ProHoster > Блог > ozi ịntanetị > Nsogbu dị na dnsmasq Kwe ka DNS Cache Poisoning na Root Code Execution rụọ ọrụ

Nsogbu dị na dnsmasq Kwe ka DNS Cache Poisoning na Root Code Execution rụọ ọrụ

Achọpụtara adịghị ike isii na ngwugwu Dnsmasq, nke na-ejikọta ihe ngwọta DNS caching, sava DHCP, ọrụ mgbasa ozi ụzọ IPv6, na sistemụ buut netwọk. Njehie ndị a na-enye ohere maka mmejuputa koodu mgbọrọgwụ, ntụgharị ngalaba, nchọpụta ebe nchekwa usoro, na mkpọka ọrụ. A na-edozi nsogbu ndị a na dnsmasq 2.92rel2. A na-enwekwa ndozi dị ka patches.

Achọpụtara nsogbu ndị a:

  • CVE-2026-4892 bụ ihe nchekwa na-ejupụta na mmejuputa DHCPv6 nke na-enye onye na-awakpo nwere ohere ịnweta netwọkụ mpaghara ohere imezu koodu nwere ikike mgbọrọgwụ site na izipu ngwugwu DHCPv6 a haziri nke ọma. Mbelata ahụ na-eme n'ihi na edere DHCPv6 CLID na nchekwa ahụ n'echeghị na ngwugwu ahụ na-echekwa data ahụ na ndetu hexadecimal, nke na-eji bytes "%xx" atọ maka byte CLID ọ bụla n'ezie (dịka ọmụmaatụ, ịchekwa CLID 1000-byte ga-eme ka e dee byte 3000).
  • CVE-2026-2291 — Mbufe nchekwa na ọrụ extract_name() na-enye onye na-awakpo ohere itinye ndekọ adịgboroja na nchekwa DNS ma tụgharịa ngalaba gaa na adreesị IP dị iche. Mbufe ahụ mere n'ihi nkesa nchekwa nke na-enweghị ike ịgbanahụ mkpụrụedemede ụfọdụ n'ime nnọchite anya dị n'ime aha ngalaba na dnsmasq.
  • CVE-2026-4893 bụ ntapu ozi nke na-enye ohere ịgafe nkwenye DNS site na izipu ngwugwu DNS e mere nke ọma nke nwere ozi subnet onye ahịa (RFC 7871). Enwere ike iji adịghị ike a weghachite nzaghachi DNS ma bugharịa ndị ọrụ na ngalaba onye na-awakpo ahụ. A na-akpata adịghị ike a site na ịgafe ogologo ndekọ OPT na ọrụ check_source() kama ogologo ngwugwu, na-eme ka ọrụ ahụ weghachite nsonaazụ nkwenye na-aga nke ọma mgbe niile.
  • CVE-2026-4891 - Enweghị ike ịgụ ihe na-agabigaghị ókè na nkwenye DNSSEC na-ebute ntapu ebe nchekwa na nzaghachi mgbe a na-ahazi ajụjụ DNS emebere nke ọma.
  • CVE-2026-4890 – Usoro nkwado DNSSEC nwere ike ibute ịjụ ọrụ site na ngwugwu DNS emebere nke ọma.
  • CVE-2026-5172 - Ọgụgụ nke na-apụ n'anya na ọrụ extract_addresses() na-eduga na nsogbu mgbe a na-ahazi nzaghachi DNS emebere nke ọma.

Enwere ike inyocha ọnọdụ ndozi adịghị ike maka nkesa na peeji ndị a (ọ bụrụ na ibe adịghị, ndị mmepe nke nkesa amalitebeghị inyocha nsogbu ahụ): Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch, Fedora, OpenWRT, na FreeBSD. A na-eji ọrụ Dnsmasq na ikpo okwu Android na nkesa pụrụ iche dịka OpenWrt na DD-WRT, yana na firmware nke rawụta ikuku sitere na ọtụtụ ndị nrụpụta. Na nkesa ọkọlọtọ, enwere ike itinye Dnsmasq mgbe ị na-eji libvirt iji nye ọrụ DNS na igwe mebere emebere ma ọ bụ rụọ ọrụ na nhazi NetworkManager.

isi: opennet.ru

Zụta nnabata ntụkwasị obi maka saịtị nwere nchekwa DDoS, sava VPS VDS 🔥 Zụta ebe nrụọrụ weebụ a pụrụ ịtụkwasị obi na nchekwa DDoS, sava VPS VDS | ProHoster