An gano wani mummunan rauni (CVE-2021-43267) a cikin aiwatar da yarjejeniyar hanyar sadarwa ta TIPC (Transparent Inter-process Communication) da aka kawo a cikin Linux kernel, wanda ke ba ku damar aiwatar da lambar ku tare da gata na kwaya ta hanyar aika na musamman da aka tsara. fakitin cibiyar sadarwa. An rage haɗarin matsalar ta gaskiyar cewa harin yana buƙatar ba da damar tallafin TIPC a cikin tsarin (ɗorawa da daidaita tsarin kernel tipc.ko), wanda ba a yi ta tsohuwa ba a cikin rarraba Linux na musamman.
An goyan bayan ka'idar TIPC tun Linux kernel 3.19, amma lambar da ke haifar da raunin an haɗa ta cikin kwaya 5.10. An daidaita raunin a cikin kernels 5.15.0, 5.10.77 da 5.14.16. Matsalar ta bayyana kuma har yanzu ba a gyara ta a cikin Debian 11, Ubuntu 21.04/21.10, SUSE (a cikin reshen SLE15-SP4 ba tukuna ba), RHEL (har yanzu ba a yi cikakken bayani ba ko an dawo da gyara mai rauni) da Fedora. An riga an fitar da sabuntawar kernel don Arch Linux. Rarraba tare da kernel wanda ya girmi 5.10, kamar Debian 10 da Ubuntu 20.04, matsalar ba ta shafe su ba.
Ericsson ne ya ƙera ƙa'idar TIPC ta asali, an ƙera shi don tsara hanyoyin sadarwa a cikin gungu kuma ana kunna ta musamman akan nodes ɗin tari. TIPC na iya aiki akan ko dai Ethernet ko UDP (tashar tashar sadarwa 6118). Lokacin aiki akan Ethernet, ana iya kai harin daga cibiyar sadarwar gida, da kuma lokacin amfani da UDP, daga cibiyar sadarwar duniya idan tashar wuta ba ta rufe tashar jiragen ruwa. Har ila yau, za a iya kai harin ta wurin mai amfani da gidan mara gata. Don kunna TIPC, kuna buƙatar zazzage tsarin tipc.ko kernel module kuma saita ɗaurin zuwa cibiyar sadarwa ta amfani da netlink ko mai amfani na tipc.
Rashin lahani yana bayyana kansa a cikin aikin tipc_crypto_key_rc kuma yana haifar da rashin ingantaccen tabbaci na wasiku tsakanin bayanan da aka kayyade a cikin taken da ainihin girman bayanan lokacin da ake rarraba fakiti tare da nau'in MSG_CRYPTO, ana amfani da su don samun maɓallan ɓoyewa daga wasu nodes. a cikin gungu don manufar ɓata saƙon da aka aika daga waɗannan nodes na gaba. Ana ƙididdige girman bayanan da aka kwafi zuwa ƙwaƙwalwar ajiya a matsayin bambanci tsakanin ƙimar filayen tare da girman saƙon da girman kai, amma ba tare da la'akari da ainihin girman sunan algorithm na ɓoyewa da abubuwan da ke ciki ba. makullin da aka watsa a cikin sakon. An ɗauka cewa girman sunan algorithm yana daidaitawa, kuma an ƙaddamar da wani sifa daban tare da girman don maɓalli, kuma maharin na iya ƙididdige ƙima a cikin wannan sifa wanda ya bambanta da ainihin ɗaya, wanda zai haifar da rubuta rubutun. wutsiyar saƙon ya wuce abin da aka keɓe. tsarin tipc_aead_key { char alg_name[TIPC_AEAD_ALG_NAME]; int keylen mara sa hannu; /* a cikin bytes */ char key[]; };
source: budenet.ru