Kampani ya Qualys chiopsezo china chakutali (CVE-2020-8794) mu seva yamakalata , yopangidwa ndi polojekiti ya OpenBSD. Monga yomwe idazindikirika kumapeto kwa Januware , nkhani yatsopano imapangitsa kuti zitheke kutsata malamulo achinsinsi pa seva yomwe ili ndi ufulu wogwiritsa ntchito mizu. Kusatetezeka mu nkhani .
Vutoli limayambitsidwa ndi cholakwika mu code yomwe imatumiza makalata ku seva yakutali yamakalata (osati mu code yomwe imagwira maulumikizidwe obwera). Kuwukirako kumatheka kumbali ya kasitomala komanso kumbali ya seva. Kumbali ya kasitomala, kuwukirako kumatheka pakukhazikika kwa OpenSMTPD, momwe OpenSMTPD imavomereza zopempha pamanetiweki amkati (localhost) ndikutumiza maimelo ku maseva akunja. Kuti mugwiritse ntchito chiwopsezochi, ndikwanira kuti, potumiza kalata, OpenSMTPD imakhazikitsa gawo ndi seva yamakalata yoyendetsedwa ndi wowukirayo, kapena kuti wowukirayo atha kulowa muakasitomala (MITM kapena kuwongoleranso panthawi yakuukira kudzera pa DNS kapena BGP. ).
Pakuukira kumbali ya seva, OpenSMTPD iyenera kukonzedwa kuti ilandire zopempha zakunja zamanetiweki kuchokera kumaseva ena amakalata kapena kupereka chithandizo chamagulu ena omwe amakulolani kutumiza pempho ku imelo yosagwirizana (mwachitsanzo, mafomu otsimikizira adilesi pamasamba). Mwachitsanzo, wowukira atha kulumikizana ndi seva ya OpenSMTPD ndikutumiza chilembo cholakwika (kwa wogwiritsa ntchito yemwe palibe), zomwe zingapangitse kuyankha kutumiza kalata yokhala ndi cholakwika (kudumpha) ku seva ya wowukirayo. Wowukira angagwiritse ntchito mwayiwu ngati OpenSMTPD ilumikizidwa kuti ipereke chidziwitso ku seva ya wowukirayo. Malamulo a chipolopolo omwe amabayidwa panthawi yachiwonongeko amaikidwa mu fayilo yomwe imachitidwa ndi ufulu wa mizu pamene OpenSMTPD iyambiranso, kotero wowukirayo ayenera kuyembekezera OpenSMTPD kuti ayambitsenso kapena kuyambitsa kuwonongeka kwa OpenSMTPD kuti amalize kuukira.
Vuto likupezeka mu ntchito ya mta_io() mu code yofotokozera mayankho amitundu yambiri omwe abwezedwa ndi seva yakutali pambuyo polumikizana ndi kukhazikitsidwa (mwachitsanzo, "250-ENHANCEDSTATUSCODES" ndi "250 HELP"). OpenSMTPD imawerengera kuti mzere woyamba uli ndi nambala ya manambala atatu ndi mawu olekanitsidwa ndi “-“, ndipo mzere wachiwiri uli ndi manambala atatu ndi mawu olekanitsidwa ndi danga. Ngati chiwerengero cha manambala atatu sichitsatiridwa ndi danga ndi malemba mumzere wachiwiri, cholozera chomwe chimagwiritsidwa ntchito kutanthauzira malembawo chimayikidwa ku byte motsatira khalidwe la '\ 0' ndipo kuyesa kupangidwa kukopera deta pambuyo pa mapeto. ya mzere mu buffer.
Popempha pulojekiti ya OpenBSD, kufalitsa tsatanetsatane wa exploit chifukwa cha kufooka kumeneku kwachedwetsedwa mpaka pa 26 February kuti ogwiritsa ntchito azitha kusintha machitidwe awo. Vutoli lakhalapo mu codebase kuyambira Disembala 2015, koma kugwiritsa ntchito root code kwakhala kotheka kuyambira Meyi 2018. Ofufuza akonza prototype yogwira ntchito ya exploit, yomwe yayesedwa bwino mu OpenSMTPD builds ya OpenBSD 6.6, OpenBSD 5.9, Debian 10, Debian 11 (kuyesa) ndi Fedora 31.
Mu OpenSMTPD komanso Chiwopsezo china (CVE-2020-8793) chimalola wogwiritsa ntchito wakomweko kuwerenga mzere woyamba wa fayilo iliyonse pa dongosololi. Mwachitsanzo, mzere woyamba wa /etc/master.passwd, womwe uli ndi hash yachinsinsi ya wogwiritsa ntchito, ukhoza kuwerengedwa. Chiwopsezochi chimalolanso kuti zonse zomwe zili mu fayilo ya wogwiritsa ntchito wina ziwerengedwe ngati fayiloyo ili pa fayilo yomweyo monga chikwatu cha /var/spool/smtpd/. Vutoli silingagwiritsidwe ntchito pamagawidwe ambiri. Linux, momwe mtengo wa /proc/sys/fs/protected_hardlinks wakhazikitsidwa ku 1.
Vutoli ndi zotsatira za kuchotsedwa kosakwanira , zomwe zidanenedwa pakuwunika kochitidwa ndi Qualys mu 2015. Wowukira atha kukwaniritsa ma code ake ndi ufulu wa gulu la "_smtpq" pokhazikitsa "PATH=." ndikuyika script yotchedwa makemap m'ndandanda wamakono (zothandizira za smtpctl zimayendetsa makemap popanda kufotokoza mwatsatanetsatane njirayo). Pokhala ndi mwayi wopita ku gulu la "_smtpq", wowukirayo amatha kuyambitsa mpikisano (kupanga fayilo yayikulu m'ndandanda wapaintaneti ndikutumiza chizindikiro cha SIGSTOP) ndipo, kukonzanso kusanamalize, sinthani fayiloyo mu bukhu lopanda intaneti ndi cholimba. symlink akulozera ku fayilo yomwe mukufuna kuti zolemba zake ziwerengedwe .
Ndizofunikira kudziwa kuti ku Fedora 31 kusatetezeka kumakupatsani mwayi wopeza mwayi wagulu la mizu nthawi yomweyo, popeza njira ya smtpctl ili ndi mizu ya setgid, m'malo mwa mbendera ya setgid smtpq. Pokhala ndi mwayi wopita ku gulu la mizu, mutha kulembanso zomwe zili mu /var/lib/sss/mc/passwd ndikupeza mizu yonse kudongosolo.
Source: opennet.ru
