Vakaona kusazvibata muOpenSSH kunogona kushandiswa kure

Ruzivo rwakaburitswa nezve a vulnerability iyo yakaonekwa mukati kushandiswa kweOpenSSH kwe ssh-mumiriri iyo inobvumira kodhi kuti imhanye pane sisitimu yakapa ssh-mumiriri kuwana kune muenzi kune imwe mugumo we ssh yekubatanidza.

Kusagadzikana, kwakatonyorwa pasi peCVE-2023-38408, zvinozivikanwa nekuti zviri kure kushandiswa. Kurwisa zvinogoneka chete kana mushandisi akabatana ne ssh kune system inodzorwa neanorwisa nekugonesa socket kumberi kune ssh-agent pamusoro pe ssh uchishandisa iyo "-A" sarudzo kana iyo ForwardAgent kuseta mufaira rekugadzirisa.

Iyo ssh-agent maitiro, anoshandiswa kuvharira makiyi ega ega echokwadi makiyi, inotsigira sarudzo yekutumira nzira inobvumira kure kure kwe ssh yekubatanidza kuwana iyo ssh-agent pane yemuno system kuitira kuti isachengete data yechokwadi kune mamwe mauto.

Kunetseka ine hukama nekuvapo mu ssh-mumiriri wetsigiro yekurodha PKCS # 11 modules, iyo inogona kutangwa, pakati pezvimwe zvinhu, kuburikidza neunix socket inotumirwa kune imwe system kune ssh-agent.

Ichi chimiro inobvumira murwi anodzora muridzi kwayakabatanidzwa nayo nekukasira kurodha uye kurodha chero akagovaniswa maraibhurari kubva ku /usr/lib* madhairekitori pane yemuno system mune yakaparadzana ssh-pkcs11-mubatsiri maitiro. Iyi ficha inoonekwa mu ssh-agent yakaunganidzwa ne ENABLE_PKCS11 sarudzo, iyo inogoneswa neiyo default.

Pakutanga, kugona kurodha maraibhurari akagovaniswa kwaisaonekwa sekutyisidzira yekuchengetedza, sezvo kurodha kuchingogoneka kubva ku /usr/lib* system madhairekitori, ane maraibhurari akapihwa zviri pamutemo nekugovera, uye mashandiro nemaraibhurari aya anogumira pakudaidza dlopen() uye dlclose() mabasa, pasina kudaidza mabasa eraibhurari.

Zvisinei, akafuratira kuti mamwe maraibhurari ane muvaki uye muparadzi mabasa izvo zvinodaidzwa otomatiki paunenge uchiita dlopen () uye dlclose () mashandiro. Izvi zvinogona kukwana kutora maraibhurari anodiwa uye kuronga kure kure kodhi kuuraya.

Kugona kurwisa kunoratidzwa mu iyo default nharaunda ye Ubuntu, sezvo isina kuedzwa mune kumwe kugoverwa, iyo inoisawo mapakeji matatu kubva ku "universe" repository (kunyangwe zvichifungidzirwa kuti mune kumwe kugovera zvinokwanisika kurwisa mukumisikidzwa kwakasarudzika).

8 akasiyana ekurwisa akakurudzirwa.

Semuyenzaniso, imwe yesarudzo inovimbisa yekugadzira basa rekushandisa yakavakirwa pachokwadi chekuti libgnatcoll_postgres.so raibhurari, kana ichiita dlopen (), inonyoresa yakaparadzana chiratidzo stack inoshandiswa mumasaini ekubata nekudaidza sigaltstack () basa, uye mushure mekufona dlclose () inogovera ndangariro, asi haivharise (SS sign stack_ISAB).

Kushandisa vulnerability, manipulations anotevera anoitwa:

• Maraibhurari akasiyana akaremerwa kuti achinje mmap dhizaini.
• Iyo libgnatcoll_postgres.so raibhurari inoremerwa, imwe siginecha stack yakanyoreswa, uye munmap () inourayiwa.
• Maraibhurari anotakurwa kuti achinje marongerwo emmap uye kutsiva nzvimbo yechiratidzo yakaparadzana neimwe nzvimbo yekuyeuka yekunyora-modhi (semuyenzaniso, nhanho dzerukova kana .data/.bss segments).
• Inotakura raibhurari inonyoresa SA_ONSTACK siginecha inobata asi isingainyore ne munmap() kana dlclose() ichidanwa.
• Raibhurari inogamuchira chiratidzo uye ichifonera SA_ONSTACK chibatiso chechiratidzo chakaremerwa, zvichiita kuti nzvimbo yendangariro yakatsiviwa inyorwe nemafuremu akaturikidzana kubva kumubati wemasaini.
• Maraibhurari anotakurwa kuti anyore pamusoro pezviri mukati menzvimbo yakatsiviwa yendangariro.

Nezvekusagadzikana, zvakakosha kutaura kuti izvi yakagadziriswa mukuburitswa kweOpenSSH 9.3p2 ichangoburwa. Mushanduro itsva, zvikumbiro zvekutakura PKCS#11 modules zvinodzimwa nekusingaperi. Senzira yekuchengetedza, unogona kudoma isina chinhu PKCS#11/FIDO whitelist (ssh-agent -P ») paunotanga ssh-agent, kana kutsanangura zvakajeka ma library anotenderwa muwhitelist.

Chekupedzisira, kana iwe uchida kukwanisa kuziva zvakawanda nezvazvo, unogona kubvunza iwo ruzivo mu inotevera chinongedzo.