ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Vulnerability hauv FreeBSD ftpd uas tso cai rau hauv paus nkag thaum siv ftpchroot

Vulnerability hauv FreeBSD ftpd uas tso cai rau hauv paus nkag thaum siv ftpchroot

Hauv ftpd server muab nrog FreeBSD txheeb xyuas Qhov teeb meem tseem ceeb (CVE-2020-7468), tso cai rau cov neeg siv txwv rau lawv cov npe hauv tsev siv qhov kev xaiv ftpchroot kom tau txais kev nkag mus rau hauv paus tag nrho.

Qhov teeb meem yog tshwm sim los ntawm kev sib xyaw ua ke ntawm kab laum nyob rau hauv kev ua raws li tus neeg siv kev rho tawm mechanism siv chroot hu (yog hais tias tus txheej txheem ntawm kev hloov uid los yog executing chroot thiab chdir tsis ua hauj lwm, ib tug tsis ua hauj lwm yuam kev yog muab pov tseg uas tsis xaus qhov kev sib kho). thiab tso cai rau tus neeg siv qhov tseeb FTP cov cai txaus los hla txoj hauv paus kev txwv hauv cov ntaub ntawv kaw lus. Qhov tsis zoo tsis tshwm sim thaum nkag mus rau FTP server hauv hom tsis qhia npe lossis thaum tus neeg siv nkag mus rau hauv yam tsis muaj ftpchroot. Qhov teeb meem raug daws hauv qhov hloov tshiab 12.1-RELEASE-p10, 11.4-RELEASE-p4 thiab 11.3-RELEASE-p14.

Tsis tas li ntawd, peb tuaj yeem nco ntsoov tshem tawm peb qhov kev pheej hmoo ntxiv hauv 12.1-RELEASE-p10, 11.4-RELEASE-p4 thiab 11.3-RELEASE-p14:

  • CVE-2020-7467 - qhov tsis zoo nyob rau hauv Bhyve hypervisor, uas tso cai rau cov qhua tuaj yeem sau cov ntaub ntawv mus rau qhov chaw nco ntawm tus tswv tsev ib puag ncig thiab tau txais kev nkag mus rau tag nrho cov tswv tsev. Qhov teeb meem yog tshwm sim los ntawm qhov tsis muaj kev txwv tsis pub nkag mus rau cov lus qhia processor uas ua haujlwm nrog cov chaw nyob hauv lub cev, thiab tsuas yog tshwm sim ntawm cov kab ke nrog AMD CPUs.
  • CVE-2020-24718 - qhov tsis zoo nyob rau hauv Bhyve hypervisor uas tso cai rau tus neeg tawm tsam nrog cov cai hauv paus hauv ib puag ncig cais siv Bhyve los ua cov cai ntawm qib kernel. Qhov teeb meem yog tshwm sim los ntawm qhov tsis muaj kev txwv tsis pub nkag mus rau VMCS (Virtual Machine Control Structure) cov qauv ntawm cov tshuab nrog Intel CPUs thiab VMCB (Virtual
    Tshuab Tswj Thaiv) ntawm cov tshuab nrog AMD CPUs.

  • CVE-2020-7464 - muaj qhov tsis zoo nyob rau hauv tus neeg tsav tsheb ure (USB Ethernet Realtek RTL8152 thiab RTL8153), uas tso cai rau cov pob ntawv spoofing los ntawm lwm tus tswv lossis hloov cov pob ntawv rau hauv lwm VLANs los ntawm kev xa cov ncej loj (ntau dua 2048).

Tau qhov twg los: opennet.ru

Ntxiv ib saib