Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kukula kwa mwayi wa OpenBSD ndi kutsimikizika kopitilira muyeso mu smtpd, ldapd ndi radiusd

Kukula kwa mwayi wa OpenBSD ndi kutsimikizika kopitilira muyeso mu smtpd, ldapd ndi radiusd

Kampani ya Qualys kuwululidwa anayi zofooka mu OpenBSD, imodzi yomwe imakulolani kuti mulumikize kutali popanda kutsimikiziridwa ndi mautumiki ena a pa intaneti, ndipo zitatuzo zimawonjezera mwayi wanu mudongosolo. Lipoti la Qualys lidawona kuyankha mwachangu kwa opanga OpenBSD - mavuto onse anali kuthetsedwa Π² Pulogalamu ya OpenBSD 6.5 ΠΈ Pulogalamu ya OpenBSD 6.6 mkati mwa maola 40 chidziwitso chachinsinsi.

Chiwopsezo chomwe chingagwiritsidwe ntchito patali chimayamba chifukwa cholakwitsa kuyimbira chothandizira chotsimikizika mu library ya libc, chomwe chimayimba.
pulogalamu /usr/libexec/auth/login_style kudutsa mikangano pamzere wolamula. Kuphatikiza pakuyimba login_style pogwiritsa ntchito chosankha "-s service", ndizotheka kusamutsa dzina la protocol. Ngati mugwiritsa ntchito "-" kumayambiriro kwa dzina lolowera, dzinali lidzatengedwa ngati njira mukamagwiritsa ntchito login_style. Chifukwa chake, ngati mungatchule "-schallenge" kapena "-schallenge:passwd" monga dzina lolowera panthawi yotsimikizika, login_style iwona pempholo ngati pempho logwiritsa ntchito chogwirizira. S/Kiyi.

Vuto ndiloti protocol ya S/Key mu login_style imathandizidwa mwamwambo, koma imanyalanyazidwa ndi kutulutsa kwa chizindikiro chotsimikizira bwino. Chifukwa chake, wowukira atha, podziwonetsa ngati wogwiritsa "-challenge", kudutsa kutsimikizika ndikupeza mwayi popanda kupereka mawu achinsinsi kapena makiyi. Ntchito zonse zama netiweki zomwe zimagwiritsa ntchito mafoni amtundu wa libc kuti zitsimikizire zitha kukhudzidwa ndi vutoli. Mwachitsanzo, kuthekera kolambalala kutsimikizika kumathandizidwa mu smtpd (AUTH PLAIN), ldapd ndi radiusd.

Chiwopsezo sichikuwoneka mu sshd, chifukwa chimakhala ndi chitetezo chowonjezera chomwe chimayang'ana kupezeka kwa wogwiritsa ntchito mudongosolo. Komabe, sshd itha kugwiritsidwa ntchito kuyesa kusatetezeka kwa dongosolo - mukapeza dzina lolowera "-sresponse:passwd", kulumikizana kumapachikidwa, popeza sshd ikuyembekezera login_passwd kubweza magawo ovuta, ndipo login_passwd ikuyembekezera magawo omwe akusowa. kutumizidwa (dzina "- yankho" limatengedwa ngati njira). Wowukira wakomweko atha kuyesa kulambalala chitsimikiziro cha su utility, koma kutchula dzina "-response" kumapangitsa kuti ntchitoyi iwonongeke pobwezera cholozera chopanda pake pochita getpwnam_r("-schallenge", ...) ntchito.

Zofooka zina:

  • CVE-2019-19520 Kukwezeka kwamwayi kwanuko kudzera mwakusintha zida za xlock zoperekedwa ndi sgid mbendera yosinthira gululo kukhala "auth". Mu code ya xlock, kutanthauziranso njira zopita ku malaibulale ndikoletsedwa pokhapokha chizindikiritso cha wogwiritsa ntchito (setuid) chisinthidwa, chomwe chimalola wowukirayo kusintha kusintha kwa chilengedwe "LIBGL_DRIVERS_PATH" ndikukonzekera kutsitsa laibulale yake yomwe adagawana, ma code omwe adzagwiritsiridwe ntchito. pambuyo pokweza mwayi ku gulu la "auth".
  • CVE-2019-19522 - Imalola wogwiritsa ntchito wamba yemwe ali membala wa gulu la "auth" kuyendetsa khodi ngati mizu pomwe kutsimikizika kwa S/Key kapena YubiKey kwayatsidwa pamakina (osagwira mwachisawawa). Kulowa m'gulu la "auth", lomwe lingapezeke pogwiritsa ntchito chiwopsezo chomwe tatchula pamwambapa mu xlock, kumakupatsani mwayi wolembera mafayilo ku /etc/skey ndi /var/db/yubikey. Mwachitsanzo, wowukira atha kuwonjezera fayilo yatsopano /etc/skey/root kuti apange makiyi anthawi imodzi kuti atsimikizire ngati wogwiritsa ntchito mizu kudzera pa S/Key.
  • CVE-2019-19519 - kuthekera kowonjezera malire azinthu pogwiritsa ntchito su utility. Pamene kusankha "-L" kutchulidwa, zomwe zimapangitsa kuyesa kutsimikizira kubwerezedwa mobwerezabwereza ngati sikunapambane, gulu la ogwiritsira ntchito limayikidwa kamodzi kokha ndipo silinakhazikitsidwenso pazoyesa zina. Wowukira atha kupha "su -l -L" poyesa koyamba kulowa malowedwe a munthu wina ndi gulu lina laakaunti, koma pakuyesa kwachiwiri akhoza kutsimikizira ngati iye mwini. Izi zikachitika, wogwiritsa ntchitoyo azikhala ndi malire kutengera gulu la ogwiritsa ntchito lomwe lafotokozedwa pakuyesa koyamba (mwachitsanzo, kuchuluka kwa njira kapena kukula kwa kukumbukira kwanjira). Njirayi imangogwira ntchito yobwereka malire kuchokera kwa ogwiritsa ntchito opanda mwayi, popeza wogwiritsa ntchito mizu ayenera kukhala mugulu lamagudumu).

Kuphatikiza apo, zitha kuzindikirika kukhazikitsa mu OpenBSD, njira yatsopano yowonera kutsimikizika kwa mafoni amtundu, zomwe zimasokonezanso kugwiritsa ntchito ziwopsezo. Njirayi imalola mafoni adongosolo kuti azichitidwa pokhapokha atapezeka kuchokera kumalo okumbukira omwe adalembetsedwa kale. Kuyika malo okumbukira analimbikitsa kuyimba foni kwatsopano msyscall ().

Source: opennet.ru