An buga abubuwan gyarawa na rarrabawar OpenWrt и , wanda a ciki ake kawar da shi (CVE-2020-7982) a cikin mai sarrafa kunshin , wanda ke ba ka damar kai harin MITM da maye gurbin abubuwan da ke cikin kunshin da aka sauke daga ma'ajiyar. Sakamakon kuskure a lambar tabbatarwa ta checksum, mai kai hari zai iya ƙirƙirar yanayin da za a yi watsi da ƙididdigar SHA-256 da ke cikin fakitin fakitin da aka sa hannu a dijital, wanda ke ba da damar ketare hanyoyin bincika amincin albarkatun ipk da aka zazzage.
Matsalar ta fara bayyana tun Fabrairu 2017, bayan lambar don yin watsi da jagororin sarari kafin checksum. Sakamakon kuskure lokacin tsallake sararin samaniya, ba a canza mai nuni zuwa matsayi a cikin layi ba kuma SHA-256 hexadecimal decoding madauki nan da nan ya dawo da sarrafawa kuma ya dawo da adadin adadin tsayin sifili.
Tun lokacin da aka ƙaddamar da mai sarrafa fakitin opkg a cikin OpenWrt tare da haƙƙin tushen, a yayin harin MITM, mai hari zai iya yin canje-canje cikin nutsuwa ga fakitin ipk da aka zazzage daga wurin ajiyar yayin da mai amfani ke aiwatar da umarnin "opkg install", kuma ya tsara aiwatar da lambar sa tare da haƙƙin tushen ta ƙara rubutun mai sarrafa ku zuwa kunshin, wanda ake kira yayin shigarwa. Don cin gajiyar raunin, dole ne maharin kuma ya shirya maye gurbin daidaitattun fakitin da aka sa hannu (misali, ana samarwa daga downloads.openwrt.org). Girman fakitin da aka gyara dole ne ya dace da ainihin girman da aka ayyana a cikin fihirisar.
A cikin yanayin da kuke buƙatar yin ba tare da sabunta dukkan firmware ba, zaku iya sabunta manajan kunshin opkg kawai ta hanyar aiwatar da umarni masu zuwa:
cd / tmp
opkg sabunta
opkg download opkg
zcat ./opkg-lists/openwrt_base | grep -A10 "Package: opkg" | grep SHA256sum
sha256sum ./opkg_2020-01-25-c09fe209-1_*.ipk
Na gaba, kwatanta kididdigar da aka nuna kuma idan sun dace, aiwatar:
opkg install ./opkg_2020-01-25-c09fe209-1_*.ipk
Sabbin sigogin kuma sun kawar da wani a cikin ɗakin karatu , wanda zai iya haifar da buffer ambaliya lokacin da aka sarrafa a cikin wani aiki keɓance na musamman serialized binary ko bayanan JSON. Ana amfani da ɗakin karatu a cikin nau'ikan abubuwan rarraba kamar su netifd, procd, ubus, rpcd da uhttpd, haka kuma a cikin fakitin. (Ya halarci sysUpgrade CLI). Matsakaicin buffer yana faruwa lokacin da manyan halayen lambobi na nau'in "biyu" ke yaduwa a cikin tubalan. Kuna iya bincika raunin tsarin ku ga rashin lahani ta hanyar aiwatar da umarni:
$ubus kira luci samunFeatures\
'{"banik": 00192200197600198000198100200400.1922 }'
Baya ga kawar da lahani da gyara kurakurai da aka tara, da OpenWrt 19.07.1 saki kuma ya sabunta sigar Linux kernel (daga 4.14.162 zuwa 4.14.167), warware matsalolin aiki yayin amfani da mitoci na 5GHz, da ingantaccen tallafi ga Ubiquiti Rocket M. Titanium, Netgear WN2500RP v1 na'urorin,
Zyxel NSA325, Netgear WNR3500 V2, Archer C6 v2, Ubiquiti EdgeRouter-X, Archer C20 v4, Archer C50 v4 Archer MR200, TL-WA801ND v5, HiWiFi HC5962, Xiaomi Mi Router 3 Pro da Netgear R6350.
source: budenet.ru