ProHoster > Блог > ozi ịntanetị > Adịghị ike na-erigbu na FreeBSD

Adịghị ike na-erigbu na FreeBSD

Na FreeBSD kpochapuru adịghị ike ise, gụnyere okwu ndị nwere ike iduga na ịdegharị data ọkwa kernel mgbe ha na-eziga ụfọdụ ngwugwu netwọk ma ọ bụ kwe ka onye ọrụ mpaghara gbasaa ohere ha. Edobere adịghị ike na mmelite 12.1-RELEASE-p5 na 11.3-RELEASE-p9.

Ihe ọghọm kachasị dị ize ndụ (CVE-2020-7454) na-ebute ya site na enweghị nyocha nha nha nke ọma n'ọbá akwụkwọ liblias mgbe ị na-atụgharị akwụkwọ nkụnye eji isi mee ihe. A na-eji ọba akwụkwọ liblias na nzacha ipfw maka ntụgharị asụsụ yana gụnye ọrụ ọkọlọtọ maka dochie adreesị na ngwugwu IP na usoro ntughari. Ọdịmma ahụ na-enye ohere, site na izipu ngwugwu netwọk ahaziri ahazi, ịgụ ma ọ bụ dee data na mpaghara ebe nchekwa kernel (mgbe ị na-eji mmejuputa NAT na kernel) ma ọ bụ hazie.
natd (ma ọ bụrụ na-eji oghere onye ọrụ NAT mmejuputa iwu). Okwu a anaghị emetụta nhazi NAT wuru site na iji pf na ipf packet filter, ma ọ bụ nhazi ipfw na-adịghị eji NAT.

Ihe ọghọm ndị ọzọ:

  • CVE-2020-7455 - adịghị ike ọzọ dịpụrụ adịpụ na libalias metụtara mgbako ogologo ngwugwu ezighi ezi na onye njikwa FTP. Nsogbu a bụ naanị ịwụsa ọdịnaya nke data ole na ole sitere na ebe nchekwa kernel ma ọ bụ usoro natd.
  • CVE-2019-15879 - adịghị ike na modul cryptodev kpatara site na ịnweta ebe nchekwa ahapụlarị ya (eji ya emechara n'efu), na ikwe ka usoro enweghị ohere idegharị ebe nchekwa kernel na-enweghị isi. Dị ka ihe na-arụ ọrụ maka igbochi adịghị ike, a na-atụ aro ka ị budata modul cryptodev na iwu "kldunload cryptodev" ma ọ bụrụ na ejiri ya (cryptdev anaghị ebu ya na ndabara). Modul cryptodev na-enye ngwa onye ọrụ ohere ịnweta / dev/crypto interface iji nweta arụmọrụ ngwa ngwa ngwa ngwa cryptographic (/dev/crypto anaghị eji AES-NI na OpenSSL).
  • CVE-2019-15880 - adịghị ike nke abụọ na cryptodev, nke na-enye ohere onye ọrụ na-enweghị ohere ịmalite kernel okuku site na izipu arịrịọ iji rụọ ọrụ cryptographic na MAC na-ezighi ezi. Ihe kpatara nsogbu a bụ enweghị ịlele nha igodo MAC mgbe ị na-ekenye ihe nchekwa iji chekwaa ya (emepụtara ihe nchekwa ahụ dabere na data nha nke onye ọrụ nyere, na-enweghị ịlele nha n'ezie).
  • CVE-2019-15878 - adịghị ike na mmejuputa usoro SCTP (Stream Control Transmission Protocol) kpatara site na nkwenye na-ezighi ezi nke igodo nkekọrịta nke SCTP-AUTH ndọtị na-eji iji chọpụta usoro SCTP. Ngwa mpaghara nwere ike imelite igodo site na Socket API ka ọ na-akwụsị njikọ SCTP n'otu oge, nke ga-eduga na ịnweta ebe ebe nchekwa ahapụlarị (eji ya emechaa n'efu).

isi: opennet.ru

Tinye a comment