Mumndandanda wamtundu wa TCP/IP , yogwiritsidwa ntchito potumiza mapepala opangidwa mwapadera. Zowonongeka zapatsidwa dzina la code . Zowopsa zina zimawonekeranso mugulu la KASAGO TCP/IP lochokera ku Zuken Elmic (Elmic Systems), lomwe lili ndi mizu yofanana ndi Treck. Treck stack imagwiritsidwa ntchito m'mafakitale ambiri, zamankhwala, mauthenga, ophatikizidwa ndi ogula (kuchokera ku nyali zanzeru kupita ku makina osindikizira ndi magetsi osasunthika), komanso mu mphamvu, mayendedwe, ndege, malonda ndi zipangizo zopangira mafuta.
Zolinga zodziwika bwino za Treck's TCP/IP stack zikuphatikiza osindikiza a HP network ndi Intel chips. Mwa zina, mavuto mu Treck TCP/IP stack adakhala chifukwa chaposachedwa mu Intel AMT ndi ISM subsystems, yogwiritsidwa ntchito potumiza paketi ya netiweki. Kukhalapo kwa zofooka kunatsimikiziridwa ndi opanga Intel, HP, Hewlett Packard Enterprise, Baxter, Caterpillar, Digi, Rockwell Automation ndi Schneider Electric. Zambiri
, omwe mankhwala ake amagwiritsa ntchito stack ya Treck's TCP / IP, sanayankhebe mavutowa. Opanga 5, kuphatikiza AMD, adanena kuti zinthu zawo sizikhala ndi zovuta.
Mavuto adapezeka pakukhazikitsa ma protocol a IPv4, IPv6, UDP, DNS, DHCP, TCP, ICMPv4 ndi ARP, ndipo zidachitika chifukwa chakusintha kolakwika kwa magawo a kukula kwa data (pogwiritsa ntchito gawo la kukula popanda kuyang'ana kukula kwake kwa data), zolakwika mu kuyang'ana zomwe zalowetsedwa, kumasula kukumbukira kawiri, kuwerengera kunja kwa buffer, kuchulukirachulukira, kuwongolera kolakwika, ndi mavuto ogwiritsira ntchito zingwe zopanda malire.
Mavuto awiri owopsa kwambiri (CVE-2020-11896, CVE-2020-11897), omwe amapatsidwa CVSS level 10, amalola kuti code ichitike pa chipangizo potumiza mapaketi opangidwa mwapadera a IPv4/UDP kapena IPv6. Vuto loyamba lovuta likuwonekera pazida zothandizidwa ndi tunnel za IPv4, ndipo lachiwiri m'matembenuzidwe omwe adatulutsidwa pamaso pa 04.06.2009/6/9 mothandizidwa ndi IPv2020. Chiwopsezo china (CVSS 11901) chilipo mu DNS solver (CVE-XNUMX-XNUMX) ndipo chimalola kuphedwa kwa ma code potumiza pempho la DNS lopangidwa mwapadera (vutoli lidagwiritsidwa ntchito kuwonetsa kubera kwa Schneider Electric APC UPS ndikuwoneka pazida zomwe zili ndi Thandizo la DNS).
Zowopsa zina CVE-2020-11898, CVE-2020-11899, CVE-2020-11902, CVE-2020-11903, CVE-2020-11905 kulola zomwe zili mu IPv4/ICMPv4, IPv6Over IPv DH, IPv4OverIPv6, IPv6OverIPvXNUMX, IPvXNUMXOverIPvXNUMX kutumiza mapaketi opangidwa mwapadera dongosolo kukumbukira malo. Mavuto ena angayambitse kuletsedwa kwa ntchito kapena kutayikira kwa data yotsalira kuchokera muzosungira zamakina.
Zowonongeka zambiri zimakhazikika ku Treck 6.0.1.67 (CVE-2020-11897 yokhazikika mu 5.0.1.35, CVE-2020-11900 mu 6.0.1.41, CVE-2020-11903 mu 6.0.1.28-C2020. 11908. 4.7.1.27). Popeza kukonzekera zosintha za firmware pazida zinazake zitha kuchedwa kapena zosatheka (Treck stack yakhala ikupezeka kwazaka zopitilira 20, zida zambiri zimakhala zosasamalidwa kapena zovuta kuzisintha), oyang'anira amalangizidwa kuti azipatula zida zovuta ndikusintha makina oyendera mapaketi, zozimitsa moto. kapena ma routers kuti azisintha kapena kutsekereza mapaketi ogawanika, kutsekereza ma IP tunnels (IPv6-in-IPv4 ndi IP-in-IP), kutsekereza "source routing", kuthandizira kuyang'ana zosankha zolakwika m'mapaketi a TCP, kuletsa mauthenga owongolera a ICMP osagwiritsidwa ntchito (MTU Update ndi Adilesi Mask), zimitsani IPv6 multicast ndikulozeranso mafunso a DNS ku seva yotetezeka ya DNS.
Source: opennet.ru