Qualys pom ib txoj hauv kev los hla malloc thiab kev tiv thaiv ob-dawb los pib kev hloov pauv ntawm kev tswj hwm rau cov lej siv qhov tsis zoo hauv OpenSSH 9.1 uas tau txiav txim siab tias muaj kev pheej hmoo tsawg ntawm kev tsim kev ua haujlwm. Nyob rau tib lub sijhawm, qhov muaj peev xwm ntawm kev tsim kom muaj kev ua haujlwm ua haujlwm tseem yog cov lus nug loj.
Qhov tsis zoo yog tshwm sim los ntawm kev lees paub ua ntej ob npaug dawb. Txhawm rau tsim cov xwm txheej rau qhov tsis muaj peev xwm tshwm sim, nws txaus los hloov SSH tus neeg siv banner rau "SSH-2.0-FuTTYSH_9.1p1" (lossis lwm tus neeg siv SSH qub) txhawm rau teeb tsa "SSH_BUG_CURVE25519PAD" thiab "SSH_OLD_DHGEX" chij. Tom qab teeb tsa cov chij no, lub cim xeeb rau "options.kex_algorithms" tsis pub dhau ob zaug.
Cov kws tshawb fawb los ntawm Qualys, thaum tswj hwm qhov tsis zoo, muaj peev xwm tau txais kev tswj hwm ntawm "% rip" processor sau npe, uas muaj tus taw qhia rau cov lus qhia tom ntej kom ua tiav. Cov txheej txheem tsim kev siv dag zog tso cai rau koj hloov pauv kev tswj mus rau ib qho chaw nyob hauv qhov chaw nyob ntawm cov txheej txheem sshd hauv qhov tsis hloov kho OpenBSD 7.2 ib puag ncig, muab los ntawm lub neej ntawd nrog OpenSSH 9.1.
Nws tau raug sau tseg tias cov qauv tsim tawm yog kev siv tsuas yog thawj theem ntawm kev tawm tsam - los tsim kev siv ua haujlwm, nws yog ib qho tsim nyog yuav tsum hla lub ASLR, NX thiab ROP cov txheej txheem tiv thaiv, thiab khiav tawm sandbox cais, uas tsis zoo li. Txhawm rau daws qhov teeb meem ntawm kev hla ASLR, NX thiab ROP, nws yog ib qho tsim nyog yuav tsum tau txais cov ntaub ntawv hais txog chaw nyob, uas tuaj yeem ua tiav los ntawm kev txheeb xyuas lwm qhov tsis zoo uas ua rau cov ntaub ntawv xau. Kab laum hauv cov txheej txheem niam txiv muaj cai lossis cov ntsiav tuaj yeem pab tawm ntawm sandbox.
Tau qhov twg los: opennet.ru