ProHoster > ื‘ืœื•ื’ > ื—ื“ืฉื•ืช ื‘ืื™ื ื˜ืจื ื˜ > ืคื’ื™ืขื•ื™ื•ืช ื‘ืขืจื™ืžื•ืช Linux ื•- FreeBSD TCP ื”ืžื•ื‘ื™ืœื•ืช ืœืžื ื™ืขืช ืฉื™ืจื•ืช ืžืจื—ื•ืง

ืคื’ื™ืขื•ื™ื•ืช ื‘ืขืจื™ืžื•ืช Linux ื•- FreeBSD TCP ื”ืžื•ื‘ื™ืœื•ืช ืœืžื ื™ืขืช ืฉื™ืจื•ืช ืžืจื—ื•ืง

ื—ื‘ืจืช ื ื˜ืคืœื™ืงืก ื’ื™ืœื” ื›ืžื” ืงืจื™ื˜ื™ื™ื ืคื’ื™ืขื•ื™ื•ืช ื‘-Linux ื•- FreeBSD TCP ืขืจื™ืžื•ืช, ื”ืžืืคืฉืจื•ืช ืœืš ืœื™ื–ื•ื ืžืจื—ื•ืง ืงืจื™ืกืช ืœื™ื‘ื” ืื• ืœื’ืจื•ื ืœืฆืจื™ื›ืช ืžืฉืื‘ื™ื ืžื•ื’ื–ืžืช ื‘ืขืช ืขื™ื‘ื•ื“ ืžื ื•ืช TCP ืฉืชื•ื›ื ื ื• ื‘ืžื™ื•ื—ื“ (ื—ื‘ื™ืœืช-ืžื•ื•ืช). ื‘ืขื™ื•ืช ื ื’ืจื ืขืœ ื™ื“ื™ ืฉื’ื™ืื•ืช ื‘ืžื˜ืคืœื™ื ืขื‘ื•ืจ ื’ื•ื“ืœ ื‘ืœื•ืง ื”ื ืชื•ื ื™ื ื”ืžืงืกื™ืžืœื™ ื‘ื—ื‘ื™ืœืช TCP (MSS, Maximum segment size) ื•ื”ืžื ื’ื ื•ืŸ ืœืื™ืฉื•ืจ ืกืœืงื˜ื™ื‘ื™ ืฉืœ ื—ื™ื‘ื•ืจื™ื (SACK, TCP Selective Acknowledgement).

  • CVE-2019-11477 (SACK Panic) - ื‘ืขื™ื” ื”ืžื•ืคื™ืขื” ื‘ืœื™ื‘ืช ืœื™ื ื•ืงืก ื”ื—ืœ ืž-2.6.29 ื•ืžืืคืฉืจืช ืœื’ืจื•ื ืœื‘ื”ืœืช ืœื™ื‘ื” ืขืœ ื™ื“ื™ ืฉืœื™ื—ืช ืกื“ืจื” ืฉืœ ืžื ื•ืช SACK ืขืงื‘ ื”ืฆืคืช ืžืกืคืจื™ื ืฉืœืžื™ื ื‘ืžื˜ืคืœ. ื›ื“ื™ ืœืชืงื•ืฃ, ืžืกืคื™ืง ืœื”ื’ื“ื™ืจ ืืช ืขืจืš ื”-MSS ืขื‘ื•ืจ ื—ื™ื‘ื•ืจ TCP ืœ-48 ื‘ืชื™ื (ื”ื’ื‘ื•ืœ ื”ืชื—ืชื•ืŸ ืงื•ื‘ืข ืืช ื’ื•ื“ืœ ื”ืžืงื˜ืข ืœ-8 ื‘ืชื™ื) ื•ืœืฉืœื•ื— ืจืฆืฃ ืฉืœ ืžื ื•ืช SACK ืžืกื•ื“ืจื•ืช ื‘ืฆื•ืจื” ืžืกื•ื™ืžืช.

    ื›ืคืชืจื•ืŸ ืื‘ื˜ื—ื”, ืืชื” ื™ื›ื•ืœ ืœื”ืฉื‘ื™ืช ืืช ืขื™ื‘ื•ื“ SACK (ื›ืชื•ื‘ 0 ืœ-/proc/sys/net/ipv4/tcp_sack) ืื• ืœื—ืกื•ื ื—ื™ื‘ื•ืจื™ื ืขื MSS ื ืžื•ืš (ืขื•ื‘ื“ ืจืง ื›ืืฉืจ sysctl net.ipv4.tcp_mtu_probing ืžื•ื’ื“ืจ ืœ-0 ื•ืขืœื•ืœ ืœืฉื‘ืฉ ื›ืžื” ื—ื™ื‘ื•ืจื™ื ืจื’ื™ืœื™ื ืขื MSS ื ืžื•ืš);

