ProHoster > Блог > ozi ịntanetị > Nkọwa nke adịghị ike dị oke egwu na Exim kpughere

Nkọwa nke adịghị ike dị oke egwu na Exim kpughere

bipụtara ntọhapụ mmezi Mwepu 4.92.2 na mkpochapụ dị egwu adịghị ike (CVE-2019-15846), nke na nhazi nke ndabara nwere ike iduga na mkpochapụ koodu dịpụrụ adịpụ site na onye na-awakpo nwere ikike mgbọrọgwụ. Nsogbu a na-apụta naanị mgbe agbanyere nkwado TLS ma na-erigbu ya site na ịnyefe asambodo ndị ahịa ahaziri ahazi ma ọ bụ uru gbanwere na SNI. adịghị ike mara nke Qualys dere.

nsogbu ugbu a n'ime onye njikwa maka ịgbanarị mkpụrụedemede pụrụ iche na eriri (string_interpret_escape() from string.c) ma kpatara ya site na agwa '\' dị na nsọtụ eriri a na-atụgharị ya n'ihu agwa efu ('\0') wee gbanarị ya. Mgbe ị na-agbapụ, a na-emeso usoro '\' na koodu njedebe njedebe efu dị ka otu agwa, a na-atụgharịkwa pointer na data n'èzí ahịrị, nke a na-ewere dị ka ihe na-aga n'ihu nke ahịrị.

The koodu na-akpọ string_interpret_escape() na-ekenye ihe nchekwa maka igbapu nke dabere na nha n'ezie, na pointer ekpughere na-ejedebe na mpaghara na-abụghị oke nchekwa. N'ihi ya, mgbe ị na-agbalị ịhazi eriri ntinye, ọnọdụ na-ebilite mgbe ị na-agụ data sitere na mpaghara dị n'èzí nke ebe nchekwa ekenyela, na ịnwa ịde eriri na-enweghị mgbapụ nwere ike iduga n'ịde ihe gafere oke nke nchekwa ahụ.

Na nhazi nke ndabara, enwere ike iji adịghị ike ahụ site na izipu data emebere pụrụ iche na SNI mgbe ị na-ewepụta njikọ echekwara na sava ahụ. Enwere ike irigbu okwu a site n'ịgbanwe ụkpụrụ peerdn na nhazi ahaziri maka njirimara asambodo ndị ahịa ma ọ bụ mgbe ị na-ebubata asambodo. Mwakpo sitere na SNI na peerdn ga-ekwe omume malite na ntọhapụ Mwepu 4.80, nke ejiri ọrụ string_unprinting() wepụ ihe dị n'ime ọgbọ na SNI.

A kwadebere ụdị nrigbu maka mbuso agha site na SNI, na-agba ọsọ na i386 na amd64 architectures na sistemụ Linux na Glibc. Nrigbu a na-eji data machie na mpaghara ikpo okwu, na-ebute idegharị ebe nchekwa ebe echekwara aha faịlụ ndekọ. A na-eji "/../../.../../../../../../etc/passwd" dochie aha faịlụ ahụ. Na-esote, a na-edegharị mgbanwe na adreesị onye na-ezipụ ya, nke a na-echekwa na mbụ na log, nke na-enye gị ohere itinye onye ọrụ ọhụrụ na usoro ahụ.

Mmelite ngwugwu nwere ndozi adịghị ike nke nkesa weputara Debian, Ubuntu, Fedora, SUSE/mepeeSUSE и FreeBSD. Nsogbu RHEL na CentOS ọ bụghị susceptible, ebe ọ bụ na Exim adịghị etinye n'ime ebe nchekwa ngwugwu ha mgbe niile (na EPEL melite ama kpụrụ, ma ugbu a etinyeghị ya gaa na ebe nchekwa ọha). Na koodu Exim, a na-edozi nsogbu ahụ site na iji otu-liner kwachie, nke na-egbochi mmetụta mgbapụ nke azụ azụ ma ọ bụrụ na ọ bụ na njedebe nke ahịrị.

Dị ka ihe na-arụ ọrụ iji gbochie adịghị ike ahụ, ị ​​nwere ike gbanyụọ nkwado TLS ma ọ bụ tinye
Ngalaba ACL "acl_smtp_mail":

deny condition = ${if eq{\}{${substr{-1}{1}{$tls_in_sni}}}}
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}

isi: opennet.ru

Tinye a comment