11 Raunuka Masu Amfani Daga Nesa A Cikin TCP/IP Tarin VxWorks

Masu binciken tsaro daga Armis fallasa bayani game da 11 vulnerabilities (PDF) a cikin TCP/IP Ana amfani da tarin IPnet a cikin tsarin aiki na VxWorks. Ana sanya wa matsalolin suna "URGENT/11." Ana iya amfani da raunin da ke tattare da shi daga nesa ta hanyar aika fakitin hanyar sadarwa na musamman. Ga wasu matsaloli, yana yiwuwa a kai hari ta hanyar firewalls da NAT (misali, idan mahari yana sarrafa sabar DNS da na'urar da ke cikin hanyar sadarwa ta ciki ke shiga).


11 Raunuka Masu Amfani Daga Nesa A Cikin TCP/IP Tarin VxWorks

Matsaloli shida na iya haifar da kisa lambar mai hari lokacin aiki ba daidai ba saitin IP ko zaΙ“uΙ“Ι“ukan TCP a cikin fakiti, da kuma lokacin tantance fakitin DHCP. Matsaloli biyar ba su da haΙ—ari kuma suna iya haifar da zubar da bayanai ko harin DoS. An daidaita bayyana rashin lafiyar tare da kogin Wind, kuma sabon sakin VxWorks 7 SR0620, wanda aka saki a makon da ya gabata, ya riga ya magance matsalolin.

Tun da kowane lahani yana rinjayar wani Ι“angare na daban-daban na tarin hanyar sadarwar, batutuwan na iya zama takamaiman-saki, amma an bayyana cewa kowane nau'in VxWorks tun daga 6.5 yana da aΖ™alla raunin aiwatar da lambar nesa Ι—aya. A wannan yanayin, ga kowane bambance-bambancen na VxWorks ya zama dole don Ζ™irΖ™irar amfani daban. A cewar Armis, matsalar ta shafi na’urori kusan miliyan 200, da suka hada da na’urorin masana’antu da na likitanci, da na’urori masu amfani da wayar salula, da wayoyin VOIP, da na’urorin kashe wuta, da na’urorin buga takardu da na’urorin Intanet daban-daban.

Kamfanin Wind River tunanicewa wannan adadi ya wuce kima kuma matsalar tana shafar Ζ™ananan Ζ™ananan na'urori marasa mahimmanci, wanda, a matsayin mai mulkin, yana iyakance ga hanyar sadarwa na ciki. Tarin hanyar sadarwar IPnet yana samuwa ne kawai a cikin zaΙ“in bugu na VxWorks, gami da sakewa waΙ—anda ba a tallafawa (kafin 6.5). Na'urorin da suka dogara da dandamali na VxWorks 653 da VxWorks Cert Edition da ake amfani da su a wurare masu mahimmanci (mutumin masana'antu, na'urorin lantarki da na jirgin sama) ba sa fuskantar matsala.

Wakilan Armis sun yi imanin cewa saboda wahalar sabunta na'urori masu rauni, yana yiwuwa tsutsotsi za su bayyana waΙ—anda ke cutar da cibiyoyin sadarwa na cikin gida kuma suna kai hari ga shahararrun nau'ikan na'urori masu rauni gaba Ι—aya. Misali, wasu na'urori, kamar kayan aikin likitanci da masana'antu, suna buΖ™atar sake tabbatarwa da gwaji mai yawa lokacin sabunta firmware Ι—in su, yana mai da wahala sabunta firmware Ι—in su.

Wind River tafiyacewa a irin waΙ—annan lokuta, ana iya rage haΙ—arin yin sulhu ta hanyar ba da damar ginannun abubuwan tsaro kamar tari maras iya aiwatarwa, kariyar tari mai ambaliya, Ζ™untatawa na tsarin kira, da keΙ“ewar tsari. Hakanan za'a iya ba da kariya ta Ζ™ara sa hannu na toshe hari akan bangon wuta da tsarin rigakafin kutse, da kuma iyakance hanyar sadarwar hanyar sadarwa zuwa na'urar kawai zuwa kewayen tsaro na ciki.

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS πŸ”₯ Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster