Ma kahi waihona TCP/IP ponoʻī , hoʻohana ʻia ma o ka hoʻouna ʻana i nā pūʻolo i hoʻolālā ʻia. Ua hāʻawi ʻia nā mea nāwaliwali i kahi inoa code . Hōʻike ʻia kekahi mau mea nāwaliwali ma ka waihona KASAGO TCP/IP mai Zuken Elmic (Elmic Systems), nona nā aʻa maʻamau me Treck. Hoʻohana ʻia ka Treck stack i ka nui o nā ʻoihana, nā lāʻau lapaʻau, nā kamaʻilio, nā mea hoʻopili a me nā mea kūʻai aku (mai nā kukui akamai i nā mea paʻi a me nā lako mana hiki ʻole ke hoʻopau ʻia), a me ka ikehu, ka lawe ʻana, ka mokulele, ka ʻoihana a me nā lako hana ʻaila.
ʻO nā mea hoʻouka kaua kaulana e hoʻohana ana i ka waihona TCP/IP o Treck me nā mea paʻi pūnaewele HP a me nā chips Intel. Ma waena o nā mea ʻē aʻe, ua lilo nā pilikia ma ka Treck TCP/IP stack i ke kumu o kēia mau lā ma Intel AMT a me ISM subsystems, hana ʻia ma o ka hoʻouna ʻana i kahi ʻeke pūnaewele. Ua hōʻoia ʻia ka hele ʻana o nā nāwaliwali e nā mea hana Intel, HP, Hewlett Packard Enterprise, Baxter, Caterpillar, Digi, Rockwell Automation a me Schneider Electric. ʻOi aku
, nona nā huahana i hoʻohana i ka Treck's TCP/IP stack, ʻaʻole i pane i nā pilikia. 5 mea hana, me AMD, i ʻōlelo ʻaʻole hiki i kā lākou huahana ke pilikia i nā pilikia.
Ua loaʻa nā pilikia i ka hoʻokō ʻana i nā protocols IPv4, IPv6, UDP, DNS, DHCP, TCP, ICMPv4 a me ARP, a ua hoʻokumu ʻia e ka hana hewa ʻole o ka nui o ka ʻikepili (e hoʻohana ana i kahi kahua nui me ka nānā ʻole i ka nui o ka ʻikepili maoli), nā hewa i loko. ka nānā ʻana i ka ʻike hoʻokomo, ka hoʻokuʻu ʻelua o ka hoʻomanaʻo, ka heluhelu ʻana i waho o ka buffer, ke kahe ʻana o ka integer, ka mana komo hewa, a me nā pilikia i ka lawelawe ʻana i nā kaula palena ʻole.
ʻO nā pilikia pōʻino ʻelua (CVE-2020-11896, CVE-2020-11897), i hāʻawi ʻia i ka pae 10 CVSS, e ʻae i ke code e hoʻokō ʻia ma kahi hāmeʻa ma ka hoʻouna ʻana i nā ʻeke IPv4/UDP a i ʻole IPv6. ʻIke ʻia ka pilikia koʻikoʻi mua ma nā polokalamu me ke kākoʻo no nā tunnels IPv4, a ʻo ka lua ma nā mana i hoʻokuʻu ʻia ma mua o 04.06.2009/6/9 me ke kākoʻo IPv2020. Aia kekahi mea koʻikoʻi koʻikoʻi (CVSS 11901) i ka DNS resolver (CVE-XNUMX-XNUMX) a ʻae i ka hoʻokō code ma ka hoʻouna ʻana i kahi noi DNS i hana kūikawā (ua hoʻohana ʻia ka pilikia e hōʻike i ka hacking o Schneider Electric APC UPS a ʻike ʻia ma nā polokalamu me Kākoʻo DNS).
Nā mea haʻahaʻa ʻē aʻe CVE-2020-11898, CVE-2020-11899, CVE-2020-11902, CVE-2020-11903, CVE-2020-11905 e ʻae i nā ʻike o IPv4/ICMPv4, IPv6OverIPv4, i hōʻike ʻia e IPv6, IPv6OverIPvXNUMX ka hoʻouna ʻana i nā wahi hoʻomanaʻo ʻōnaehana hoʻonohonoho kūikawā. Hiki i nā pilikia ʻē aʻe ka hopena i ka hōʻole ʻana i ka lawelawe a i ʻole ka leakage o ke koena ʻikepili mai nā ʻōnaehana pale.
Hoʻopaʻa ʻia ka hapa nui o nā nāwaliwali ma Treck 6.0.1.67 (CVE-2020-11897 i hoʻopaʻa ʻia ma 5.0.1.35, CVE-2020-11900 ma 6.0.1.41, CVE-2020-11903 ma 6.0.1.28 2020. 11908). No ka mea hiki ke hoʻopaneʻe a hiki ʻole paha ka hoʻomākaukau ʻana i nā firmware hou no nā polokalamu kikoʻī (ua loaʻa ka Treck stack no nā makahiki he 4.7.1.27, ʻaʻole mālama ʻia nā mea he nui a paʻakikī paha e hoʻonui), ua ʻōlelo ʻia nā luna e hoʻokaʻawale i nā mea pilikia a hoʻonohonoho i nā ʻōnaehana nānā packet, nā pā ahi. a i ʻole nā mea ala e hoʻomaʻamaʻa a hoʻopaʻa i nā paʻi ʻāpana, poloka i nā tunnels IP (IPv20-in-IPv6 a me IP-in-IP), hoʻopaʻa i ka "kumu routing", hiki ke nānā i nā koho hewa ʻole i loko o nā ʻeke TCP, kāpae i nā memo mana ICMP i hoʻohana ʻole ʻia (MTU Update a Address Mask), hoʻopau i ka IPv4 multicast a hoʻihoʻi hou i nā nīnau DNS i kahi kikowaena DNS recursive paʻa.
Source: opennet.ru