E wepụtara ụdị nkesa OpenWrt 18.06.7 и 19.07.1, nke a na-agbazi ya adịghị ike CVE-2020-7982 na njikwa ngwugwu opkg, nke enwere ike iji mee mwakpo MITM wee dochie ọdịnaya nke ngwugwu ebudatara na ebe nchekwa. N'ihi njehie dị na koodu nkwenye checksum, onye na-awakpo ahụ nwere ike ileghara SHA-256 checksums si na ngwugwu ahụ, nke mere ka o kwe omume ịgafe usoro maka ịlele iguzosi ike n'ezi ihe nke akụrụngwa IPk ebudatara.
Nsogbu a adịla kemgbe Febụwarị 2017, ka agbakwunyere koodu na-eleghara oghere ndị na-eduga n'ihu checksum. N'ihi njehie mgbe ị na-awụgharị oghere, atụgharịghị ihe nrịbama na ọnọdụ dị n'ahịrị yana SHA-256 hexadecimal sequence decoding loop weghachiri njikwa ozugbo wee weghachi akara nlele nke ogologo efu.
N'ihi eziokwu ahụ bụ na ewepụtara onye njikwa ngwugwu opkg dị ka mgbọrọgwụ, onye na-awakpo nwere ike ịgbanwe ọdịnaya dị na ngwugwu IPk n'oge ọgụ MITM, ebudatara na ebe nchekwa mgbe onye ọrụ na-emezu iwu "opkg install", wee hazie koodu ya. A ga-egbu ya na mgbọrọgwụ ikike site n'ịgbakwunye script nke onye njikwa gị na ngwugwu, nke a na-akpọ n'oge ntinye. Iji jiri adịghị ike eme ihe, onye na-awakpo ahụ ga-ehichapụkwa ndepụta ngwugwu (dịka ọmụmaatụ, site na downloads.openwrt.org). Nha ngwungwu emezigharịrị ga-adakọrịrị nke mbụ sitere na ndeksi.
Ụdị ọhụrụ na-ewepụkwa otu ọzọ adịghị ike n'ọbá akwụkwọ libubox, nke nwere ike iduga njupụta njupụta mgbe ị na-ahazi ọnụọgụ abụọ ahaziri ahazi nke ahaziri iche ma ọ bụ data JSON na ọrụ blobmsg_format_json.
isi: linux.org.ru