Cov ntaub ntawv tau tshaj tawm txog qhov tsis muaj peev xwm CVE-2023-6200) hauv pawg network ntawm Linux ntsiav, uas, nyob rau hauv qee qhov xwm txheej, tso cai rau tus neeg tawm tsam los ntawm lub network hauv zos kom ua tiav nws txoj cai los ntawm kev xa ib pob ntawv tshwj xeeb tsim ICMPv6 nrog. ib qho RA (Router Advertisement) cov lus npaj los tshaj tawm cov ntaub ntawv hais txog lub router.
Qhov tsis muaj peev xwm tsuas yog siv tau los ntawm lub network hauv zos thiab tshwm sim ntawm cov tshuab nrog IPv6 kev txhawb nqa tau qhib thiab sysctl parameter "net.ipv6.conf. <network_interface_name>.accept_ra" nquag (tuaj yeem tshawb xyuas nrog cov lus txib "sysctl net.ipv6.conf | grep accept_ra") , uas yog neeg xiam oob qhab los ntawm lub neej ntawd hauv RHEL thiab Ubuntu rau sab nraud network interfaces, tab sis tau qhib rau lub loopback interface, uas tso cai rau kev tawm tsam los ntawm tib lub cev.
Qhov tsis muaj zog yog tshwm sim los ntawm kev sib tw thaum tus neeg khaws khib nyiab ua cov ntaub ntawv tsis raug fib6_info, uas tuaj yeem ua rau nkag mus rau thaj chaw nco tau tso tseg (siv-tom qab-dawb). Thaum tau txais ICMPv6 pob ntawv nrog cov lus tshaj tawm router (RA, Router Advertisement), pawg network hu rau ndisc_router_discovery() muaj nuj nqi, uas, yog tias cov lus RA muaj cov ntaub ntawv hais txog txoj kev ua neej, hu rau fib6_set_expires() muaj nuj nqi thiab sau rau gc_link. qauv. Txhawm rau ntxuav cov ntaub ntawv tsis siv, siv fib6_clean_expires() muaj nuj nqi, uas tshem tawm qhov nkag hauv gc_link thiab tshem tawm lub cim xeeb siv los ntawm fib6_info qauv. Hauv qhov no, muaj qee lub sijhawm thaum lub cim xeeb rau cov qauv fib6_info twb tau tso tawm, tab sis qhov txuas mus rau nws tseem nyob hauv gc_link qauv.
Qhov teeb meem tshwm sim pib los ntawm ceg 6.6 thiab tau kho nyob rau hauv versions 6.6.9 thiab 6.7. Cov xwm txheej ntawm kev kho qhov tsis zoo hauv kev faib khoom tuaj yeem soj ntsuam ntawm cov nplooj ntawv no: Debian, Ubuntu, SUSE, RHEL, Fedora, Arch Linux, Gentoo, Slackware. Ntawm cov kev faib khoom uas thauj cov pob khoom nrog 6.6 kernel, peb tuaj yeem nco ntsoov Arch Linux, Gentoo, Fedora, Slackware, OpenMandriva thiab Manjaro; hauv lwm qhov kev faib tawm, nws muaj peev xwm hais tias qhov kev hloov pauv nrog qhov yuam kev yog rov qab mus rau hauv pob khoom nrog cov ceg ntoo qub (rau Piv txwv li, hauv Debian nws tau hais tias pob nrog ntsiav 6.5.13 yog qhov yooj yim, thaum qhov teeb meem hloov pauv tshwm sim hauv 6.6 ceg). Raws li kev ruaj ntseg workaround, koj tuaj yeem lov tes taw IPv6 lossis teeb tsa "net.ipv0.conf.*.accept_ra" tsis mus rau 6.
Tau qhov twg los: opennet.ru