Akatswiri ochokera ku ma laboratories ofufuza a JSOF adanenanso za zovuta zisanu ndi ziwiri zatsopano mu seva ya DNS/DHCP dnsmasq. Seva ya dnsmasq ndiyotchuka kwambiri ndipo imagwiritsidwa ntchito mwachisawawa pamagawidwe ambiri a Linux, komanso pazida zama network kuchokera ku Cisco, Ubiquiti ndi ena. Kuwonongeka kwa Dnspooq kumaphatikizapo kupha poyizoni wa DNS komanso kupha ma code akutali. Zofooka zakhazikitsidwa mu dnsmasq 2.83.
Mu 2008, wofufuza wodziwika bwino wachitetezo a Dan Kaminsky adapeza ndikuwulula cholakwika chachikulu pamakina a intaneti a DNS. Kaminsky adatsimikizira kuti owukira amatha kuwononga ma adilesi aku domain ndikubera zambiri. Izi zadziwika kuti "Kaminsky Attack".
DNS yakhala ikuwonedwa ngati protocol yopanda chitetezo kwazaka zambiri, ngakhale ikuyenera kutsimikizira umphumphu. Ndichifukwa chake idadaliridwabe kwambiri. Nthawi yomweyo, njira zidapangidwa kuti zithandizire chitetezo cha protocol yoyambirira ya DNS. Njirazi zikuphatikiza HTTPS, HSTS, DNSSEC ndi zina. Komabe, ngakhale njira zonsezi zilipo, kubera kwa DNS kukadali kowopsa mu 2021. Zambiri pa intaneti zimadalirabe pa DNS monga momwe zidakhalira mu 2008, ndipo zimatha kuvutitsidwa ndi mtundu womwewo.
Zowopsa za poyizoni wa DNSpooq:
CVE-2020-25686, CVE-2020-25684, CVE-2020-25685. Zowopsa izi ndizofanana ndi kuukira kwa SAD DNS posachedwapa komwe ofufuza aku University of California ndi Tsinghua University. SAD DNS ndi zovuta za DNSpooq zitha kuphatikizidwanso kuti kuukira kukhale kosavuta. Zowonjezera zokhala ndi zotsatira zosadziwika bwino zanenedwanso ndi mgwirizano wa mayunivesite (Poison Over Trouble Forwarders, etc.).
Zowopsa zimagwira ntchito pochepetsa entropy. Chifukwa chogwiritsa ntchito hashi yofooka kuti muzindikire zopempha za DNS komanso kufanana kwa pempho kuyankha, entropy imatha kuchepetsedwa kwambiri ndipo ma bits ~ 19 okha ndi omwe amafunikira kuganiziridwa, kupangitsa kuti poyizoni wa cache atheke. Momwe dnsmasq imagwirira ntchito zolemba za CNAME zimalola kuti iwononge mbiri ya CNAME ndikuyipitsa mpaka ma 9 DNS rekodi nthawi imodzi.
Zowopsa zosefukira: CVE-2020-25687, CVE-2020-25683, CVE-2020-25682, CVE-2020-25681. Zowopsa zonse za 4 zodziwika zilipo mu code ndi kukhazikitsidwa kwa DNSSEC ndipo zimawonekera pokhapokha kuyang'ana kudzera pa DNSSEC kumayatsidwa pazosintha.
Source: linux.org.ru