teeb meem
Tus lej hu xov tooj string_interpret_escape() faib qhov tsis rau qhov ntws raws qhov loj me, thiab tus taw tes raug pom xaus rau hauv thaj chaw sab nraum qhov tsis muaj ciam teb. Raws li, thaum sim ua cov hlua nkag, qhov xwm txheej tshwm sim thaum nyeem cov ntaub ntawv los ntawm thaj chaw sab nraud ntawm qhov txwv tsis pub, thiab kev sim sau ib txoj hlua uas tsis tau txais kev cawmdim tuaj yeem ua rau kev sau ntawv dhau ntawm qhov tsis sib xws.
Nyob rau hauv lub neej ntawd configuration, qhov tsis zoo yuav raug siv los ntawm kev xa cov ntaub ntawv tsim tshwj xeeb rau SNI thaum tsim kom muaj kev ruaj ntseg txuas rau lub server. Qhov teeb meem kuj tuaj yeem raug siv los ntawm kev hloov kho peerdn qhov tseem ceeb hauv kev teeb tsa tau teeb tsa rau cov neeg siv khoom pov thawj authentication lossis thaum xa daim ntawv pov thawj. Kev tawm tsam ntawm SNI thiab peerdn tuaj yeem pib los ntawm kev tso tawm
Ib qho qauv siv tau raug npaj rau kev tawm tsam ntawm SNI, khiav ntawm i386 thiab amd64 architectures ntawm Linux systems nrog Glibc. Tus exploit siv cov ntaub ntawv overlay ntawm cheeb tsam heap, ua rau overwriting lub cim xeeb nyob rau hauv uas cov ntaub ntawv teev npe khaws cia. Cov ntaub ntawv npe hloov nrog "/../../../../../../../../etc/passwd". Tom ntej no, qhov sib txawv nrog tus xa qhov chaw nyob yog overwritten, uas yog thawj zaug tau txais kev cawmdim hauv lub cav, uas tso cai rau koj ntxiv tus neeg siv tshiab rau lub system.
Pob ntawv hloov tshiab nrog kev kho qhov tsis zoo tso tawm los ntawm kev faib khoom
Raws li kev daws teeb meem los thaiv qhov tsis zoo, koj tuaj yeem kaw TLS kev txhawb nqa lossis ntxiv
ACL seem βacl_smtp_mailβ:
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
Tau qhov twg los: opennet.ru