Iziphumo zohlalutyo lwasemva kwi-XZ zakhululwa

ngasemva XZ

ngasemva XZ

Ngaphandle kothandabuza Umba womqolo ofunyenwe kwisixhobo se-XZ yenye yeemeko eziya kuhla kwimbali yeLinux. kwaye akukho nto, kodwa wonke umsebenzi owenziwe nguJia Tan Ngomnye weyona mizekelo ibalaseleyo yobunjineli boluntu obusetyenziswayo, ekubeni umsebenzi owenziweyo ngokungathandabuzekiyo ufanele ukunconywa ngenxa yesixa sexesha elityalwe, ekubeni singathethi ngeeveki okanye iinyanga, ubuncinane iminyaka emibini.

Eli tyala liye latsala ingqalelo yabaninzi kwaye Uhlalutyo lobunjineli obubuyela umva luqalile, ngokweziphumo zabo zokuqala bonisa ubukho bomnyango ongasemva ofakwe kwi-liblzma njengenxalenye yephulo lokungena kwiphakheji ye-XZ. Lo mnyango ungasemva uyilelwe ngokukodwa ukuchaphazela iinkqubo ze-x86_64 ezine-Linux kernel kunye nethala leencwadi le-Glibc C, apho isiqwenga esongezelelweyo sisetyenziswa kwi-sshd ukuyidibanisa ne-libsystemd.

Abaphandi bayayichaza loo nto Ekuqaleni kwakukholelwa ukuba ucango olungemva lunokudlula uqinisekiso lwe-sshd kwaye ufumane ukufikelela kwinkqubo nge-SSH, kodwa uhlalutyo olongezelelweyo lubonise ukuba i-backdoor ivumela ukwenziwa kwekhowudi engenasizathu kwisixokelelwano ngaphandle kokushiya imikhondo kwilog zesshd.

Umsebenzi we-RSA_public_decrypt ubanjwe lucango olungemva ukuze uqinisekise utyikityo lomamkeli usebenzisa isitshixo esisisigxina Ed448. Ukuba uqinisekiso luphumelele, ikhowudi ehanjiswa ngumamkeli wangaphandle iphunyezwa kusetyenziswa inkqubo () umsebenzi phambi kokuba sshd iphinde imisele amalungelo. Idatha yekhowudi eya kusetyenziswa ikhutshwe kwi-parameter "N" idluliselwe kumsebenzi we-RSA_public_decrypt kwaye iqinisekiswe kwaye ihlanjululwe ngokusebenzisa i-ChaCha20 echazwe ngaphambili.

Ukuvula ucango lwasemva kwi sshd, isebenzisa i-standard host exchange key exchange mechanism kwaye iphendula kuphela kwisitshixo esilungiswe ngumhlaseli kwaye ihambelana nesitshixo esixeliweyo esimiselweyo Ed448. Ukuba uqinisekiso lwesitshixo sesitshixo sikawonke-wonke asiphumelelanga okanye ukuba ukunyaniseka kwedatha yokubulawa akuqinisekiswanga, i-backdoor ibuyisela ulawulo kwimisebenzi ye-SSH eqhelekileyo.

Isitshixo sabucala somhlaseli sihlala singaziwa, nto leyo eyenza kube nzima ukuphumeza ikhowudi yokuqinisekisa ukuze kusebenze i-backdoor ukusuka kwimithombo yangaphandle okanye ukuphuhlisa iskena esibhaqa iinginginya ezisengozini kwinethiwekhi. Nangona kunjalo, abaphandi baye baphuhlisa iskripthi esibonisa ukuba isitshixo sikawonke-wonke sinokufakwa njani endaweni yesatifikethi se-OpenSSH esithunyelwa ngumxhasi we-SSH, ecutshungulwa ngumsebenzi we-RSA_public_decrypt owamkelwe yi-backdoor.

Ukwengeza, Abaphandi bafumanise ubukho besixhobo sokunciphisa umva wendlu (killswitch) kwindlela yobulali ngokucwangcisa imo eguquguqukayo phambi kokuqalisa sshd. Kubekho kwakhona uhlalutyo oluneenkcukacha lolwakhiwo lweqokobhe olusetyenziselwa ukubhidanisa inkqubo yokukhupha ifayile yento ngomnyango ongasemva kwaye uyibuyisele kwithala leencwadi. liblzma.

Ngexesha lokuqulunqwa kwephakheji ye-XZ, enye ikhowudi yenziwe ukusuka kwiscript «build-to-host.m4» eyenze ifayile yovavanyo kwaye wenze utshintsho oluthile kubalinganiswa kwaye iyiguqulele ekubeni yifayile engaguqukiyo, apho umbhalo weqokobhe ukhutshiwe. Isiphumo seskripthi seqokobhe esinesiphumo siye sakwazi ukukhupha kancinci kancinci omnye umbhalo weqokobhe kumxholo, ukutsiba ulandelelwano oluthile ngemiyalelo kunye nokutshintsha amagama.

Ngenxa yale nkqubo, iscript esibhalwe iqokobhe elintsonkothileyo nelibanzi laye lakhupha ngokuthe ngqo ifayile ngocango lwangasemva kwifayile ye good-large_compressed.lzma, yacinywa, yayifaka kwi-liblzma. Esi sikripthi sikwabandakanya ukuphunyezwa kwendlela ye-plugin, eyavumela ukuba amacandelo aphunyeziweyo ongezelelweyo ahanjiswe kamva ngokubeka iifayile zovavanyo ezintsha ngaphandle kokuguqula i-good-large_compressed.lzma kunye ne-bad-3-corrupt_lzma2.xz, usebenzisa i-signature lookup. Ikhowudi iphinde ifake i-decryptor esekelwe kwi-algorithm ye-RC4, ephunyezwe ngolwimi lwe-AWK.

Ngakolunye uhlangothi, kufanelekile ukukhankanya ukuba ngokusekelwe kwisiganeko, Iseti yezixhobo ezibizwa ngokuba yi-xzbot yenziwe, yintoni equka:

  • I-honeypot yokwenza iiseva ezikhohlisayo ezizenza ngathi zisengozini yokubona iinzame zokudibanisa ngabahlaseli.
  • Isiqwenga sokutshintsha isitshixo sikawonke-wonke kumnyango ongasemva ngaphakathi kwi-liblzma.so ngesakho (ukudibanisa kucango olungasemva usebenzisa iqhosha labucala elihambelanayo).
  • Idemo yokuqalisa ukuphunyezwa kwekhowudi kwi-backdoor elungisiweyo usebenzisa iqhosha labucala elihambelanayo.

Ukuba unomdla wokukwazi ukwazi ngakumbi ngayo, ungazijonga iinkcukacha kwi eli khonkco lilandelayo.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.