  • CVE-2019-11478 (SACK Slowness) - ืžื•ื‘ื™ืœ ืœืฉื™ื‘ื•ืฉ ืžื ื’ื ื•ืŸ ื”-SACK (ื‘ืขืช ืฉื™ืžื•ืฉ ื‘ืœื™ื‘ืช ืœื™ื ื•ืงืก ืฆืขื™ืจื” ืž-4.15) ืื• ืœืฆืจื™ื›ืช ืžืฉืื‘ื™ื ืžื•ื’ื–ืžืช. ื”ื‘ืขื™ื” ืžืชืจื—ืฉืช ื‘ืขืช ืขื™ื‘ื•ื“ ืžื ื•ืช SACK ื‘ืขืœื•ืช ืžื‘ื ื” ืžื™ื•ื—ื“, ืฉื ื™ืชืŸ ืœื”ืฉืชืžืฉ ื‘ื”ืŸ ื›ื“ื™ ืœืคืฆืœ ืชื•ืจ ืฉื™ื“ื•ืจ ื—ื•ื–ืจ (ืฉื™ื“ื•ืจ ื—ื•ื–ืจ TCP). ื“ืจื›ื™ื ืœืขืงื™ืคืช ื”ืื‘ื˜ื—ื” ื“ื•ืžื•ืช ืœืคื’ื™ืขื•ืช ื”ืงื•ื“ืžืช;
  • CVE-2019-5599 (SACK Slowness) - ืžืืคืฉืจืช ืœื’ืจื•ื ืœืคื™ืฆื•ืœ ืฉืœ ืžืคืช ื”ื—ื‘ื™ืœื•ืช ืฉื ืฉืœื—ื• ื‘ืขืช ืขื™ื‘ื•ื“ ืจืฆืฃ SACK ืžื™ื•ื—ื“ ื‘ืชื•ืš ื—ื™ื‘ื•ืจ TCP ื‘ื•ื“ื“ ื•ืœื’ืจื•ื ืœื‘ื™ืฆื•ืข ืคืขื•ืœืช ืกืคื™ืจืช ืจืฉื™ืžื” ืขืชื™ืจืช ืžืฉืื‘ื™ื. ื”ื‘ืขื™ื” ืžื•ืคื™ืขื” ื‘-FreeBSD 12 ืขื ืžื ื’ื ื•ืŸ ื–ื™ื”ื•ื™ ืื•ื‘ื“ืŸ ืžื ื•ืช RACK. ื›ืคืชืจื•ืŸ ืขื•ืงืฃ, ืืชื” ื™ื›ื•ืœ ืœื”ืฉื‘ื™ืช ืืช ืžื•ื“ื•ืœ RACK;
  • CVE-2019-11479 - ืชื•ืงืฃ ื™ื›ื•ืœ ืœื’ืจื•ื ืœื’ืจืขื™ืŸ ื”ืœื™ื ื•ืงืก ืœืคืฆืœ ืชื’ื•ื‘ื•ืช ืœืžืกืคืจ ืžืงื˜ืขื™ TCP, ืฉื›ืœ ืื—ื“ ืžื”ื ืžื›ื™ืœ ืจืง 8 ื‘ืชื™ื ืฉืœ ื ืชื•ื ื™ื, ืžื” ืฉื™ื›ื•ืœ ืœื”ื•ื‘ื™ืœ ืœืขืœื™ื™ื” ืžืฉืžืขื•ืชื™ืช ื‘ืชืขื‘ื•ืจื”, ืœืขื•ืžืก ืžืขื‘ื“ ืžื•ื’ื‘ืจ ื•ืœืกืชื™ืžื” ืฉืœ ืขืจื•ืฅ ื”ืชืงืฉื•ืจืช. ื–ื” ืžื•ืžืœืฅ ื›ืคืชืจื•ืŸ ืขื•ืงืฃ ืœื”ื’ื ื”. ืœื—ืกื•ื ื—ื™ื‘ื•ืจื™ื ืขื MSS ื ืžื•ืš.

    ื‘ืœื™ื‘ืช ืœื™ื ื•ืงืก, ื”ื‘ืขื™ื•ืช ื ืคืชืจื• ื‘ืžื”ื“ื•ืจื•ืช 4.4.182, 4.9.182, 4.14.127, 4.19.52 ื•-5.1.11. ืชื™ืงื•ืŸ ืขื‘ื•ืจ FreeBSD ื–ืžื™ืŸ ื› ืชื™ืงื•ืŸ. ื‘ื”ืคืฆื•ืช, ืขื“ื›ื•ื ื™ื ืœื—ื‘ื™ืœื•ืช ืœื™ื‘ื” ื›ื‘ืจ ืฉื•ื—ืจืจื• ืขื‘ื•ืจ ื“ื‘ื™ืืŸ, ืจื”ืœ, SUSE/openSUSE. ืชื™ืงื•ืŸ ื‘ืžื”ืœืš ื”ื”ื›ื ื” ืื•ื‘ื•ื ื˜ื•, ืคื“ื•ืจื” ะธ Arch Linux.

    ืžืงื•ืจ: OpenNet.ru

    • ื”ื•ืกืคืช ืชื’ื•ื‘ื”