E rua ngā ngoikoretanga kua kitea i roto i te kernel Linux. He rite te āhua o ēnei ngoikoretanga ki te ngoikoretanga Copy Fail i whakaaturia i ētahi rā kua pahure ake nei, engari e pā ana ki ngā pūnaha iti rerekē—xfrm-ESP me RxRPC. Ko tēnei raupapa ngoikoretanga kua tapaina ko Dirty Frag (e kiia ana ko Copy Fail 2). Mā ēnei ngoikoretanga ka taea e te kaiwhakamahi kāore i te whai mana te whiwhi mana pakiaka mā te tuhirua i ngā raraunga tukanga i roto i te keteroki whārangi. Kei te wātea he whakamahinga e mahi ana i runga i ngā tohatoha Linux katoa o nāianei. I whakaaturia te ngoikoretanga i mua i te whakaputanga o ngā papaki, engari kei te wātea he huarahi mahi.
E rua ngā ngoikoretanga e kapi ana i a Dirty Frag: ko te tuatahi i roto i te kōwae xfrm-ESP, e whakamahia ana hei whakatere i ngā mahi whakamunatanga IPsec mā te whakamahi i te kawa ESP (Encapsulating Security Payload), me te tuarua i roto i te taraiwa RxRPC, e whakatinana ana i te whānau tūhono AF_RXRPC me te kawa RPC o taua ingoa anō, e rere ana i runga i te UDP. Mā ia ngoikoretanga, ka tangohia motuhaketia, ka taea te whai mana pakiaka. Kua noho te ngoikoretanga xfrm-ESP i roto i te kernel Linux mai i te Hanuere 2017, ā, kua noho te ngoikoretanga RxRPC mai i te Pipiri 2023. Ko ngā take e rua i puta mai i ngā arotautanga e āhei ai te tuhi tika ki te keteroki whārangi.
Hei whakamahi i te ngoikoretanga xfrm-ESP, me whai whakaaetanga te kaiwhakamahi ki te waihanga i ngā mokowā ingoa, ā, hei whakamahi i te ngoikoretanga RxRPC, me uta te kōwae kernel rxrpc.ko. Hei tauira, i roto i te Ubuntu, ka āraia e ngā ture AppArmor ngā kaiwhakamahi kāore i te whai mana ki te waihanga i ngā mokowā ingoa, engari ka utaina te kōwae rxrpc.ko mā te taunoa. Kāore i roto i ētahi tohatoha te kōwae rxrpc.ko engari kāore e aukati i te waihanga mokowā ingoa. I whakawhanakehia e te kairangahau nāna i kite te take he whakamahinga whakakotahi ka taea te whakaeke i te pūnaha mā roto i ngā ngoikoretanga e rua, kia taea ai te whakamahi i te take i runga i ngā tohatoha nui katoa. Kua whakaūtia te mahi a te pūmanawa nei i runga i te Ubuntu 24.04.4 me te kernel 6.17.0-23, RHEL 10.1 me te kernel 6.12.0-124.49.1, openSUSE Tumbleweed me te kernel 7.0.2-1, CentOS Stream 10 me te kernel 6.12.0-224, AlmaLinux 10 me te kernel 6.12.0-124.52.3, me Fedora 44 me te kernel 6.19.14-300.
Pērā i te ngoikoretanga o te Copy Fail, ko ngā take i roto i te xfrm-ESP me te RxRPC i puta mai i te wetewete raraunga kei roto mā te whakamahi i te mahi splice(), e whakawhiti raraunga ana i waenga i ngā whakaahuatanga kōnae me ngā paipa me te kore e tārua, mā te tuku tohutoro ki ngā huānga i roto i te keteroki whārangi. I tatauhia ngā tauwehenga tuhi me te kore he tirotiro tika hei whakaaro mō te whakamahinga o ngā tohutoro tika ki ngā huānga i roto i te keteroki whārangi, e āhei ai ngā tono i hangaia motuhaketia ki te tuhirua i te 4 paita i tētahi tauwehenga kua hoatu me te whakarerekē i ngā ihirangi o tētahi kōnae i roto i te keteroki whārangi.
Ko ngā mahi pānui kōnae katoa ka tiki i ngā ihirangi mai i te keteroki whārangi i te tuatahi. Mena ka whakarerekētia ngā raraunga i roto i te keteroki whārangi, ka whakahokia mai e ngā mahi pānui kōnae ngā raraunga kua whakakapia, ehara i te mōhiohio tūturu kua rongoatia ki te puku. Ko te whakamahinga o te ngoikoretanga ko te whakarerekē i te keteroki whārangi mō tētahi kōnae whakahaere me te haki pakiaka suid. Hei tauira, hei whiwhi mana pakiaka, ka taea e te tangata te pānui i te kōnae whakahaere /usr/bin/su hei whakanoho ki te keteroki whārangi, kātahi ka whakakapi i tā rātou ake waehere ki ngā ihirangi o tēnei kōnae kua utaina ki te keteroki whārangi. Mā te whakahaere i te taputapu "su" i muri mai ka utaina te tārua kua whakarerekētia mai i te keteroki whārangi ki te mahara, ehara i te kōnae whakahaere taketake mai i te puku.
I whakaritea te whakaaturanga ngoikoretanga me te tukunga whakarite o ngā papaki mō te 12 o Mei, engari nā te turuturu, me whakaputa ngā mōhiohio ngoikoretanga i mua i te tukunga o ngā papaki. I te mutunga o Paenga-whāwhā, i tukuna ngā papaki mō rxrpc, ipsec, me xfrm ki te rārangi mēra tūmatanui netdev me te kore e whakahua he hononga ki te ngoikoretanga. I te 5 o Mei, i whakaae te kaitiaki pūnaha IPsec ki tētahi huringa ki te putunga Git netdev me tētahi whakatikatika kua whakaarohia i roto i te kōwae xfrm-esp. Ko te whakaahuatanga o te huringa he rite tonu ki te whakaahuatanga o te take i arahi ai ki te ngoikoretanga Copy Fail i roto i te kōwae algif_aead. I hiahia tētahi kairangahau haumarutanga ki tēnei whakatikatika, ā, i taea e ia te hanga i tētahi whakamahinga mahi, ā, i whakaputaina, me te kore e mōhio kua whakatakotoria he aukati mō te whakaatu i ngā mōhiohio mō te take tae noa ki te 12 o Mei.
Kāore anō kia whakaputaina ngā whakahōutanga me ngā whakatikatika mō ngā kete kernel Linux me ngā kete kernel i roto i ngā tohatoha, engari kei te wātea ngā papaki hei whakatika i ngā take—xfrm-esp me rxrpc. Kāore anō kia tohaina ngā tohu CVE, e uaua ai te whai i ngā whakahōutanga kete i roto i ngā tohatoha. Hei huarahi whakaoti, ka taea e koe te aukati i te utaina o ngā kōwae kernel esp4, esp6, me rxrpc: sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
Source: opennet.ru
