Qualys ya sami wata hanya ta ƙetare malloc da kariyar kyauta sau biyu don fara canja wurin sarrafawa zuwa lamba ta amfani da rauni a cikin OpenSSH 9.1 wanda aka ƙaddara yana da ƙananan haɗarin ƙirƙirar amfani mai aiki. A lokaci guda kuma, yiwuwar ƙirƙirar amfani da aiki ya kasance babban tambaya.
Rashin lafiyar yana faruwa ta hanyar tabbatarwa sau biyu kyauta. Don ƙirƙirar yanayi don bayyana rauni, ya isa a canza banner abokin ciniki na SSH zuwa "SSH-2.0-FuTTYSH_9.1p1" (ko wani tsohon abokin ciniki na SSH) don saita tutocin "SSH_BUG_CURVE25519PAD" da "SSH_OLD_DHGEX". Bayan saita waɗannan tutoci, ƙwaƙwalwar ajiyar "options.kex_algorithms" tana 'yantar da ita sau biyu.
Masu bincike daga Qualys, yayin da suke yin amfani da rashin lafiyar, sun sami damar sarrafa rajistar "% rip", wanda ya ƙunshi mai nuni ga umarni na gaba da za a aiwatar. Dabarar amfani da haɓaka tana ba ku damar canja wurin sarrafawa zuwa kowane wuri a cikin sararin adireshin tsarin sshd a cikin yanayin OpenBSD 7.2 da ba a sabunta ba, wanda aka kawo ta tsohuwa tare da OpenSSH 9.1.
An lura cewa samfurin da aka tsara shine aiwatar da kawai mataki na farko na harin - don ƙirƙirar amfani mai aiki, wajibi ne a ketare hanyoyin kariya na ASLR, NX da ROP, da kuma guje wa warewar sandbox, wanda ba shi yiwuwa. Don magance matsalar ƙetare ASLR, NX da ROP, wajibi ne a sami bayanai game da adireshi, wanda za'a iya cimma ta hanyar gano wani rauni wanda ke haifar da zubar da bayanai. Kwaro a cikin tsarin iyaye masu gata ko kwaya na iya taimakawa wajen fita cikin akwatin yashi.
source: budenet.ru