Kua kitea nga whakaraeraetanga i roto i nga kete tuwhera IWD (Intel inet Wireless Daemon) me te wpa_supplicant, i whakamahia hei whakarite i te hononga o nga punaha Linux kiritaki ki te whatunga ahokore, e arai ana ki te karo i nga tikanga motuhēhēnga:
- I roto i te IWD, ka puta noa te whakaraeraetanga (CVE-2023-52161) ina whakahohea te aratau tohu uru, ehara i te mea mo te IWD, e whakamahia ana hei hono atu ki nga whatunga ahokore. Ko te whakaraeraetanga ka taea e koe te hono atu ki tetahi waahi uru i hangaia me te kore e mohio ki te kupuhipa, hei tauira, i te wa e whakaratohia ana e te kaiwhakamahi te kaha ki te uru atu ki te whatunga ma o raatau taputapu (Hotspot). Ka whakatauhia te raru i roto i te putanga IWD 2.14.
Ko te whakaraeraetanga na te kore e tirotiro tika i te raupapa o nga kaupae katoa i roto i te whiriwhiringa hongere korero 4-taahiraa i whakamahia i te wa tuatahi e hono ana ki tetahi whatunga ahokore haumaru. Na te mea ka whakaae a IWD i nga karere mo nga waahanga o te whiriwhiringa hononga me te kore e tirotirohia kua oti ranei te waahanga o mua, ka taea e te kaiwhaiwhai te karo i te tuku karere o te waahanga tuarua ka tukuna tonu he karere mo te tuawha o nga waahanga ka uru ki te whatunga. , mokowhiti i te atamira e tirohia ai te motuhēhēnga.
I tenei take, ka ngana a IWD ki te manatoko i te MIC (Karere Integrity Code) waehere mo te karere tuawha-waahanga kua riro. I te mea karekau i tae mai te karere atamira tuarua me nga tawhā motuhēhēnga, i te wa e tukatuka ana i te karere atamira tuawha, ka tautuhia te matua PTK (Pairwise Transient Key) ki te kore. No reira, ka taea e te kaitawhai te tatau i te MIC ma te whakamahi i te PTK kore, ka whakaaehia e te IWD tenei waehere whakamana. I muri i te whakaotinga o tenei whiriwhiringa hononga wahanga, ka whai waahi katoa te kaitukino ki te whatunga ahokore, na te mea ka riro i te waahi uru nga papa ka tukuna, ka whakamunatia ki te matua PTK kore.
- Ko tetahi take i tautuhia i roto i te wpa_supplicant (CVE-2023-52160) ka taea e te kaitukino te kukume i tetahi kaiwhakamahi ki roto i te whatunga ahokore tito noa, ko te kohanga o te whatunga e hiahia ana te kaiwhakamahi ki te hono atu. Mena ka hono tetahi kaiwhakamahi ki te whatunga rūpahu, ka taea e te kaitukino te whakarite i te haukoti o te waka whakawhiti kore whakamuna a te kaiwhakamahi (hei tauira, te uru ki nga waahi kaore he HTTPS).
Na te koha o te whakatinanatanga o te kawa PEAP (Protected Extensible Authentication Protocol), ka taea e te kaitukino te peke i te waahanga tuarua o te motuhēhēnga ina hono ana i tetahi taputapu kaiwhakamahi kua he te whirihora. Ma te maataki i te waahanga tuarua o te whakamotuhēhēnga ka taea e te kaitukino te hanga i tetahi karaka rūpahu o te whatunga Wi-Fi pono ka tuku i te kaiwhakamahi ki te hono atu ki te whatunga rūpahu me te kore e tirohia te kupuhipa.
Kia pai ai te whakahaere i te whakaekenga i roto i te wpa_supplicant, me whakakorehia te manatokonga o te tiwhikete TLS a te tūmau i te taha o te kaiwhakamahi, me mohio te kaitukino ki te tohu whatunga ahokore (SSID, Tautuhi Tautuhi Ratonga). I tenei take, me noho te kaitukino i roto i te awhe o te urutau ahokore a te tangata kua paheke, engari kei waho o te waahi uru o te whatunga ahokore kua kati. Ka taea te whakaeke i nga whatunga me te WPA2-Enterprise, WPA3-Enterprise ranei e whakamahi ana i te kawa PEAP.
I kii nga kaiwhakawhanake wpa_supplicant kaore ratou i te whakaaro he whakaraerae te take, na te mea ka puta noa i runga i nga whatunga ahokore kua pai te whirihora e whakamahi ana i te whakamotuhēhēnga EAP me te PEAP (EAP-TTLS) me te kore e manatoko i te tiwhikete TLS o te tūmau. Ko nga whirihoranga kaore he tiwhikete tiwhikete kaore e parea ki nga whakaeke kaha. Ko te hunga i kite i te whakaraeraetanga e kii ana he mea noa, he horapa noa enei whirihoranga he, he maha nga taputapu kaihoko Linux, Android me te Chrome OS e whakahaere ana i te wpa_supplicant.
Hei aukati i te raru i roto i te wpa_supplicant, kua tukuna he papaki e taapiri ana i te aratau mo te tuku whakahau mo te waahanga tuarua o te whakamotuhēhēnga, hei taapiri atu ki te tirotiro i te tiwhikete TLS. E ai ki nga kaiwhakawhanake, ko te whakarereketanga e whakaarohia ana he mahi whakararu i nga whakaeke i te wa e whakamahi ana i te whakamotuhēhēnga ā-ringa, ā, he koretake i te wā e whakamahi ana i ngā kōwhiringa pēnei i te EAP-GTC. Hei tino whakaoti i te raruraru, me kawe e nga kaiwhakahaere whatunga ta ratou whirihoranga ki te ahua tika, i.e. whirihorahia he mekameka whakawhirinaki ki te manatoko i te tiwhikete tūmau ma te whakamahi i te tawhā ca_cert.
Source: opennet.ru