FreeBSD nwere adịghị ike (CVE-2022-23093) na ngwa ping gụnyere na nkesa ntọala. Esemokwu a nwere ike bute mkpochapụ koodu dịpụrụ adịpụ dị ka mgbọrọgwụ mgbe ị na-atụgharị onye ọbịa mpụga nke onye mwakpo na-achịkwa. Atụpụtala ndozi na FreeBSD 13.1-RELEASE-p5, 12.4-RC2-p2 na 12.3-RELEASE-p10. Ma sistemụ BSD ndị ọzọ na-emetụta adịghị ike amatabeghị (netBSD, DragonFlyBSD na OpenBSD ka akọpụtabeghị).
Ihe kpatara adịghị ike ahụ bụ oke njupụta na koodu ntugharị maka ozi ICMP natara na nzaghachi arịrịọ nyocha. Koodu maka izipu na ịnata ozi ICMP na ping na-eji sọket raw wee gbuo ya site na ikike dị elu (ọrụ ahụ na-abịa na ọkọlọtọ mgbọrọgwụ setuid). A na-ahazi nzaghachi n'akụkụ ping site na mwughachi nke IP na ICMP nkụnye eji isi mee nke ngwugwu enwetara site na oghere raw. Ọrụ pr_pack() na-eṅomi IP na nkụnye eji isi mee ICMP n'ime ebe nchekwa, n'agbanyeghị eziokwu ahụ bụ na ndị nkụnye eji isi mee agbakwunyere nwere ike ịdị na ngwugwu ahụ mgbe isi IP gachara.
A na-ewepụta nkụnye eji isi mee ndị dị otú ahụ na ngwugwu ma tinye ya na ngọngọ nkụnye eji isi mee, mana anaghị echebara ya echiche mgbe ị na-agbakọ nha ihe nchekwa. Ọ bụrụ na onye ọbịa ahụ, na nzaghachi maka arịrịọ ICMP ezitere, weghachite otu ngwugwu nwere nkụnye eji isi mee ndị ọzọ, a ga-ede ọdịnaya ha na mpaghara dịpụrụ adịpụ ókèala nchekwa na ngwugwu ahụ. N'ihi ya, onye na-awakpo ahụ nwere ike idegharị ihe ruru 40 bytes nke data na nchịkọta, nwere ike ikwe ka e gbuo koodu ya. A na-ebelata ihe ize ndụ nke nsogbu ahụ site n'eziokwu ahụ bụ na n'oge ngosipụta nke njehie ahụ, usoro ahụ dị n'ọnọdụ dịpụrụ adịpụ nke oku usoro (ụdị ikike), nke na-eme ka o sie ike ịnweta usoro ndị ọzọ. mgbe emeri ihe adịghị ike.
isi: opennet.ru