ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Cov ntsiab lus ntawm qhov tsis txaus ntseeg tseem ceeb hauv Exim tau nthuav tawm

Cov ntsiab lus ntawm qhov tsis txaus ntseeg tseem ceeb hauv Exim tau nthuav tawm

luam tawm kho qhov tso tawm Ib 4.92.2 nrog kev tshem tawm qhov tseem ceeb yooj yim (CVE-2019-15846), uas nyob rau hauv lub neej ntawd configuration tuaj yeem ua rau cov chaw taws teeb tswj kev ua haujlwm los ntawm tus neeg tawm tsam nrog cov cai hauv paus. Qhov teeb meem tsuas yog tshwm sim thaum TLS kev txhawb nqa tau qhib thiab raug siv los ntawm kev dhau daim ntawv pov thawj tus neeg siv khoom tshwj xeeb lossis hloov tus nqi rau SNI. Qhov tsis zoo txheeb xyuas los ntawm Qualys.

teeb meem tam sim no nyob rau hauv tus handler kom khiav cov cim tshwj xeeb hauv txoj hlua (string_interpret_escape() los ntawm string.c) thiab yog tshwm sim los ntawm tus cim '\' nyob rau qhov kawg ntawm txoj hlua raug txhais ua ntej tus cim null ('\ 0') thiab khiav tawm. Thaum khiav tawm, qhov sib lawv liag '\' thiab cov lej hauv qab no tsis muaj qhov kawg ntawm kab yog raug kho raws li ib tus cim thiab tus pointer raug hloov mus rau cov ntaub ntawv sab nraum kab, uas yog kho raws li txuas ntxiv ntawm kab.

Tus lej hu xov tooj string_interpret_escape() faib qhov tsis rau qhov ntws raws qhov loj me, thiab tus taw tes raug pom xaus rau hauv thaj chaw sab nraum qhov tsis muaj ciam teb. Raws li, thaum sim ua cov hlua nkag, qhov xwm txheej tshwm sim thaum nyeem cov ntaub ntawv los ntawm thaj chaw sab nraud ntawm qhov txwv tsis pub, thiab kev sim sau ib txoj hlua uas tsis tau txais kev cawmdim tuaj yeem ua rau kev sau ntawv dhau ntawm qhov tsis sib xws.

Nyob rau hauv lub neej ntawd configuration, qhov tsis zoo yuav raug siv los ntawm kev xa cov ntaub ntawv tsim tshwj xeeb rau SNI thaum tsim kom muaj kev ruaj ntseg txuas rau lub server. Qhov teeb meem kuj tuaj yeem raug siv los ntawm kev hloov kho peerdn qhov tseem ceeb hauv kev teeb tsa tau teeb tsa rau cov neeg siv khoom pov thawj authentication lossis thaum xa daim ntawv pov thawj. Kev tawm tsam ntawm SNI thiab peerdn tuaj yeem pib los ntawm kev tso tawm Ib 4.80, nyob rau hauv uas string_unprinting() muaj nuj nqi tau siv los unprint lub peerdn thiab SNI txheem.

Ib qho qauv siv tau raug npaj rau kev tawm tsam ntawm SNI, khiav ntawm i386 thiab amd64 architectures ntawm Linux systems nrog Glibc. Tus exploit siv cov ntaub ntawv overlay ntawm cheeb tsam heap, ua rau overwriting lub cim xeeb nyob rau hauv uas cov ntaub ntawv teev npe khaws cia. Cov ntaub ntawv npe hloov nrog "/../../../../../../../../etc/passwd". Tom ntej no, qhov sib txawv nrog tus xa qhov chaw nyob yog overwritten, uas yog thawj zaug tau txais kev cawmdim hauv lub cav, uas tso cai rau koj ntxiv tus neeg siv tshiab rau lub system.

Pob ntawv hloov tshiab nrog kev kho qhov tsis zoo tso tawm los ntawm kev faib khoom Debian, Ubuntu, Fedora, SUSE/openSUSE ΠΈ FreeBSD. RHEL thiab CentOS teeb meem tsis raug, txij li Exim tsis suav nrog hauv lawv cov pob khoom li niaj zaus (hauv COJ hloov tshiab twb tsim, tab sis tam sim no tsis muab tso rau mus rau lub chaw khaws ntaub ntawv pej xeem). Hauv Exim code qhov teeb meem yog kho nrog ib-liner thaj, uas cuam tshuam qhov kev khiav tawm ntawm cov backslash yog tias nws nyob ntawm qhov kawg ntawm kab.

Raws li kev daws teeb meem los thaiv qhov tsis zoo, koj tuaj yeem kaw TLS kev txhawb nqa lossis ntxiv
ACL seem β€œacl_smtp_mail”:

deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}

Tau qhov twg los: opennet.ru

Ntxiv ib saib