Wakawana kusazvibata muTIPC kuita kweLinux kernel

Munguva pfupi yapfuura nhau dzakabvarura izvo muongorori wezvekuchengetedza akaona kusagadzikana kwakanyanya (yatonyorwa pasi peCVE-2021-43267) mukuitwa kweTIPC network protocol inopihwa muLinux kernel, iyo inobvumira kure kure kuuraya kodhi ine kernel ropafadzo nekutumira yakanyatsogadzirwa network packet.

Ngozi yedambudziko inodzikiswa nenyaya yekuti kurwiswa kunoda kugonesa pachena TIPC rutsigiro pane system (nekurodha nekugadzirisa iyo tipc.ko kernel module), iyo isingaitwe nekusarudzika pane isiri-Linux kugovera. specialized.

CodeQL injini yekuongorora iyo inokutendera iwe kumhanyisa mibvunzo pane yako kodhi. Kubva pakuona kwekuchengetedza, izvi zvinogona kukubvumidza kuti uwane kusagadzikana nekungotsanangura chitarisiko chavo. CodeQL inozoenda inogara uye inowana ese zviitiko zvekusagadzikana ikoko.

TIPC yakatsigirwa kubva kuLinux 3.19 kernel, asi iyo kodhi inotungamira mukusagadzikana yakaverengerwa mu5.10 kernel.. Iyo TIPC protocol yakatanga kugadzirwa na Ericsson, inoitirwa kuronga inter-process kutaurirana musumbu uye inonyanya kushandiswa pane node dze cluster.

TIPC inogona kushanda zvese pamusoro peEthernet uye pamusoro peUDP (network port 6118). Muchiitiko chekushanda kuburikidza neEthernet, kurwiswa kunogona kuitwa kubva kunetiweki yemunharaunda, uye kana uchishandisa UDP, kubva kune network network, kana chiteshi chisina kuvharwa nefirewall. Kurwiswa kwacho kunogonawo kuitwa nemushandisi wepanzvimbo pasina ropafadzo pane anotambira. Kugonesa TIPC, unofanirwa kurodha iyo tipc.ko kernel module uye kugadzirisa chinongedzo kune network interface uchishandisa netlink kana tipc utility.

Iyo protocol inoshandiswa mu kernel module yakaunganidzwa nezvose zvakakura zveLinux kugovera. Kana yakatakurwa nemushandisi, inogona kushandiswa sechibatanidza uye inogona kugadziridzwa mune interface uchishandisa netlink (kana kushandisa mushandisi space tool tipc, iyo ichaita idzi netlink mafoni) semushandisi asina rombo.

TIPC inogona kugadzirwa kuti ishande pamusoro pemutakuri protocol senge Ethernet kana UDP (mune yekupedzisira kesi, kernel inoteerera pachiteshi 6118 kune mameseji anouya kubva kune chero muchina). Sezvo mushandisi ane rombo rakaderera asingakwanise kugadzira mbishi ethernet mafuremu, kuseta mutakuri kuUDP kunoita kuti zvive nyore kunyora kushandiswa kwenzvimbo.

Kusagadzikana kunozviratidza mune iyo tipc_crypto_key_rc basa uye inokonzerwa nekushaikwa kwechokwadi chechokwadi. yetsamba pakati pezvinotsanangurwa mumusoro uye saizi chaiyo yedata paunenge uchiongorora mapaketi nemhando yeMSG_CRYPTO inoshandiswa kuwana makiyi ekunyorera kubva kune dzimwe node musumbu kuitira kuti gare gare decrypt mameseji anotumirwa kubva kumanodhi aya.

Saizi yedata yakakopwa kundangariro inoverengerwa semusiyano pakati pemitengo yeminda ine saizi yemeseji uye saizi yemusoro, asi pasina kurangarira saizi chaiyo yezita reiyo encryption algorithm inofambiswa. mumeseji uye zviri mukati mekiyi.

Saizi yezita regorgorithm inofungidzirwa kuve yakagadziriswa, uye nekuwedzera hunhu hwakasiyana nehukuru hunopfuudzwa kune kiyi, uye anorwisa anogona kutsanangura kukosha mune iyi hunhu hunosiyana nekukosha chaiko, izvo zvinozotungamira kunyora kune. mutsara wemeseji kunze kwebhafa yakagoverwa.

Kusagadzikana kwakaiswa mu kernels 5.15.0, 5.10.77 uye 5.14.16, kunyangwe dambudziko richioneka uye risati ragadziriswa muDebian 11, Ubuntu 21.04 / 21.10, SUSE (mubazi reSLE15-SP4 risati raburitswa), RHEL (isati yatsanangurwa kana mhinduro isina njodzi yakagadziridzwa) uye Fedora.

Kunyange zvakadaro kernel update yakatoburitswa yeArch Linux uye kugovera nekernels pamberi pe5.10, senge Debian 10 uye Ubuntu 20.04, haina kukanganiswa.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako