ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Kev siv qhov tsis zoo nyob deb ntawm FreeBSD

Kev siv qhov tsis zoo nyob deb ntawm FreeBSD

Hauv FreeBSD tshem tawm tsib qhov tsis zoo, suav nrog cov teeb meem uas tuaj yeem ua rau cov ntaub ntawv qib-qib sau dua thaum xa cov pob ntawv network lossis tso cai rau tus neeg siv hauv zos nce lawv cov cai. Cov qhov tsis zoo tau raug kho nyob rau hauv qhov hloov tshiab 12.1-RELEASE-p5 thiab 11.3-RELEASE-p9.

Qhov kev pheej hmoo txaus ntshai tshaj plaws (CVE-2020-7454) yog tshwm sim los ntawm qhov tsis muaj kev kuaj xyuas pob ntawv zoo hauv lub tsev qiv ntawv libalias thaum parsing raws tu qauv tshwj xeeb headers. Lub tsev qiv ntawv libalias yog siv nyob rau hauv ipfw pob ntawv lim rau qhov chaw nyob txhais lus thiab suav nrog cov qauv ua haujlwm rau kev hloov chaw nyob hauv IP pob ntawv thiab cais cov txheej txheem. Qhov tsis zoo tso cai, los ntawm kev xa cov pob ntawv tsim tshwj xeeb hauv network, nyeem lossis sau cov ntaub ntawv hauv thaj chaw nco nco (thaum siv NAT kev siv hauv cov ntsiav) lossis txheej txheem
natd (yog tias siv qhov chaw siv NAT siv). Qhov teeb meem tsis cuam tshuam rau NAT configurations tsim siv pf thiab ipf packet filters, los yog ipfw configurations uas tsis siv NAT.

Lwm qhov tsis zoo:

  • CVE-2020-7455 - lwm qhov kev siv tsis raug nyob rau hauv qhov tsis zoo hauv libalias muaj feem xyuam nrog kev suav tsis raug ntawm pob ntawv ntev hauv FTP handler. Qhov teeb meem yog txwv rau kev xau cov ntsiab lus ntawm ob peb bytes ntawm cov ntaub ntawv los ntawm lub cim xeeb hauv cheeb tsam lossis natd txheej txheem.
  • CVE-2019-15879 - qhov muaj qhov tsis zoo hauv cryptodev module tshwm sim los ntawm kev nkag mus rau thaj chaw nco tau tso tseg (siv-tom qab-dawb), thiab tso cai rau cov txheej txheem tsis tsim nyog los sau cov cheeb tsam tsis txaus ntseeg ntawm cov cim nco. Raws li kev ua haujlwm rau kev thaiv qhov tsis zoo, nws raug nquahu kom tshem tawm cryptodev module nrog "kldunload cryptodev" hais kom ua yog tias nws tau thauj khoom (cryptdev tsis thauj khoom los ntawm lub neej ntawd). Lub cryptodev module muab cov neeg siv qhov chaw siv nrog kev nkag mus rau /dev/crypto interface kom nkag mus rau hardware-accelerated cryptographic ua haujlwm (/dev/crypto tsis siv hauv AES-NI thiab OpenSSL).
  • CVE-2019-15880 - qhov yooj yim thib ob hauv cryptodev, uas tso cai rau tus neeg siv tsis tau txais txiaj ntsig los pib lub pob tawg los ntawm kev xa daim ntawv thov ua haujlwm cryptographic nrog MAC tsis raug. Qhov teeb meem yog tshwm sim los ntawm qhov tsis muaj kev tshuaj xyuas qhov loj ntawm MAC tus yuam sij thaum faib ib qho tsis tuaj yeem khaws cia (qhov tsis yog tsim los ntawm cov neeg siv khoom siv cov ntaub ntawv loj, yam tsis tau kuaj xyuas qhov loj me).
  • CVE-2019-15878 - muaj qhov tsis zoo hauv kev ua raws li SCTP (kwj Tswj Kev Sib Txuas Lus Sib Tham) raws tu qauv tshwm sim los ntawm kev txheeb xyuas tsis raug ntawm cov yuam sij sib koom siv los ntawm SCTP-AUTH txuas ntxiv mus rau qhov tseeb SCTP cov kab ke. Ib daim ntawv thov hauv zos tuaj yeem hloov kho tus yuam sij ntawm Socket API thaum tib lub sijhawm txiav tawm SCTP kev sib txuas, uas yuav ua rau nkag mus rau thaj chaw nco tau tso tseg (siv-tom qab-dawb).

Tau qhov twg los: opennet.ru

Ntxiv ib saib