ã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã«å¯Ÿãã KRACK æ»æã®äœæè ã§ãã Mathy Vanhoef ã¯ãããŸããŸãªã¯ã€ã€ã¬ã¹ ããã€ã¹ã«åœ±é¿ãäžãã 12 件ã®è匱æ§ã«é¢ããæ å ±ãå ¬éããŸããã ç¹å®ãããåé¡ã¯ã³ãŒãå Frag Attacks ã§ç€ºãããŠããã䜿çšäžã®ã»ãŒãã¹ãŠã®ã¯ã€ã€ã¬ã¹ ã«ãŒããšã¢ã¯ã»ã¹ ãã€ã³ãã察象ãšããŠããŸãããã¹ãããã 75 å°ã®ããã€ã¹ã®ãã¡ããããããææ¡ãããæ»ææ¹æ³ã®å°ãªããšã XNUMX ã€ã«å¯ŸããŠåœ±é¿ãåããããã£ãã§ãã
åé¡ã¯ 3 ã€ã®ã«ããŽãªã«åé¡ãããŸãã802.11 ã€ã®è匱æ§ã¯ Wi-Fi æšæºã§çŽæ¥ç¹å®ãããçŸåšã® IEEE 1997 æšæºããµããŒããããã¹ãŠã®ããã€ã¹ã察象ãšããŠããŸã (åé¡ã¯ 9 幎ãã远跡ãããŠããŸã)ã 3 件ã®è匱æ§ã¯ãã¯ã€ã€ã¬ã¹ ã¹ã¿ãã¯ã®ç¹å®ã®å®è£ ã«ããããšã©ãŒãšæ¬ é¥ã«é¢é£ããŠããŸãã æšæºã®æ¬ é¥ã«å¯Ÿããçµç¹çãªæ»æã«ã¯ã被害è ã«ããç¹å®ã®èšå®ã®ååšãŸãã¯ç¹å®ã®ã¢ã¯ã·ã§ã³ã®å®è¡ãå¿ èŠãšãªããããäž»ãªå±éºã¯ XNUMX çªç®ã®ã«ããŽãªã§è¡šãããŸãã WPAXNUMX ã䜿çšããå Žåãå«ããWi-Fi ã»ãã¥ãªãã£ã確ä¿ããããã«äœ¿çšããããããã³ã«ã«é¢ä¿ãªãããã¹ãŠã®è匱æ§ãçºçããŸãã
ç¹å®ãããæ»ææ¹æ³ã®ã»ãšãã©ã¯ãæ»æè ãä¿è·ããããããã¯ãŒã¯å 㧠L2 ãã¬ãŒã ã眮ãæããããšãå¯èœã«ããŠãããããã«ãã被害è ã®ãã©ãã£ãã¯ã«äŸµå ¥ããããšãå¯èœã«ãªããŸãã æãçŸå®çãªæ»æã·ããªãªã¯ãDNS å¿çãã¹ããŒãã£ã³ã°ããŠãŠãŒã¶ãŒãæ»æè ã®ãã¹ââãã«èªå°ããããšã§ãã ãŸããè匱æ§ãå©çšããŠã¯ã€ã€ã¬ã¹ ã«ãŒã¿ãŒã®ã¢ãã¬ã¹å€ææ©èœããã€ãã¹ããããŒã«ã« ãããã¯ãŒã¯äžã®ããã€ã¹ãžã®çŽæ¥ã¢ã¯ã»ã¹ãçµç¹ãããããã¡ã€ã¢ãŠã©ãŒã«ã®å¶éãç¡èŠãããããäŸã瀺ãããŠããŸãã è匱æ§ã® XNUMX çªç®ã®éšåã¯æçåããããã¬ãŒã ã®åŠçã«é¢é£ããŠãããç¡ç·ãããã¯ãŒã¯äžã®ãã©ãã£ãã¯ã«é¢ããããŒã¿ãæœåºããæå·åããã«éä¿¡ããããŠãŒã¶ãŒ ããŒã¿ãååããããšãå¯èœã«ãªããŸãã
ç 究è ã¯ãæå·åãªãã§HTTPçµç±ã§ãµã€ãã«ã¢ã¯ã»ã¹ããéã«ãè匱æ§ãæªçšããŠéä¿¡ããããã¹ã¯ãŒããååããæ¹æ³ããWi-Fiçµç±ã§å¶åŸ¡ãããã¹ããŒããœã±ãããæ»æãããããèžã¿å°ãšããŠæ»æãç¶ç¶ããæ¹æ³ã瀺ããã¢ãçšæãããæªä¿®æ£ã®è匱æ§ãæã€ããŒã«ã« ãããã¯ãŒã¯äžã®æªæŽæ°ã®ããã€ã¹äžã§ã®æ»æïŒããšãã°ãå éšãããã¯ãŒã¯äžã® Windows 7 ãæèŒããæªæŽæ°ã®ã³ã³ãã¥ãŒã¿ã NAT ãã©ããŒãµã«çµç±ã§æ»æããå¯èœæ§ããããŸãïŒã
