ProHoster > Блог > labaran intanet > An bayyana cikakkun bayanai na rashin lahani mai mahimmanci a cikin Exim

An bayyana cikakkun bayanai na rashin lahani mai mahimmanci a cikin Exim

aka buga gyara saki Fitowa 4.92.2 tare da kawar da mahimmanci rauni (CVE-2019-15846), wanda a cikin tsayayyen tsari na iya haifar da aiwatar da lambar nesa ta mai hari tare da tushen gata. Matsalar tana bayyana ne kawai lokacin da aka kunna tallafin TLS kuma ana amfani da shi ta hanyar ƙaddamar da takaddun abokin ciniki na musamman ko ingantaccen ƙima zuwa SNI. Rashin lahani gano da Qualys.

matsala ba a cikin mai sarrafa don guje wa haruffa na musamman a cikin kirtani (string_terpret_escape() daga kirtani.c) kuma ana haifar da shi ta hanyar ''halayen da ke ƙarshen kirtani da ake fassarawa kafin sifar mara kyau ('\0') da guje mata. Lokacin tserewa, jerin ''\' da lambar ƙarshen layin mara amfani ana ɗaukar su azaman hali ɗaya kuma ana matsar da mai nuni zuwa bayanai a wajen layin, wanda ake ɗaukarsa azaman ci gaba na layin.

Lambar kiran string_interpret_escape() tana keɓance magudanar ruwa don magudana bisa ainihin girman, kuma ma'anar da aka fallasa ta ƙare a wani yanki a waje da iyakokin buffer. Saboda haka, lokacin ƙoƙarin aiwatar da kirtani shigarwa, yanayi yana tasowa lokacin karanta bayanai daga wani yanki da ke waje da iyakokin da aka keɓe, kuma ƙoƙari na rubuta igiyar da ba ta kuɓuta ba zai iya haifar da rubuce-rubuce fiye da iyakokin ma'ajin.

A cikin saitunan tsoho, ana iya amfani da raunin ta hanyar aika bayanai na musamman zuwa SNI lokacin kafa amintaccen haɗi zuwa uwar garken. Hakanan za'a iya amfani da batun ta hanyar gyaggyarawa kimar ɗan adam a cikin saitunan da aka saita don tabbatar da takardar shaidar abokin ciniki ko lokacin shigo da takaddun shaida. Harin ta hanyar SNI da peerdn yana yiwuwa farawa daga saki Fitowa 4.80, wanda a cikinsa aka yi amfani da aikin string_unprinting() don cire abubuwan peerdn da SNI.

An shirya samfurin amfani don kai hari ta hanyar SNI, yana gudana akan i386 da amd64 gine-gine akan tsarin Linux tare da Glibc. Amfanin yana amfani da bayanan da aka rufe akan wurin tsibi, wanda ke haifar da sake rubuta ƙwaƙwalwar ajiyar da aka adana sunan fayil ɗin log ɗin. Ana maye gurbin sunan fayil da "/../../../../../../../../etc/passwd". Bayan haka, an sake rubuta mabambanta tare da adireshin mai aikawa, wanda aka fara ajiyewa a cikin log ɗin, wanda ke ba ka damar ƙara sabon mai amfani a cikin tsarin.

Sabunta fakitin tare da gyare-gyaren raunin da aka fitar ta hanyar rarrabawa Debian, Ubuntu, Fedora, SUSE/budeSUSE и FreeBSD. RHEL da matsalar CentOS ba mai saukin kamuwa ba, tunda ba a haɗa Exim a cikin ma'ajiyar fakitin su na yau da kullun (a DUMI-DUMI sabuntawa riga kafa, amma a yanzu ba a sanya shi ba zuwa wurin ajiyar jama'a). A cikin lambar Exim matsalar tana gyarawa tare da layi ɗaya faci, wanda ke hana tasirin tserewa na baya idan ya kasance a ƙarshen layin.

A matsayin madaidaicin aiki don toshe raunin, zaku iya musaki tallafin TLS ko ƙara
Sashen ACL "acl_smtp_mail":

deny condition = ${idan eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
deny condition = ${idan eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}

source: budenet.ru

Add a comment