Qhov tsis zoo uas cuam tshuam txog kev ua tsis raug ntawm IP chaw nyob nrog tus lej octal hauv chaw nyob parsing functions tau raug txheeb xyuas hauv cov tsev qiv ntawv qauv ntawm Rust thiab Go hom lus. Qhov tsis zoo ua rau nws muaj peev xwm hla kev txheeb xyuas qhov chaw nyob siv tau hauv cov ntawv thov, piv txwv li, txhawm rau txhim kho kev nkag mus rau qhov chaw nyob ntawm qhov chaw nyob (127.xxx) lossis intranet subnets thaum ua tawm SSRF (Server-side request forgery) tawm tsam. Cov kev tsis zoo no txuas ntxiv lub voj voog ntawm cov teeb meem yav dhau los tau txheeb xyuas hauv cov tsev qiv ntawv node-netmask (JavaScript, CVE-2021-28918, CVE-2021-29418), private-ip (JavaScript, CVE-2020-28360), ipaddress (Python, CVE- 2021-29921), Cov ntaub ntawv::Validate::IP (Perl, CVE-2021-29662) thiab Net::Netmask (Perl, CVE-2021-29424).
Raws li qhov tshwj xeeb, IP chaw nyob hlua tus nqi pib nrog xoom yuav tsum tau txhais raws li tus lej octal, tab sis ntau lub tsev qiv ntawv tsis suav qhov no rau hauv tus account thiab tsuas yog muab pov tseg rau xoom, kho tus nqi raws li tus lej lej. Piv txwv li, tus naj npawb 0177 hauv octal yog sib npaug rau 127 hauv kaum. Tus neeg tawm tsam tuaj yeem thov cov peev txheej los ntawm kev qhia tus nqi "0177.0.0.1", uas nyob rau hauv cov lej lej sib raug rau "127.0.0.1". Yog tias siv lub tsev qiv ntawv muaj teeb meem, daim ntawv thov yuav tsis pom tias qhov chaw nyob 0177.0.0.1 yog nyob rau hauv subnet 127.0.0.1/8, tab sis qhov tseeb, thaum xa daim ntawv thov, nws tuaj yeem nkag mus rau qhov chaw nyob "0177.0.0.1", uas lub network functions yuav ua raws li 127.0.0.1. Nyob rau hauv ib txoj kev zoo sib xws, koj tuaj yeem dag qhov kev nkag mus rau intranet chaw nyob los ntawm kev qhia qhov tseem ceeb xws li "012.0.0.1" (sib npaug rau "10.0.0.1").
Hauv Rust, tus qauv tsev qiv ntawv "std::net" tau cuam tshuam los ntawm qhov teeb meem (CVE-2021-29922). Tus IP chaw nyob parser ntawm lub tsev qiv ntawv no muab pov tseg xoom ua ntej qhov tseem ceeb hauv qhov chaw nyob, tab sis tsuas yog tias tsis muaj ntau tshaj peb tus lej tau teev tseg, piv txwv li, "0177.0.0.1" yuav raug pom tias yog tus nqi tsis raug, thiab qhov tshwm sim tsis raug. yuav rov qab teb rau 010.8.8.8 thiab 127.0.026.1 . Cov ntawv thov uas siv std::net::IpAddr thaum txheeb xyuas cov neeg siv cov chaw nyob muaj feem cuam tshuam rau SSRF (Server-side thov kev yuam cai), RFI (Chaw Taws Teeb Cov Ntaub Ntawv suav nrog) thiab LFI (Local File Inclusion) tawm tsam. Qhov tsis zoo tau raug kho hauv Rust 1.53.0 ceg.
Hauv Go, tus qauv tsev qiv ntawv "net" cuam tshuam (CVE-2021-29923). Lub net.ParseCIDR built-in muaj nuj nqi hla kev xoom ua ntej octal tooj es tsis txhob ua lawv. Piv txwv li, tus neeg tawm tsam tuaj yeem hla tus nqi 00000177.0.0.1, uas, thaum kuaj xyuas hauv net.ParseCIDR(00000177.0.0.1/24) muaj nuj nqi, yuav raug parsed li 177.0.0.1/24, thiab tsis yog 127.0.0.1/24. Qhov teeb meem kuj tshwm sim nws tus kheej hauv Kubernetes platform. Qhov tsis zoo yog kho hauv Go tso 1.16.3 thiab beta 1.17.
Tau qhov twg los: opennet.ru