ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > StrongSwan IPsec tej thaj chaw deb code execution vulnerability

StrongSwan IPsec tej thaj chaw deb code execution vulnerability

strongSwan 5.9.10 yog tam sim no muaj, pob pub dawb rau tsim kev sib txuas VPN raws li IPSec raws tu qauv siv hauv Linux, Android, FreeBSD thiab macOS. Tus tshiab version tshem tawm qhov tsis zoo txaus ntshai (CVE-2023-26463) uas tuaj yeem siv los hla kev lees paub, tab sis kuj tseem tuaj yeem ua rau muaj kev ua txhaum cai ntawm tus neeg tawm tsam ntawm lub server lossis cov neeg siv khoom. Qhov teeb meem tshwm sim thaum siv tau daim ntawv pov thawj tsim tshwj xeeb hauv TLS-based EAP (Extensible Authentication Protocol) authentication method.

Qhov tsis zoo yog tshwm sim los ntawm TLS tus neeg tuav ntaub ntawv tsis raug lees txais pej xeem cov yuam sij los ntawm cov phooj ywg daim ntawv pov thawj, xav tias lawv ntseeg tau txawm tias daim ntawv pov thawj tsis tuaj yeem ua tiav. Tshwj xeeb, thaum hu rau tls_find_public_key() muaj nuj nqi, kev xaiv raws li hom tseem ceeb ntawm pej xeem yog siv los txiav txim seb daim ntawv pov thawj twg muaj kev ntseeg siab. Qhov teeb meem yog tias qhov sib txawv uas siv los txiav txim siab hom tseem ceeb rau kev ua haujlwm nrhiav tau teeb tsa lawm, txawm tias daim ntawv pov thawj tsis muaj kev ntseeg siab.

Tsis tas li ntawd, los ntawm kev tswj tus yuam sij, koj tuaj yeem txo cov neeg siv khoom siv (yog tias daim ntawv pov thawj tsis muaj kev ntseeg siab, kev siv rau cov khoom raug tso tawm tom qab txiav txim siab hom tus yuam sij) thiab tso lub cim xeeb rau cov khoom tseem siv nrog tus yuam sij. Qhov kev tsis txaus siab no tsis suav nrog kev tsim cov kev siv dag zog kom xau cov ntaub ntawv los ntawm lub cim xeeb thiab ua tiav cov cai cai.

Kev tawm tsam ntawm tus neeg rau zaub mov yog ua los ntawm tus neeg siv khoom xa daim ntawv pov thawj tus kheej kos npe los lees paub tus neeg siv khoom siv EAP-TLS, EAP-TTLS, EAP-PEAP thiab EAP-TNC txoj kev. Kev tawm tsam ntawm tus neeg siv khoom tuaj yeem ua tiav los ntawm tus neeg rau zaub mov xa rov qab daim ntawv pov thawj tsim tshwj xeeb. Qhov tsis zoo tshwm sim nyob rau hauv muaj zogSwan tso tawm 5.9.8 thiab 5.9.9. Kev tshaj tawm ntawm pob hloov tshiab hauv kev faib khoom tuaj yeem taug qab ntawm nplooj ntawv: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD, NetBSD.

Tau qhov twg los: opennet.ru

Ntxiv ib saib