Nyob rau hauv ib tug tswv cuab TCP/IP pawg , exploited los ntawm kev xa cov pob khoom tsim tshwj xeeb. Cov vulnerabilities tau muab lub npe code . Qee qhov tsis zoo kuj tshwm sim hauv KASAGO TCP / IP pawg los ntawm Zuken Elmic (Elmic Systems), uas muaj cov hauv paus hniav nrog Treck. Lub Treck stack yog siv nyob rau hauv ntau yam kev lag luam, kev kho mob, kev sib txuas lus, embedded thiab cov neeg siv khoom siv (los ntawm cov ntse teeb rau cov tshuab luam ntawv thiab cov khoom siv hluav taws xob tsis cuam tshuam), nrog rau cov khoom siv hluav taws xob, kev thauj mus los, aviation, kev lag luam thiab cov khoom siv roj.
Qhov tseem ceeb tawm tsam lub hom phiaj siv Treck's TCP / IP pawg suav nrog HP network printers thiab Intel chips. Ntawm lwm yam, teeb meem hauv Treck TCP / IP pawg tau dhau los ua qhov ua rau tsis ntev los no hauv Intel AMT thiab ISM subsystems, ua haujlwm los ntawm kev xa cov pob ntawv network. Lub xub ntiag ntawm qhov tsis zoo tau lees paub los ntawm cov tuam txhab Intel, HP, Hewlett Packard Enterprise, Baxter, Caterpillar, Digi, Rockwell Automation thiab Schneider Electric. Ntau
, uas nws cov khoom siv Treck's TCP / IP pawg, tseem tsis tau teb rau cov teeb meem. 5 cov tuam txhab, suav nrog AMD, tau hais tias lawv cov khoom tsis raug rau cov teeb meem.
Cov teeb meem tau pom nyob rau hauv qhov kev siv ntawm IPv4, IPv6, UDP, DNS, DHCP, TCP, ICMPv4 thiab ARP raws tu qauv, thiab tau tshwm sim los ntawm kev ua tsis raug ntawm cov ntaub ntawv loj tsis raug (siv qhov loj me yam tsis tau kuaj xyuas qhov tseeb cov ntaub ntawv loj), yuam kev hauv tshawb xyuas cov ntaub ntawv tawm tswv yim, muab ob npaug rau kev tso tawm ntawm lub cim xeeb, kev nyeem tawm ntawm qhov tsis txaus, cov lej ntau dhau, kev tswj kev nkag tsis raug, thiab teeb meem tuav cov hlua tsis muaj kev txwv.
Ob qhov teeb meem txaus ntshai tshaj plaws (CVE-2020-11896, CVE-2020-11897), uas tau muab CVSS qib 10, tso cai rau cov lej ua tiav ntawm lub cuab yeej los ntawm kev xa cov ntawv tshwj xeeb IPv4 / UDP lossis IPv6 pob ntawv. Thawj qhov teeb meem tseem ceeb tshwm sim ntawm cov khoom siv nrog kev txhawb nqa rau IPv4 qhov, thiab qhov thib ob hauv cov qauv tso tawm ua ntej 04.06.2009/6/9 nrog IPv2020 kev txhawb nqa. Lwm qhov teeb meem tseem ceeb (CVSS 11901) yog tam sim no nyob rau hauv DNS daws teeb meem (CVE-XNUMX-XNUMX) thiab tso cai rau kev ua lej los ntawm kev xa ib qho tshwj xeeb crafted DNS thov (qhov teeb meem tau siv los qhia txog kev nyiag ntawm Schneider Electric APC UPS thiab tshwm sim ntawm cov khoom siv nrog. Kev them nyiaj yug DNS).
Lwm qhov tsis zoo CVE-2020-11898, CVE-2020-11899, CVE-2020-11902, CVE-2020-11903, CVE-2020-11905 tso cai rau cov ntsiab lus ntawm IPv4/ICMPv4, IPv6OverCPv4 los yog IPv6OverCPv6, xa cov pob ntawv tsim tshwj xeeb hauv qhov chaw nco. Lwm qhov teeb meem yuav ua rau tsis lees paub kev pabcuam lossis xau ntawm cov ntaub ntawv seem ntawm qhov system buffers.
Feem ntau ntawm qhov tsis zoo yog kho hauv Treck 6.0.1.67 (CVE-2020-11897 yog kho hauv 5.0.1.35, CVE-2020-11900 hauv 6.0.1.41, CVE-2020-11903 hauv 6.0.1.28. 2020). Txij li thaum npaj cov firmware hloov tshiab rau cov khoom siv tshwj xeeb yuav ncua sijhawm lossis tsis tuaj yeem (Treck pawg tau muaj rau ntau tshaj 11908 xyoo, ntau yam khoom siv tseem tsis tau tswj xyuas lossis nyuaj rau hloov tshiab), cov thawj coj raug qhia kom cais cov khoom siv teeb meem thiab teeb tsa cov pob ntawv tshuaj xyuas, firewalls. los yog routers kom normalize los yog thaiv cov pob ntawv fragmented, thaiv IP qhov (IPv4.7.1.27-in-IPv20 thiab IP-hauv-IP), thaiv "qhov chaw routing", pab kev tshuaj xyuas cov kev xaiv tsis raug hauv TCP pob ntawv, thaiv cov lus tsis siv ICMP (MTU Hloov Kho thiab Chaw Nyob Mask), lov tes taw IPv6 multicast thiab redirect DNS queries mus rau ib tug ruaj ntseg recursive DNS server.
Tau qhov twg los: opennet.ru