Ebipụtala nkesa OpenWrt mmezi и , nke a na-ekpochapụ ya (CVE-2020-7982) na njikwa ngwugwu , nke na-enye gị ohere ịme mwakpo MITM ma dochie ọdịnaya nke ngwugwu ebudatara na ebe nchekwa. N'ihi njehie dị na koodu nkwenye checksum, onye na-awakpo nwere ike ịmepụta ọnọdụ nke a ga-eleghara SHA-256 checksums dị na ntinye aka na ntinye aka dijitalụ, nke na-eme ka o kwe omume ịgafe usoro maka ịlele iguzosi ike n'ezi ihe nke ihe ipk ebudatara.
Nsogbu a na-apụta kemgbe February 2017, ka emechara koodu ileghara ndị na-eduga oghere n'ihu checksum. N'ihi njehie mgbe ị na-awụgharị oghere, atụgharịghị ihe nrịbama na ọnọdụ dị n'ahịrị yana SHA-256 hexadecimal sequence decoding loop weghachiri njikwa ozugbo wee weghachi akara nlele nke ogologo efu.
Ebe ọ bụ na ejiri ikike mgbọrọgwụ malite onye njikwa ngwugwu opkg na OpenWrt, ọ bụrụ na mwakpo MITM, onye na-awakpo nwere ike jiri nwayọ mee mgbanwe na ngwugwu ipk ebudatara na ebe nchekwa ebe onye ọrụ na-emezu iwu “opkg install” ma hazie ya. ogbugbu nke koodu ya na ikike mgbọrọgwụ site n'ịgbakwunye script nke onye njikwa gị na ngwugwu, nke a na-akpọ n'oge echichi. Iji jiri adịghị ike ahụ eme ihe, onye na-awakpo ahụ aghaghịkwa ịhazi maka nnọchi nke ndeksi ngwungwu ziri ezi yana bịanyere aka na ya (dịka ọmụmaatụ, ewepụtara na downloads.openwrt.org). Nha nke ngwungwu emezigharịrị ga-adakọrịrị na nha izizi akọwapụtara na ndeksi.
N'ọnọdụ ebe ịkwesịrị ime na-enweghị imelite ngwa ngwa niile, ị nwere ike imelite naanị njikwa ngwugwu opkg site na ịme iwu ndị a:
cd / tmp
imelite opkg
opkg budata okg
zcat ./opkg-lists/openwrt_base | grep -A10 "Ngwugwu: opkg" | grep SHA256
sha256sum ./opkg_2020-01-25-c09fe209-1_*.ipk
Na-esote, tulee ndenye ego egosiri ma ọ bụrụ na ha dabara, mee:
opkg install ./opkg_2020-01-25-c09fe209-1_*.ipk
Ụdị ọhụrụ na-ewepụkwa otu ọzọ n'ọbá akwụkwọ , nke nwere ike iduga njupụta nke ihe nchekwa mgbe ejiri ya rụọ ọrụ ọnụọgụ abụọ serialized nke ọma ma ọ bụ data JSON. A na-eji ọba akwụkwọ ahụ na mpaghara nkesa dị ka netifd, procd, ubus, rpcd na uhttpd, yana na ngwugwu. (Gaa sysUpgrade CLI). Ihe njupụta na-eme mgbe nnukwu njirimara ọnụọgụgụ nke ụdị "okpukpu abụọ" na-ebufe na blob blocks. Ị nwere ike ịlele adịghị ike nke sistemu gị na adịghị ike site na iji iwu a:
$ubus na-akpọ luci getFeatures\
'{"banik": 00192200197600198000198100200400.1922 }'
Na mgbakwunye na iwepụ adịghị ike na mezie mmejọ ekpokọbara, ntọhapụ OpenWrt 19.07.1 mekwara ụdị nke Linux kernel (site na 4.14.162 ruo 4.14.167), dozie nsogbu arụmọrụ mgbe ị na-eji ugboro 5GHz, yana nkwado dị mma maka Ubiquiti Rocket M. Titanium, Netgear WN2500RP v1 ngwaọrụ,
Zyxel NSA325, Netgear WNR3500 V2, Archer C6 v2, Ubiquiti EdgeRouter-X, Archer C20 v4, Archer C50 v4 Archer MR200, TL-WA801ND v5, HiWiFi HC5962, Xiaomi Mi Router 3 Pro na Netgear R6350.
isi: opennet.ru