ãã®è匱æ§ãæªçšããã«ã¯ãæ»æè ãã¿ãŒã²ããã®ç¡ç·ããã€ã¹ã®ç¯å²å ã«ããŠãç¹å¥ã«äœæããããã¬ãŒã ã®ã»ããã被害è ã«éä¿¡ããå¿ èŠããããŸãã ãã®åé¡ã¯ãã¢ã¯ã»ã¹ ãã€ã³ããš Wi-Fi ã«ãŒã¿ãŒã ãã§ãªããã¯ã©ã€ã¢ã³ã ããã€ã¹ãšã¯ã€ã€ã¬ã¹ ã«ãŒãã®äž¡æ¹ã«ã圱é¿ããŸãã äžè¬ã«ãHTTPS ããDNS over TLS ãŸã㯠DNS over HTTPS ã䜿çšãã DNS ãã©ãã£ãã¯ã®æå·åãšçµã¿åãããŠäœ¿çšââããããšã§ãååãªåé¿çãšãªããŸãã VPN ã®äœ¿çšãä¿è·ã«é©ããŠããŸãã
æãå±éºãªã®ã¯ãç¡ç·ããã€ã¹ã®å®è£ ã«ããã XNUMX ã€ã®è匱æ§ã§ãç°¡åãªæ¹æ³ã§æå·åãããŠããªããã¬ãŒã ã眮ãæããããšãã§ããŸãã
- èåŒ±æ§ CVE-2020-26140 ããã³ CVE-2020-26143 ã«ãããLinuxãWindowsãããã³ FreeBSD äžã®äžéšã®ã¢ã¯ã»ã¹ ãã€ã³ãããã³ã¯ã€ã€ã¬ã¹ ã«ãŒãã§ãã¬ãŒã 眮æãå¯èœã«ãªããŸãã
- èåŒ±æ§ VE-2020-26145 ã«ãããmacOSãiOSãFreeBSDãNetBSD äžã§æå·åãããŠããªããããŒããã£ã¹ã ãã©ã°ã¡ã³ãããã« ãã¬ãŒã ãšããŠåŠçãããå¯èœæ§ããããŸãã
- èåŒ±æ§ CVE-2020-26144 ã«ãããHuawei Y6ãNexus 5XãFreeBSDãããã³ LANCOM AP 㧠EtherType EAPOL ã䜿çšããæå·åãããŠããªãåçµã¿ç«ãŠããã A-MSDU ãã¬ãŒã ã®åŠçãå¯èœã«ãªããŸãã
å®è£ ã«ããããã®ä»ã®è匱æ§ã¯äž»ã«ãæçåããããã¬ãŒã ãåŠçãããšãã«çºçããåé¡ã«é¢é£ããŠããŸãã
- CVE-2020-26139: èªèšŒãããŠããªãéä¿¡è ã«ãã£ãŠéä¿¡ããã EAPOL ãã©ã°ãæã€ãã¬ãŒã ã®ãªãã€ã¬ã¯ããèš±å¯ããŸã (2/4 ã®ä¿¡é Œãããã¢ã¯ã»ã¹ ãã€ã³ããããã³ NetBSD ããã³ FreeBSD ããŒã¹ã®ãœãªã¥ãŒã·ã§ã³ã«åœ±é¿ããŸã)ã
- CVE-2020-26146: ã·ãŒã±ã³ã¹çªå·ã®é åºã確èªããã«ãæå·åããããã©ã°ã¡ã³ãã®åæ§ç¯ãèš±å¯ããŸãã
- CVE-2020-26147: æå·åããããã©ã°ã¡ã³ããšæå·åãããŠããªããã©ã°ã¡ã³ããæ··åšããåã¢ã»ã³ããªãèš±å¯ããŸãã
- CVE-2020-26142: æçåããããã¬ãŒã ãå®å šãªãã¬ãŒã ãšããŠæ±ãããšãã§ããŸã (OpenBSD ããã³ ESP12-F ã¯ã€ã€ã¬ã¹ ã¢ãžã¥ãŒã«ã«åœ±é¿ããŸã)ã
- CVE-2020-26141: æçåããããã¬ãŒã ã® TKIP MIC ãã§ãã¯ãæ¬ èœããŠããŸãã
ä»æ§ã®åé¡:
- CVE-2020-24588 - éçŽãã¬ãŒã ã«å¯Ÿããæ»æ (ãéçŽãããŠããããã©ã°ã¯ä¿è·ãããŠããããWPAãWPA2ãWPA3ãWEP ã® A-MSDU ãã¬ãŒã ã§æ»æè
ã«ãã£ãŠçœ®ãæããããå¯èœæ§ããããŸã)ã 䜿çšãããæ»æã®äŸãšããŠã¯ããŠãŒã¶ãŒãæªæã®ãã DNS ãµãŒããŒãŸã㯠NAT ãã©ããŒãµã«ã«ãªãã€ã¬ã¯ãããããšãæããããŸãã
