M'ma library a Clibc ndi uClibc-ng okhazikika, omwe amagwiritsidwa ntchito pazida zambiri zophatikizika komanso zosunthika, chiwopsezo chadziwika (CVE sichinapatsidwe) chomwe chimalola kuti deta yopeka iyikidwe mu cache ya DNS, yomwe ingagwiritsidwe ntchito m'malo mwa adilesi ya IP. za malo osagwirizana mu cache ndikulozeranso zopempha ku domain pa seva ya wowukirayo.
Nkhaniyi ikukhudza ma firmware osiyanasiyana a Linux a ma routers, malo ofikira, ndi zida za intaneti za Zinthu, komanso magawo ophatikizidwa a Linux monga OpenWRT ndi Embedded Gentoo. Zadziwika kuti chiwopsezochi chikuwoneka pazida zochokera kwa opanga ambiri (mwachitsanzo, uClibc imagwiritsidwa ntchito mu Linksys, Netgear ndi Axis firmware), koma popeza chiwopsezocho chimakhalabe chosakhazikika mu uClibc ndi uClibc-ng, zambiri za zida ndi opanga omwe zinthu zawo zimapangidwira. vuto lilipo silinaululidwe.
Chiwopsezochi chachitika chifukwa chogwiritsa ntchito zozindikiritsa zomwe zikuyembekezeka potumiza mafunso a DNS. Nambala yodziwika ya pempho la DNS idasankhidwa ndikungowonjezera kauntala popanda kugwiritsa ntchito manambala owonjezera a doko, zomwe zidapangitsa kuti pakhale poyizoni posungira DNS potumiza mwachangu mapaketi a UDP okhala ndi mayankho abodza (yankho lidzalandiridwa ngati lidafika kale. yankho lochokera ku seva yeniyeni ndikuphatikizanso ID yolondola). Mosiyana ndi njira ya Kaminsky yomwe idaperekedwa mu 2008, chizindikiritso cha malonda sichiyenera kuganiziridwa, chifukwa zimadziwikiratu (mtengowo umayikidwa ku 1, womwe umachulukitsidwa ndi pempho lililonse, m'malo mosankhidwa mwachisawawa).
Kuti muteteze ku mphamvu yankhanza yozindikiritsa, zomwe zafotokozedwazo zimalimbikitsanso kugwiritsa ntchito kugawa kwachisawawa kwa madoko a netiweki komwe zopempha za DNS zimatumizidwa, zomwe zimalipira kukula kosakwanira kwa chizindikiritso. Mukalola kuti port randomization ipange yankho labodza, kuwonjezera pa kusankha chozindikiritsa cha 16-bit, muyenera kusankha nambala ya doko la netiweki. Mu uClibc ndi uClibc-ng, kusasintha koteroko sikunatheke momveka bwino (poyitana bind, doko la UDP lachisawawa silinatchulidwe) ndipo kugwiritsidwa ntchito kwake kumadalira makonda opangira opaleshoni.
Pamene pot randomization yayimitsidwa, kudziwa ID ya pempho lowonjezereka kumalembedwa ngati ntchito yaing'ono. Koma ngakhale zitagwiritsidwa ntchito mwachisawawa, wowukirayo amangofunika kuganiza za doko la netiweki kuchokera pamitundu 32768-60999, pomwe angagwiritse ntchito kutumiza mayankho abodza nthawi imodzi kumadoko osiyanasiyana.
Vutoli latsimikizika m'mabuku onse apano a uClibc ndi uClibc-ng, kuphatikiza mitundu yaposachedwa kwambiri ya uClibc 0.9.33.2 ndi uClibc-ng 1.0.40. Mu Seputembala 2021, zambiri zokhudzana ndi chiopsezochi zidatumizidwa ku CERT/CC kuti zikonzekere bwino. Mu Januware 2022, zambiri za vutoli zidagawidwa ndi opanga opitilira 200 omwe amagwirizana ndi CERT/CC. M'mwezi wa Marichi, panali kuyesa kulumikizana padera ndi woyang'anira polojekiti ya uClibc-ng, koma adayankha kuti sakanatha kukonza chiwopsezocho payekha ndipo adalimbikitsa kuwulula poyera za vutoli, ndikuyembekeza kulandira thandizo pakukhazikitsa konza kuchokera kumudzi. Pakati pa opanga, NETGEAR adalengeza kutulutsidwa kwa zosintha zomwe zimachotsa chiwopsezo.
Source: opennet.ru