ProHoster > Блог > ozi ịntanetị > Adịghị ike na ngwugwu IPv6 nke Linux kernel na-enye ohere igbu koodu dịpụrụ adịpụ

Adịghị ike na ngwugwu IPv6 nke Linux kernel na-enye ohere igbu koodu dịpụrụ adịpụ

Ekwuwapụtala ozi gbasara adịghị ike CVE-2023-6200) na nchịkọta netwọkụ nke Linux kernel, nke, n'ọnọdụ ụfọdụ, na-enye ohere ka onye mwakpo sitere na netwọkụ mpaghara nweta mmezu nke koodu ya site na izipu ngwugwu ICMPv6 emebere nke ọma na ya. ozi RA (Router Advertisement) ezubere iji kpọsaa ozi gbasara rawụta.

Enwere ike iji ya mee ihe naanị site na netwọk mpaghara wee pụta na sistemụ na nkwado IPv6 na-enyere aka na sysctl parameter "net.ipv6.conf.<network_interface_name>.accept_ra" arụ ọrụ (nwere ike ịlele ya na iwu "sysctl net.ipv6.conf". | grep accept_ra"), nke nwere nkwarụ na ndabara na RHEL na Ubuntu maka ntanetị netwọkụ mpụga, mana enyere ya aka maka loopback interface, nke na-enye ohere mbuso agha sitere na otu sistemụ.

Ọdịiche agbụrụ na-ebute adịghị ike ahụ mgbe onye na-achịkọta ihe mkpofu na-ahazi ndekọ ndekọ fib6_info, nke nwere ike iduga na mpaghara ebe nchekwa a tọhapụrụlarị (eji-enweghị ya). Mgbe ị na-enweta ngwugwu ICMPv6 nwere ozi mgbasa ozi rawụta (RA, Mgbasa ozi Router), nchịkọta netwọk na-akpọ ọrụ ndisc_router_discovery (), nke, ọ bụrụ na ozi RA nwere ozi gbasara ụzọ ndụ ndụ, na-akpọ ọrụ fib6_set_expires () wee jupụta gc_link. nhazi. Iji hichaa ndenye ochie, jiri ọrụ fib6_clean_expires(), nke na-ewepụ ntinye na gc_link wee kpochapụ ebe nchekwa nke usoro fib6_info ji. N'okwu a, enwere oge mgbe ahapụlarị ebe nchekwa maka usoro fib6_info, mana njikọ ya na-aga n'ihu na-adị na nhazi gc_link.

Ihe ọghọm ahụ pụtara na-amalite site na alaka ụlọ ọrụ 6.6 wee dozie ya na ụdị 6.6.9 na 6.7. Enwere ike ịlele ọkwa nke idozi adịghị ike na nkesa na ibe ndị a: Debian, Ubuntu, SUSE, RHEL, Fedora, Arch Linux, Gentoo, Slackware. N'ime nkesa nke na-ebufe ngwugwu na kernel 6.6, anyị nwere ike ịhụ Arch Linux, Gentoo, Fedora, Slackware, OpenMandriva na Manjaro; na nkesa ndị ọzọ, ọ ga-ekwe omume na mgbanwe ahụ nwere njehie na-alaghachi na ngwugwu nwere alaka kernel ochie (maka ọmụmaatụ, na Debian ekwuru na ngwugwu nwere kernel 6.5.13 adịghị ike, ebe mgbanwe nsogbu pụtara na alaka 6.6). Dịka nchekwa nchekwa, ị nwere ike gbanyụọ IPv6 ma ọ bụ tọọ paramita “net.ipv0.conf.*.accept_ra” ka ọ bụrụ 6.

isi: opennet.ru

Tinye a comment