ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Vulnerability nyob rau hauv Linux kernel network pawg

Vulnerability nyob rau hauv Linux kernel network pawg

Ib qho kev tsis haum xeeb tau raug txheeb xyuas nyob rau hauv cov cai ntawm TCP-based RDS raws tu qauv handler (Reliable Datagram Socket, net/rds/tcp.c) (CVE-2019-11815), uas tuaj yeem ua rau nkag mus rau thaj chaw nco tau tso tseg thiab tsis kam lees txais kev pabcuam (tej zaum, qhov muaj peev xwm ntawm kev siv qhov teeb meem los teeb tsa cov lej ua tiav tsis suav nrog). Qhov teeb meem yog tshwm sim los ntawm kev sib tw kis las uas tuaj yeem tshwm sim thaum ua tiav rds_tcp_kill_sock muaj nuj nqi thaum tshem cov sockets rau lub network namespace.

Nyob rau hauv specification NVD qhov teeb meem yog cim raws li remotely exploitable nyob rau hauv lub network, tab sis txiav txim los ntawm cov lus piav qhia txhim kho, tsis muaj ib lub zos nyob rau hauv lub system thiab manipulation ntawm namespaces, nws yuav tsis muaj peev xwm mus npaj ib tug nres remotely. Tshwj xeeb, raws li lub tswv yim SUSE cov neeg tsim khoom, qhov tsis muaj peev xwm tsuas yog siv hauv zos xwb; kev teeb tsa kev tawm tsam yog qhov nyuaj heev thiab xav tau cov cai ntxiv hauv lub cev. Yog hais tias nyob rau hauv NVD qhov kev txaus ntshai yog ntsuas ntawm 9.3 (CVSS v2) thiab 8.1 (CVSS v2) cov ntsiab lus, ces raws li SUSE ntsuam xyuas qhov txaus ntshai yog ntsuas ntawm 6.4 ntsiab lus ntawm 10.

Ubuntu cov neeg sawv cev kuj txaus siab qhov txaus ntshai ntawm qhov teeb meem yog suav tias yog nruab nrab. Nyob rau tib lub sijhawm, raws li CVSS v3.0 qhov tshwj xeeb, qhov teeb meem raug xa mus rau theem siab ntawm kev tawm tsam nyuaj thiab kev siv tau tsuas yog muab 2.2 cov ntsiab lus ntawm 10.

Kev txiav txim los ntawm qhia los ntawm Cisco, qhov tsis zoo yog siv los ntawm kev xa TCP pob ntawv mus rau kev pabcuam network ua haujlwm RDS thiab twb muaj ib tug qauv ntawm kev siv. Qhov ntev npaum li cas cov ntaub ntawv no sib haum rau qhov tseeb tseem tsis tau meej; tej zaum daim ntawv tshaj tawm tsuas yog kos duab kos duab NVD cov kev xav. Los ntawm cov ntaub ntawv Lub VulDB exploit tseem tsis tau tsim thiab qhov teeb meem tsuas yog siv hauv zos xwb.

Qhov teeb meem tshwm sim hauv cov ntsiav ua ntej 5.0.8 thiab raug thaiv los ntawm Lub Peb Hlis kho, suav nrog hauv kernel 5.0.8. Hauv kev faib khoom feem ntau qhov teeb meem tseem tsis tau daws (Debian, RHEL, Ubuntu, SUSE). Qhov kho tau raug tso tawm rau SLE12 SP3, openSUSE 42.3 thiab Fedora.

Tau qhov twg los: opennet.ru

Ntxiv ib saib