Qualys tuam txhab lwm qhov chaw taws teeb tseem ceeb heev (CVE-2020-8794) hauv mail server , tsim los ntawm OpenBSD qhov project. Zoo li ib qho uas tau txheeb xyuas thaum kawg Lub Ib Hlis , qhov teeb meem tshiab ua rau nws muaj peev xwm ua tau rau kev ua haujlwm ntawm lub plhaub arbitrary commands ntawm lub server nrog cov hauv paus neeg siv txoj cai. Qhov tsis zoo hauv qhov teeb meem .
Qhov teeb meem yog tshwm sim los ntawm kab laum nyob rau hauv cov cai uas xa cov ntawv xa mus rau cov chaw xa ntawv nyob deb (tsis yog nyob rau hauv cov cai uas tswj cov kev sib txuas nkag). Kev tawm tsam tuaj yeem ua tau ob qho tib si ntawm tus neeg siv khoom thiab sab server. Ntawm cov neeg siv khoom, qhov kev tawm tsam tuaj yeem ua tau nyob rau hauv lub neej ntawd teeb tsa ntawm OpenSMTPD, uas OpenSMTPD lees txais kev thov tsuas yog nyob rau hauv lub network sab hauv (localhost) thiab xa cov ntawv xa mus rau lwm cov servers. Txhawm rau siv qhov tsis zoo, nws yog qhov txaus, thaum lub sijhawm xa ntawv, OpenSMTPD tsim kev sib tham nrog tus xa ntawv xa ntawv tswj hwm los ntawm tus neeg tawm tsam, lossis tus neeg tawm tsam tuaj yeem nkag mus rau hauv kev sib txuas ntawm cov neeg siv khoom (MITM lossis xa rov qab thaum tawm tsam ntawm DNS lossis BGP. ).
Rau kev tawm tsam server-sab, OpenSMTPD yuav tsum tau teeb tsa kom tau txais kev thov sab nraud network los ntawm lwm lub chaw xa ntawv lossis ua haujlwm pabcuam thib peb uas tso cai rau koj xa daim ntawv thov mus rau email tsis txaus ntseeg (piv txwv li, chaw nyob daim ntawv lees paub ntawm cov vev xaib). Piv txwv li, tus neeg tawm tsam tuaj yeem txuas mus rau OpenSMTPD server thiab xa ib tsab ntawv tsis raug (rau tus neeg siv tsis muaj), uas yuav ua rau cov lus teb xa ib tsab ntawv nrog tus lej yuam kev (thaws) rau tus neeg tua neeg lub server. Tus neeg tawm tsam tuaj yeem siv qhov tsis zoo thaum OpenSMTPD txuas los xa cov ntawv ceeb toom rau tus neeg tua neeg lub server. Lub plhaub cov lus txib txhaj tshuaj thaum lub sijhawm tawm tsam tau muab tso rau hauv cov ntaub ntawv uas raug tua nrog cov cai hauv paus thaum OpenSTPD rov pib dua, yog li tus neeg tawm tsam yuav tsum tos OpenSMTPD rov pib dua lossis pib qhov kev sib tsoo ntawm OpenSMTPD kom ua tiav qhov kev tawm tsam.
Qhov teeb meem yog tam sim no nyob rau hauv lub mta_io() muaj nuj nqi nyob rau hauv cov cai rau parsing lub multiline teb rov qab los ntawm cov chaw taws teeb server tom qab ib tug kev twb kev txuas raug tsim (piv txwv li, "250-ENHANCEDSTATUSCODES" thiab "250 HELP"). OpenSMTPD suav tias thawj kab suav nrog peb tus lej thiab cov ntawv sib cais los ntawm "-" cim, thiab kab thib ob muaj peb tus lej thiab cov ntawv sib cais los ntawm qhov chaw. Yog tias tus lej peb tus lej tsis ua raws li qhov chaw thiab cov ntawv hauv kab thib ob, tus pointer siv los txhais cov ntawv yog teem rau byte tom qab tus cim '\0' thiab sim ua kom luam cov ntaub ntawv tom qab kawg. ntawm kab rau hauv qhov tsis.
Raws li qhov kev thov ntawm OpenBSD qhov project, kev tshaj tawm cov ntsiab lus hais txog kev ua haujlwm ntawm qhov muaj qhov tsis zoo tau ncua mus txog Lub Ob Hlis 26 kom tso cai rau cov neeg siv hloov kho lawv cov tshuab. Qhov teeb meem tau tshwm sim nyob rau hauv codebase txij li lub Kaum Ob Hlis 2015, tab sis kev siv ua ntej kev ua tiav code nrog cov cai hauv paus tau ua tau txij li lub Tsib Hlis 2018. Cov kws tshawb fawb tau npaj cov qauv ua haujlwm ntawm kev siv, uas tau ua tiav hauv OpenSTPD tsim rau OpenBSD 6.6, OpenBSD 5.9, Debian 10, Debian 11 (kev sim) thiab Fedora 31.
Hauv OpenSMTPD kuj Lwm qhov tsis zoo (CVE-2020-8793) uas tso cai rau tus neeg siv hauv zos nyeem thawj kab ntawm cov ntaub ntawv ntawm lub kaw lus. Piv txwv li, koj tuaj yeem nyeem thawj kab ntawm /etc/master.passwd, uas muaj cov neeg siv hauv paus tus password hash. Qhov tsis zoo kuj tseem tso cai rau koj nyeem tag nrho cov ntsiab lus ntawm cov ntaub ntawv muaj los ntawm lwm tus neeg siv yog tias cov ntaub ntawv no nyob hauv tib cov ntaub ntawv kaw lus raws li /var/spool/smtpd/ directory. Qhov teeb meem tsis yog siv tau rau ntau qhov kev faib tawm Linux qhov twg tus nqi ntawm /proc/sys/fs/protected_hardlinks yog teem rau 1.
Qhov teeb meem yog qhov tshwm sim ntawm kev tshem tawm tsis tiav , tau hais tawm thaum lub sijhawm kuaj xyuas los ntawm Qualys hauv 2015. Tus neeg tawm tsam tuaj yeem ua tiav nws txoj cai nrog txoj cai ntawm "_smtpq" pawg los ntawm kev teeb tsa "PATH =." hloov pauv. thiab muab ib tsab ntawv hu ua makemap rau hauv phau ntawv teev npe tam sim no (smtpctl utility run makemap yam tsis tau qhia meej txog txoj hauv kev). Los ntawm kev nkag mus rau "_smtpq" pawg, tus neeg tawm tsam tuaj yeem ua rau muaj kev sib tw (tsim cov ntaub ntawv loj hauv phau ntawv offline thiab xa SIGSTOP teeb liab) thiab, ua ntej ua tiav, hloov cov ntaub ntawv hauv offline directory nrog ib qho nyuaj. symlink taw tes rau lub hom phiaj cov ntaub ntawv uas nws cov ntsiab lus yuav tsum tau nyeem .
Nws yog ib qho tseem ceeb uas nyob rau hauv Fedora 31 qhov yooj yim tso cai rau koj tam sim ntawd tau txais cov cai ntawm pawg hauv paus, txij li cov txheej txheem smtpctl yog nruab nrog tus chij hauv paus setgid, tsis yog tus chij setgid smtpq. Los ntawm kev nkag mus rau hauv pawg hauv paus, koj tuaj yeem sau cov ntsiab lus ntawm /var/lib/sss/mc/passwd thiab tau txais kev nkag mus rau hauv paus tag nrho.
Tau qhov twg los: opennet.ru