Pulojekiti ya Zero Day Initiative (ZDI) yawulula zambiri zokhudzana ndi zovuta zosasinthika (0-day) (CVE-2023-42115, CVE-2023-42116, CVE-2023-42117) mu seva ya Exim mail, kukulolani kuti mugwiritse ntchito patali. code pa seva ndi njira yaufulu yomwe imavomereza kulumikizidwa pa netiweki doko 25. Palibe kutsimikizika kofunikira kuti tichite izi.
Chiwopsezo choyamba (CVE-2023-42115) chimayamba chifukwa cha zolakwika mu ntchito ya smtp ndipo zimagwirizana ndi kusowa kwa macheke oyenerera pa data yomwe idalandiridwa kuchokera kwa wogwiritsa ntchito panthawi ya SMTP ndikuwerengera kukula kwake. Zotsatira zake, wowukirayo amatha kulemba mowongolera za data yake kumalo okumbukira kupitilira malire a buffer yomwe wapatsidwa.
Chiwopsezo chachiwiri (CVE-2023-42116) chilipo mu chothandizira zopempha za NTLM ndipo chimayamba chifukwa chokopera zomwe zalandilidwa kuchokera kwa wogwiritsa ntchito kuti zisungidwe mokhazikika popanda kuwunika kofunikira kwa kukula kwa zomwe zikulembedwa.
Chiwopsezo chachitatu (CVE-2023-42117) chilipo munjira ya smtp kuvomera kulumikizana padoko la TCP 25 ndipo zimachitika chifukwa chosowa zotsimikizira zolowera, zomwe zitha kupangitsa kuti deta yoperekedwa ndi ogwiritsa ntchito ilembedwe kumalo okumbukira kunja kwa buffer yomwe idaperekedwa. .
Zowopsa zimazindikiridwa ngati masiku 0, i.e. kukhala osakhazikika, koma lipoti la ZDI likunena kuti opanga Exim adadziwitsidwa za mavutowa pasadakhale. Kusintha komaliza kwa Exim codebase kudapangidwa masiku awiri apitawo ndipo sikunadziwikebe nthawi yomwe mavutowo adzakonzedwe (opanga zogawa sanakhalebe ndi nthawi yoti achitepo kanthu popeza chidziwitsocho chinawululidwa popanda zambiri maola angapo apitawo). Pakadali pano, opanga Exim akukonzekera kutulutsa mtundu watsopano wa 4.97, koma palibe chidziwitso chenicheni cha nthawi yomwe idasindikizidwa. Njira yokhayo yodzitetezera yomwe yatchulidwa pano ndikuletsa mwayi wopeza ntchito ya Exim-based SMTP.
Kuphatikiza pa zovuta zomwe tazitchula pamwambapa, zambiri zawululidwanso za zovuta zingapo zosawopsa:
- CVE-2023-42118 ndikusefukira mulaibulale ya libspf2 pogawa ma SPF macros. Kusatetezeka kumakupatsani mwayi woyambitsa ziphuphu zakutali za zomwe zili m'makumbukidwe ndipo zitha kugwiritsidwa ntchito kukonza ma code anu pa seva.
- CVE-2023-42114 ndiyomwe idawerengedwa pachothandizira NTLM. Vutoli likhoza kuchititsa kuti zomwe zili mkati mwazomwe zikugwiritsidwa ntchito pa intaneti ziwonongeke.
- CVE-2023-42119 ndi chiwopsezo cha dnsdb chogwirizira chomwe chimatsogolera kukuchucha kukumbukira munjira ya smtp.
Source: opennet.ru