Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Chiwopsezo cha ma routers a MikroTik omwe amatsogolera ku ma code pokonza IPv6 RA

Chiwopsezo cha ma routers a MikroTik omwe amatsogolera ku ma code pokonza IPv6 RA

Chiwopsezo chachikulu (CVE-2023-32154) chadziwika mu makina opangira a RouterOS omwe amagwiritsidwa ntchito mu ma routers a MikroTik, omwe amalola wogwiritsa ntchito wosavomerezeka kuti apereke code pa chipangizocho potumiza zotsatsa za IPv6 router (RA, Router Advertisement).

Vutoli limayamba chifukwa chosowa kutsimikizira koyenera kwa data yomwe imachokera kunja pakukonza zopempha za IPv6 RA (Rauta Advertisement), zomwe zidapangitsa kuti zitheke kulemba zambiri kupyola malire a buffer yomwe idaperekedwa ndikulinganiza kachitidwe ka code yanu. ndi mwayi wa mizu. Kusatetezeka kumawonekera mu nthambi za MikroTik RouterOS v6.xx ndi v7.xx, IPv6 RA ikayatsidwa muzokonda zolandila mauthenga a IPv6 RA (β€œipv6/settings/ set accept-router-advertisements=yes” kapena β€œipvXNUMX/settings/ set forward=palibe kuvomereza-rauta -advertisements=inde-ngati-kutumiza-kulemala").

Kuthekera kogwiritsa ntchito chiwopsezo muzochita kunawonetsedwa pa mpikisano wa Pwn2Own ku Toronto, pomwe ofufuza omwe adazindikira vutoli adalandira mphotho ya $ 100,000 chifukwa cha kuthyolako kwa magawo osiyanasiyana ndikuukira kwa Mikrotik rauta ndikuigwiritsa ntchito ngati. choyambira chowukira zigawo zina za netiweki yakomweko (oukira pambuyo pake adawongolera chosindikizira cha Canon, zambiri za kusatetezeka komwe zidawululidwa).

Zambiri zokhudzana ndi chiwopsezo zidasindikizidwa koyambirira chigambacho chisanapangidwe ndi wopanga (0-day), koma RouterOS 7.9.1, 6.49.8, 6.48.7, 7.10beta8 zosintha zomwe zimakonza chiwopsezo zasindikizidwa kale. Malinga ndi chidziwitso cha projekiti ya ZDI (Zero Day Initiative), yomwe imayendetsa mpikisano wa Pwn2Own, wopanga adadziwitsidwa zachiwopsezocho pa Disembala 29, 2022. Oimira MikroTik amati sanalandire zidziwitso ndipo adangophunzira za vutoli pa Meyi 10, atatumiza chenjezo lomaliza. Kuphatikiza apo, lipoti lachiwopsezo limatchula kuti chidziwitso chokhudza momwe vutoli lakhalira chinaperekedwa kwa woimira MikroTik payekha pa mpikisano wa Pwn2Own ku Toronto, koma malinga ndi MikroTik, ogwira ntchito ku MikroTik sanachite nawo mwambo uliwonse.

Source: opennet.ru

Kuwonjezera ndemanga