N'ime ngwugwu TCP/IP nke nwe ya , na-erigbu site na izipu ngwugwu ahaziri ahazi. Enyerela adịghị ike ndị ahụ aha koodu . Ụfọdụ adịghị ike na-apụtakwa na nchịkọta KASAGO TCP/IP sitere na Zuken Elmic (Elmic Systems), nke nwere mgbọrọgwụ na Treck. A na-eji stack Treck eme ihe n'ọtụtụ ụlọ ọrụ mmepụta ihe, ahụike, nkwukọrịta, agbakwunyere na ngwaọrụ ndị na-azụ ahịa (site na oriọna smart ruo na ndị na-ebi akwụkwọ na ọkụ na-adịghị akwụsị akwụsị), yana ike, njem, ụgbọ elu, azụmahịa na akụrụngwa mmepụta mmanụ.
Ebumnuche mbuso agha ama ama site na iji Treck's TCP/IP stack gụnyere ndị nbipute netwọkụ HP na ibe Intel. Tinyere ihe ndị ọzọ, nsogbu dị na Treck TCP/IP stack tụgharịrị bụrụ ihe kpatara nso nso a na Intel AMT na ISM subsystems, arụ ọrụ site na izipu ngwugwu netwọk. Ndị nrụpụta Intel, HP, Hewlett Packard Enterprise, Baxter, Caterpillar, Digi, Rockwell Automation na Schneider Electric kwadoro ọnụnọ nke adịghị ike. Ọzọ
, onye ngwaahịa ya na-eji Treck's TCP/IP stack, azabeghị nsogbu ndị ahụ. Ndị na-emepụta 5, gụnyere AMD, kwuru na ngwaahịa ha adịghị enwe nsogbu.
Achọpụtara nsogbu na ntinye nke IPv4, IPv6, UDP, DNS, DHCP, TCP, ICMPv4 na ARP protocol, ma kpatara ya site na nhazi ezighi ezi nke oke nha data (iji mpaghara nha na-enweghị ịlele nha data n'ezie), njehie dị na ya. ịlele ozi ntinye, ntọhapụ nke ebe nchekwa okpukpu abụọ, agụ na-enweghị nchekwa, integer juputara, njikwa ohere na-ezighi ezi, yana nsogbu ijikwa eriri enweghị oke.
Nsogbu abụọ kachasị dị ize ndụ (CVE-2020-11896, CVE-2020-11897), nke ekenyela ọkwa CVSS 10, na-enye ohere ka emebie koodu na ngwaọrụ site na izipu ngwugwu IPv4/UDP ma ọ bụ IPv6 ahaziri nke ọma. Nsogbu mbụ dị oke egwu pụtara na ngwaọrụ nwere nkwado maka ọwara IPv4, na nke abụọ na nsụgharị ewepụtara tupu 04.06.2009/6/9 na nkwado IPv2020. Ihe ọghọm ọzọ dị oke egwu (CVSS 11901) dị na onye na-edozi DNS (CVE-XNUMX-XNUMX) ma na-enye ohere igbu koodu site na izipu arịrịọ DNS emepụtara pụrụ iche (a na-eji nsogbu ahụ gosipụta hacking nke Schneider Electric APC UPS wee gosipụta na ngwaọrụ nwere. Nkwado DNS).
Ihe ọghọm ndị ọzọ CVE-2020-11898, CVE-2020-11899, CVE-2020-11902, CVE-2020-11903, CVE-2020-11905 ekwe ka ọdịnaya nke IPv4/ICMPv4, IPv6/ICMPv4Over ma ọ bụ DHCPv kpughere,6Over na-eziga ebe nchekwa usoro ngwugwu ahaziri ahazi. Nsogbu ndị ọzọ nwere ike bute ịgọnarị ọrụ ma ọ bụ mwepu nke data fọdụrụ site na nchekwa sistemu.
A na-edozi ọtụtụ n'ime adịghị ike na Treck 6.0.1.67 (CVE-2020-11897 na-edozi na 5.0.1.35, CVE-2020-11900 na 6.0.1.41, CVE-2020-11903 na 6.0.1.28-2020 na CVE na 11908-4.7.1.27. 20. 6). Ebe ọ bụ na ịkwado mmelite firmware maka ngwaọrụ ndị akọwapụtara nwere ike igbu oge ma ọ bụ agaghị ekwe omume (nchịkọta Treck dị maka ihe karịrị afọ 4, ọtụtụ ngwaọrụ na-anọgide na-echekwa ma ọ bụ na-esiri ike imelite), a na-adụ ndị nchịkwa ọdụ ka ha kewapụ ngwaọrụ nwere nsogbu na ịhazi usoro nyocha ngwugwu, firewalls. ma ọ bụ ndị na-anya ụgbọ njem iji dozie ma ọ bụ gbochie ngwugwu ndị ekewapụrụ ekewa, gbochie ọwara IP (IPv6-in-IPvXNUMX na IP-in-IP), gbochie "ụzọ ntụgharị", mee ka nyocha nke nhọrọ ezighi ezi na ngwugwu TCP, gbochie ozi njikwa ICMP na-ejighị ya (MTU Update na Ihe mkpuchi adreesị), gbanyụọ IPVXNUMX multicast na redirect ajụjụ DNS na sava DNS recursive echedoro.
isi: opennet.ru