ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Kev tshuaj xyuas kev nyab xeeb ntawm BusyBox pob qhia 14 qhov tsis zoo me me

Kev tshuaj xyuas kev nyab xeeb ntawm BusyBox pob qhia 14 qhov tsis zoo me me

Cov kws tshawb fawb los ntawm Claroty thiab JFrog tau tshaj tawm cov txiaj ntsig ntawm kev tshawb xyuas kev nyab xeeb ntawm BusyBox pob, dav siv hauv cov khoom siv kos thiab muab cov txheej txheem UNIX cov khoom siv ntim rau hauv ib daim ntawv ua tiav. Thaum lub sijhawm luam theej duab, 14 qhov tsis zoo tau raug txheeb xyuas, uas twb tau kho nyob rau lub Yim Hli tso tawm BusyBox 1.34. Yuav luag txhua qhov teeb meem tsis muaj teeb meem thiab tsis txaus ntseeg los ntawm qhov pom ntawm kev siv hauv kev tawm tsam tiag tiag, vim lawv xav tau kev siv hluav taws xob nrog kev sib cav tau txais los ntawm sab nraud.

Ib qho kev tsis sib haum xeeb yog CVE-2021-42374, uas tso cai rau koj los ua qhov tsis lees paub ntawm kev pabcuam thaum ua cov ntaub ntawv tshwj xeeb tsim compressed nrog cov nqi hluav taws xob unlzma, thiab nyob rau hauv rooj plaub ntawm kev sib dhos nrog CONFIG_FEATURE_SEAMLESS_LZMA cov kev xaiv, nrog rau lwm yam BusyBox Cheebtsam, suav nrog tar, unzip, rpm, dpkg, lzma thiab txiv neej.

Vulnerabilities CVE-2021-42373, CVE-2021-42375, CVE-2021-42376 thiab CVE-2021-42377 tuaj yeem ua rau muaj kev tsis lees paub kev pabcuam, tab sis yuav tsum tau ua haujlwm ntawm tus txiv neej, tshauv thiab cov khoom siv hluav taws xob hush nrog cov tsis tau teev tseg los ntawm tus neeg tawm tsam. Vulnerabilities CVE-2021-42378 rau CVE-2021-42386 cuam tshuam rau kev siv hluav taws xob awk thiab tuaj yeem ua rau kev ua txhaum cai, tab sis rau qhov no tus neeg tawm tsam yuav tsum xyuas kom meej tias qee tus qauv raug tua hauv awk (nws yog ib qho tsim nyog yuav tsum khiav awk nrog cov ntaub ntawv tau txais. los ntawm attacker).

Tsis tas li ntawd, koj tuaj yeem nco ntsoov qhov tsis zoo (CVE-2021-43523) hauv uclibc thiab uclibc-ng cov tsev qiv ntawv, vim tias thaum nkag mus rau cov haujlwm gethostbyname(), getaddrinfo(), gethostbyaddr() thiab getnameinfo(), lub lub npe sau npe tsis raug kuaj xyuas thiab ntxuav lub npe rov qab los ntawm DNS server. Piv txwv li, teb rau qee qhov kev thov daws teeb meem, DNS server tswj los ntawm tus neeg tawm tsam tuaj yeem xa rov qab cov tswv xws li "alert('xss').attacker.com" thiab lawv yuav raug xa rov qab tsis hloov rau qee qhov kev pab cuam. uas, tsis muaj kev ntxuav tuaj yeem tso saib lawv hauv web interface. Qhov teeb meem tau kho nyob rau hauv qhov kev tso tawm ntawm uclibc-ng 1.0.39 los ntawm kev ntxiv code los xyuas qhov tseeb ntawm cov npe sau rov qab, siv zoo ib yam li Glibc.

Tau qhov twg los: opennet.ru

Ntxiv ib saib