanyar girka rdma-core kunshin akan tsarin, wanda dogaro ne ga wasu shahararrun fakiti kuma an girka shi ta tsohuwa a cikin daidaitawa don wuraren aiki, tsarin sabar tare da GUI da ƙwarewar yanayin mahalarta.
A lokaci guda, ba a shigar da rdma-core ba yayin amfani da ginin sabar wanda ke aiki kawai a cikin yanayin wasan bidiyo da lokacin shigar ƙaramar hoton shigarwa. Misali, an kunshi kunshin a cikin tushen Fedora 31 Workstation rarraba, amma ba a haɗa shi a cikin Fedora 31 Server ba.
Debian da Ubuntu ba sa saurin fuskantar matsalarkamar yadda rdma-core kunshin kawai ke ɗauke da ƙananan ƙwayoyin kernel da ake buƙata don hari idan akwai kayan aikin RDMA. Koyaya, kunshin uwar garken Ubuntu ya haɗa da kunshin bude-iscsi, wanda ya haɗa da fayil /lib/modules-load.d/open-iscsi.conf don tabbatar da cewa an ɗora modul iSCSI ta atomatik akan kowace taya.
Samfurin aiki na amfani yana samuwa don gwada hanyar haɗin da ke ƙasa.
An daidaita yanayin rauni a cikin sabuntawar kwayar Linux 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260, da 4.4.260. Ana samun sabuntawar kunshin Kernel a kan Debian (tsohuwar tsohuwar), Ubuntu, SUSE / openSUSE, Arch Linux, da Fedora, yayin da ba a sake gyara ba ga RHEL har yanzu.
Hakanan, a cikin tsarin iSCSI an magance raunin rashin haɗari biyu hakan na iya haifar da kwararar bayanan kernel: CVE-2021-27363 (bayanan da aka zayyana game da iSCSI sufirin mai ba da labari ta hanyar sysfs) da kuma CVE-2021-27364 (karatu daga wani yanki a waje da iyakokin tanadin).
Ana iya amfani da waɗannan lahani don sadarwa akan soket ɗin haɗin hanyar sadarwa tare da tsarin iSCSI ba tare da gata da ake buƙata ba. Misali, mai amfani mara gata zai iya haɗuwa da iSCSI kuma ya aika da umarnin tambarin.
Source: https://blog.grimm-co.com