Kwanan nan, a farkon lokacin rani, an yi kira da yawa don sabunta Exim zuwa sigar 4.92 saboda raunin CVE-2019-10149 (). Kuma kwanan nan ya bayyana cewa Sustes malware sun yanke shawarar yin amfani da wannan raunin.
Yanzu duk waɗanda suka sabunta cikin gaggawa za su iya sake "muna murna": a ranar 21 ga Yuli, 2019, mai bincike Zerons ya gano wani mummunan rauni a cikin Wakilin Canja wurin Exim Mail (MTA) lokacin amfani da TLS ga iri daga 4.80 zuwa 4.92.1 m, kyale nesa aiwatar da code tare da haƙƙoƙin gata ().
Varfafawa
Rashin lahani yana nan yayin amfani da duka ɗakunan karatu na GnuTLS da OpenSSL lokacin kafa amintaccen haɗin TLS.
A cewar mai haɓaka Heiko Schlittermann, fayil ɗin daidaitawa a cikin Exim baya amfani da TLS ta tsohuwa, amma yawancin rarrabawa suna ƙirƙirar takaddun shaida masu mahimmanci yayin shigarwa kuma suna ba da haɗin kai mai aminci. Hakanan sabbin nau'ikan Exim sun shigar da zaɓi tls_advertise_hosts=* da kuma samar da takaddun shaida.
ya dogara da tsari. Yawancin distros suna kunna ta ta tsohuwa, amma Exim yana buƙatar maɓallin satifiket+ don aiki azaman sabar TLS. Wataƙila Distros ya ƙirƙiri Cert yayin saiti. Sabbin Exims suna da zaɓin tls_advertise_hosts da ke kasa zuwa "*" kuma ƙirƙirar takardar shedar sa hannu, idan ba a samar da ko ɗaya ba.
Lalacewar kanta ta ta'allaka ne akan sarrafa SNI ba daidai ba ( Alamun Sunan uwar garken, fasahar da aka gabatar a cikin 2003 a cikin RFC 3546 don abokin ciniki don neman takaddun shaida na daidaitaccen sunan yanki, ) yayin musafaha TLS. Mai kai hari kawai yana buƙatar aika ƙarshen SNI tare da ja da baya ("") da hali mara kyau ("").
Masu bincike daga Qualys sun gano bug a cikin aikin string_printing(tls_in.sni), wanda ya haɗa da tserewa kuskure "". Sakamakon haka, an rubuta rubutun baya ba tare da ɓata lokaci ba zuwa fayil ɗin spool na buga. Ana karanta wannan fayil ɗin tare da haƙƙoƙin gata ta aikin spool_read_header(), wanda ke haifar da zubewa.
Yana da kyau a lura cewa a halin yanzu, masu haɓaka Exim sun ƙirƙiri PoC na rauni tare da aiwatar da umarni akan sabar mai rauni mai nisa, amma har yanzu bai fito fili ba. Saboda sauƙin amfani da kwaro, lokaci ne kawai, kuma gajere ne.
Ana iya samun ƙarin cikakken bincike na Qualys .
Amfani da SNI a cikin TLS
Yawan sabobin jama'a masu yuwuwar rauni
Bisa ga ƙididdiga daga babban mai bada sabis E-Soft Inc. girma kamar na Satumba 1, akan sabobin haya, ana amfani da sigar 4.92 a cikin fiye da 70% na runduna.
version
Yawan Sabar
kashi
4.92.1
6471
1.28%
4.92
376436
74.22%
4.91
58179
11.47%
4.9
5732
1.13%
4.89
10700
2.11%
4.87
14177
2.80%
4.84
9937
1.96%
Sauran sigogin
25568
5.04%
E-Soft Inc. tarihin farashi
Idan kuna amfani da injin bincike , sannan daga cikin 5,250,000 a cikin bayanan uwar garken:
- game da 3,500,000 suna amfani da Exim 4.92 (kimanin 1,380,000 ta amfani da SSL/TLS);
- sama da 74,000 suna amfani da 4.92.1 (kimanin 25,000 ta amfani da SSL/TLS).
Don haka, sanannen jama'a da samun dama ga Exim masu yuwuwar sabar sabar suna da lamba game da 1.5M.
Nemo sabobin Exim a Shodan
kariya
- Mafi sauƙi, amma ba a ba da shawarar ba, zaɓi shine rashin amfani da TLS, wanda zai haifar da isar da saƙonnin imel a sarari.
- Don guje wa cin gajiyar rauni, zai fi dacewa a ɗaukaka sigar .
- Idan ba zai yiwu a ɗaukaka ko shigar da sigar da aka faci ba, za ka iya saita ACL a cikin tsarin Exim don zaɓi acl_smtp_mail tare da dokoki masu zuwa:
# to be prepended to your mail acl (the ACL referenced # by the acl_smtp_mail main config option) deny condition = ${if eq{}{${substr{-1}{1}{$tls_in_sni}}}} deny condition = ${if eq{}{${substr{-1}{1}{$tls_in_peerdn}}}}
source: www.habr.com