Kev kho qhov tso tawm ntawm OpenWrt faib tau raug luam tawm ΠΈ , nyob rau hauv uas nws yog tshem tawm (CVE-2020-7982) hauv tus thawj tswj pob , uas tso cai rau koj ua MITM nres thiab hloov cov ntsiab lus ntawm pob rub tawm los ntawm qhov chaw cia khoom. Vim yog qhov yuam kev hauv cov ntawv pov thawj checksum, tus neeg tawm tsam tuaj yeem tsim cov xwm txheej raws li SHA-256 checksums tam sim no nyob rau hauv cov ntawv kos npe digitally kos npe yuav raug tsis quav ntsej, uas ua rau nws muaj peev xwm hla cov txheej txheem rau kev tshuaj xyuas qhov ncaj ncees ntawm cov khoom siv ipk.
Qhov teeb meem tau tshwm sim txij lub Ob Hlis 2017, tom qab code kom tsis quav ntsej qhov chaw ua ntej lub checksum. Vim yog qhov yuam kev thaum hla qhov chaw, tus taw tes rau txoj haujlwm hauv kab tsis tau hloov pauv thiab SHA-256 hexadecimal sib lawv liag txiav voj voog tam sim ntawd rov qab tswj thiab xa rov qab cov tshev ntawm xoom ntev.
Txij li thaum tus thawj tswj hwm pob opkg hauv OpenWrt tau pib nrog cov cai hauv paus, thaum muaj kev tawm tsam MITM, tus neeg tawm tsam tuaj yeem ua ntsiag to hloov pauv rau pob ipk rub tawm los ntawm lub chaw cia khoom thaum tus neeg siv tab tom ua qhov "opkg install" hais kom ua, thiab teeb tsa. kev ua tiav ntawm nws cov cai nrog cov cai hauv paus los ntawm kev ntxiv koj tus kheej cov ntawv sau rau hauv pob, hu ua thaum lub sijhawm teeb tsa. Txhawm rau siv qhov tsis zoo, tus neeg tawm tsam yuav tsum tau npaj rau kev hloov pauv ntawm qhov tseeb thiab kos npe pob qhov ntsuas (piv txwv li, muab los ntawm downloads.openwrt.org). Qhov luaj li cas ntawm lub pob hloov yuav tsum sib phim qhov loj me uas tau teev tseg hauv qhov ntsuas.
Nyob rau hauv ib qho xwm txheej uas koj yuav tsum tau ua yam tsis tau hloov kho tag nrho cov firmware, koj tuaj yeem hloov kho tsuas yog tus thawj tswj hwm pob opkg los ntawm kev khiav cov lus txib hauv qab no:
cd / tmp
opkg hloov
opkg download tau opkg
zcat ./opkg-lists/openwrt_base | grep -A10 "Package: opkg" | grep SHA256 npe
sha256sum ./opkg_2020-01-25-c09fe209-1_*.ipk
Tom ntej no, sib piv cov checksums tso tawm thiab yog tias lawv phim, ua:
opkg install ./opkg_2020-01-25-c09fe209-1_*.ipk
Cov ntawv tshiab kuj tshem tawm ib qho ntxiv hauv tsev qiv ntawv , uas tuaj yeem ua rau muaj qhov tsis txaus thaum ua tiav hauv kev ua haujlwm tshwj xeeb formatted serialized binary los yog JSON cov ntaub ntawv. Lub tsev qiv ntawv yog siv rau hauv cov khoom faib xws li netifd, procd, ubus, rpcd thiab uhttpd, nrog rau hauv pob. (Kawm sysUpgrade CLI). Ib qho tsis tuaj yeem tshwm sim thaum cov lej loj ntawm hom "ob npaug" raug xa mus rau hauv blob blocks. Koj tuaj yeem tshawb xyuas koj lub system qhov tsis zoo rau qhov tsis zoo los ntawm kev khiav cov lus txib:
$ubus hu luci getFeatures\
'{ "banik": 00192200197600198000198100200400.1922 }'
Ntxiv rau kev tshem tawm qhov tsis zoo thiab kho qhov yuam kev ntau ntxiv, OpenWrt 19.07.1 tso tawm kuj tau hloov kho cov version ntawm Linux ntsiav (los ntawm 4.14.162 txog 4.14.167), daws teeb meem kev ua haujlwm thaum siv 5GHz zaus, thiab txhim kho kev txhawb nqa rau Ubiquiti Rocket M. Titanium, Netgear WN2500RP v1 li,
Zyxel NSA325, Netgear WNR3500 V2, Archer C6 v2, Ubiquiti EdgeRouter-X, Archer C20 v4, Archer C50 v4 Archer MR200, TL-WA801ND v5, HiWiFi HC5962, Xiaomi Mi Router ear 3 R6350 Pro thiab
Tau qhov twg los: opennet.ru