- CVE-2020-245870 ã¯ãããŒæ··åæ»æ (WPAãWPA2ãWPA3ãWEP ã®ç°ãªãããŒã䜿çšããŠæå·åããããã©ã°ã¡ã³ãã®åæ§ç¯ãå¯èœã«ãã) ã§ãã ãã®æ»æã«ãããã¯ã©ã€ã¢ã³ãããéä¿¡ãããããŒã¿ãç¹å®ã§ããŸããããšãã°ãHTTP çµç±ã§ã¢ã¯ã»ã¹ããå Žåã« Cookie ã®å
容ãç¹å®ã§ããŸãã
- CVE-2020-24586 ã¯ããã©ã°ã¡ã³ã ãã£ãã·ã¥ã«å¯Ÿããæ»æã§ã (WPAãWPA2ãWPA3ãWEP ã察象ãšããæšæºã§ã¯ããããã¯ãŒã¯ãžã®æ°èŠæ¥ç¶åŸã«ãã£ãã·ã¥ã«æ¢ã«ååšããŠãããã©ã°ã¡ã³ããåé€ããå¿
èŠã¯ãããŸãã)ã ã¯ã©ã€ã¢ã³ãããéä¿¡ãããããŒã¿ãå€æããèªåã®ããŒã¿ã眮ãæããããšãã§ããŸãã
ããã€ã¹ã®åé¡ã®åœ±é¿ã®çšåºŠããã¹ãããããã«ãç¹å¥ãªããŒã«ããããšãèµ·åå¯èœãª USB ãã©ã€ããäœæããããã®æ¢è£œã® Live ã€ã¡ãŒãžãçšæãããŠããŸãã Linux ã§ã¯ãmac80211 ã¯ã€ã€ã¬ã¹ ã¡ãã·ã¥ãåã ã®ã¯ã€ã€ã¬ã¹ ãã©ã€ããŒãããã³ã¯ã€ã€ã¬ã¹ ã«ãŒãã«ããŒããããŠãããã¡ãŒã ãŠã§ã¢ã«åé¡ãçºçããŸãã ãã®è匱æ§ãæé€ããããã«ãmac80211 ã¹ã¿ãã¯ãš ath10k/ath11k ãã©ã€ããŒãã«ããŒããäžé£ã®ããããææ¡ãããŠããŸãã Intel ã¯ã€ã€ã¬ã¹ ã«ãŒããªã©ã®äžéšã®ããã€ã¹ã§ã¯ãè¿œå ã®ãã¡ãŒã ãŠã§ã¢ã®ã¢ããããŒããå¿ èŠã§ãã
å žåçãªããã€ã¹ã®ãã¹ã:
Linux ããã³ Windows ã§ã®ã¯ã€ã€ã¬ã¹ ã«ãŒãã®ãã¹ã:
FreeBSD ããã³ NetBSD ã§ã®ã¯ã€ã€ã¬ã¹ ã«ãŒãã®ãã¹ã:
ã¡ãŒã«ãŒã«ã¯9ãæåã«åé¡ãéç¥ãããŠããã ãã®ãããªé·ãçŠèŒžæéã¯ãICASI ããã³ Wi-Fi Alliance çµç¹ã«ããã¢ããããŒãã®èª¿æŽãããæºåãšãä»æ§å€æŽã®æºåã®é ãã«ãã£ãŠèª¬æãããŸãã åœåã¯9æ19æ¥ã«æ å ±å ¬éããäºå®ã ã£ããããªã¹ã¯ãæ¯èŒããçµæãå€æŽå 容ãéèŠã§ããããšãèæ ®ãããããã®æºåã«æéã確ä¿ãããããããã«XNUMXãæå ¬éã延æããããšã決å®ãããæ°åã³ãããŠã€ã«ã¹ææçã®ãã³ãããã¯ã«ãã£ãŠçããå°é£ã«ã€ããŠã
泚ç®ã«å€ããã®ã¯ãçŠèŒžæªçœ®ã«ãããããããMicrosoftãXNUMXæã®Windowsã¢ããããŒãã§äºå®ããæ©ãããã€ãã®è匱æ§ãä¿®æ£ããããšã ã æ
å ±å
¬éã¯åœåã®äºå®æ¥ãã XNUMX é±éåã«å»¶æãããŸããããMicrosoft ã«ã¯æéããªãã£ãããäºå®ãããŠããã¢ããããŒããå
¬éã§ããç¶æ
ã«å€æŽããããšãæãŸãªãã£ããããæ»æè
ã次ã®æ
å ±ãå
¥æã§ããå¯èœæ§ããã£ããããä»ã®ã·ã¹ãã ã®ãŠãŒã¶ãŒã«è
åšãçããŸãããã¢ããããŒãã®å
容ããªããŒã¹ãšã³ãžãã¢ãªã³ã°ããŠè匱æ§ãçºèŠããŸãã
åºæïŒ ãªãŒãã³ããã.ru