A cikin daidaitattun ɗakunan karatu na C uClibc da uClibc-ng, waɗanda aka yi amfani da su a cikin na'urori masu haɗawa da yawa da šaukuwa, an gano rauni (CVE ba a sanya shi ba) wanda ke ba da damar shigar da bayanan ƙirƙira a cikin cache na DNS, waɗanda za a iya amfani da su don maye gurbin adireshin IP. na wani yanki na sabani a cikin ma'ajin da kuma tura buƙatun zuwa yankin kan sabar maharin.
Batun yana shafar nau'ikan firmware na Linux don masu amfani da hanyoyin sadarwa, wuraren samun dama, da na'urorin Intanet na Abubuwa, da kuma rarrabawar Linux kamar OpenWRT da Embedded Gentoo. An lura cewa raunin yana bayyana a cikin na'urori daga masana'antun da yawa (alal misali, ana amfani da uClibc a cikin Linksys, Netgear da Axis firmware), amma tunda raunin ya kasance ba a daidaita shi a cikin uClibc da uClibc-ng, cikakken bayani game da takamaiman na'urori da masana'antun da samfuran su matsalar tana samuwa. Har yanzu ba a bayyana ba.
Lalacewar ta samo asali ne saboda amfani da masu gano ma'amala da ake iya faɗi a cikin lambar don aika tambayoyin DNS. An zaɓi lambar ganowa ta buƙatar DNS ta hanyar ƙara ƙira kawai ba tare da amfani da ƙarin bazuwar lambobin tashar jiragen ruwa ba, wanda ya ba da damar guba cache na DNS ta hanyar aika fakitin UDP da gangan tare da amsoshi na gaskiya (za a karɓi amsa idan ya zo kafin hakan. amsa daga ainihin uwar garke kuma ya haɗa da ID ɗin daidai). Ba kamar hanyar Kaminsky da aka gabatar a cikin 2008 ba, mai gano ma'amala baya buƙatar ma'ana, tun da farko ana iya faɗi (ƙimar da aka fara farawa zuwa 1, wanda aka haɓaka tare da kowane buƙatun, maimakon zaɓin bazuwar).
Don karewa daga ikon ganowa, ƙayyadaddun ƙayyadaddun yana ba da shawarar yin amfani da bazuwar rarraba lambobi na tashoshin cibiyar sadarwar tushen waɗanda aka aiko da buƙatun DNS, wanda ke rama ƙarancin girman mai ganowa. Lokacin da kuka kunna bazuwar tashar jiragen ruwa don samar da amsa ta gaskiya, ban da zaɓin mai ganowa 16-bit, dole ne ku zaɓi lambar tashar tashar jiragen ruwa. A cikin uClibc da uClibc-ng, ba a kunna irin wannan bazuwar ba a sarari (lokacin da ake kira daure, ba a ƙayyade tashar tashar UDP ba) kuma amfani da shi ya dogara da saitunan tsarin aiki.
Lokacin da aka kashe bazuwar tukunyar, tantance ƙimar buƙatun ID ana yiwa alama a matsayin ƙaramin aiki. Amma ko da an yi amfani da bazuwar, maharin yana buƙatar kawai ya hango tashar hanyar sadarwa daga kewayon 32768-60999, wanda don haka za su iya amfani da manyan aika amsa ta gaskiya zuwa tashoshin sadarwa daban-daban.
An tabbatar da matsalar a cikin duk fitowar uClibc da uClibc-ng na yanzu, gami da sigar kwanan nan na uClibc 0.9.33.2 da uClibc-ng 1.0.40. A cikin Satumba 2021, an aika bayani game da raunin zuwa CERT/CC don shirye-shiryen daidaitawa. A cikin Janairu 2022, an raba bayanai kan matsalar tare da masana'antun sama da 200 waɗanda ke haɗin gwiwa tare da CERT/CC. A cikin Maris, an yi ƙoƙarin tuntuɓar mai kula da aikin uClibc-ng daban, amma ya amsa da cewa bai sami ikon gyara raunin da kansa ba kuma ya ba da shawarar ba da bayani game da matsalar a bainar jama'a, yana fatan samun taimako don haɓaka matsalar. gyara daga al'umma. Daga cikin masana'antun, NETGEAR ya ba da sanarwar sakin sabuntawa wanda ke kawar da rauni.
source: budenet.ru