Kampani ya Qualys chiopsezo china chakutali (CVE-2020-8794) mu seva yamakalata , yopangidwa ndi polojekiti ya OpenBSD. Monga yomwe idazindikirika kumapeto kwa Januware , nkhani yatsopano imapangitsa kuti zitheke kutsata malamulo achinsinsi pa seva yomwe ili ndi ufulu wogwiritsa ntchito mizu. Kusatetezeka mu nkhani .
Vutoli limayambitsidwa ndi cholakwika mu code yomwe imatumiza makalata ku seva yakutali yamakalata (osati mu code yomwe imagwira maulumikizidwe obwera). Kuwukirako kumatheka kumbali ya kasitomala komanso kumbali ya seva. Kumbali ya kasitomala, kuwukirako kumatheka pakukhazikika kwa OpenSMTPD, momwe OpenSMTPD imavomereza zopempha pamanetiweki amkati (localhost) ndikutumiza maimelo ku maseva akunja. Kuti mugwiritse ntchito chiwopsezochi, ndikwanira kuti, potumiza kalata, OpenSMTPD imakhazikitsa gawo ndi seva yamakalata yoyendetsedwa ndi wowukirayo, kapena kuti wowukirayo atha kulowa muakasitomala (MITM kapena kuwongoleranso panthawi yakuukira kudzera pa DNS kapena BGP. ).
Pakuukira kumbali ya seva, OpenSMTPD iyenera kukonzedwa kuti ilandire zopempha zakunja zamanetiweki kuchokera kumaseva ena amakalata kapena kupereka chithandizo chamagulu ena omwe amakulolani kutumiza pempho ku imelo yosagwirizana (mwachitsanzo, mafomu otsimikizira adilesi pamasamba). Mwachitsanzo, wowukira atha kulumikizana ndi seva ya OpenSMTPD ndikutumiza chilembo cholakwika (kwa wogwiritsa ntchito yemwe palibe), zomwe zingapangitse kuyankha kutumiza kalata yokhala ndi cholakwika (kudumpha) ku seva ya wowukirayo. Wowukira angagwiritse ntchito mwayiwu ngati OpenSMTPD ilumikizidwa kuti ipereke chidziwitso ku seva ya wowukirayo. Malamulo a chipolopolo omwe amabayidwa panthawi yachiwonongeko amaikidwa mu fayilo yomwe imachitidwa ndi ufulu wa mizu pamene OpenSMTPD iyambiranso, kotero wowukirayo ayenera kuyembekezera OpenSMTPD kuti ayambitsenso kapena kuyambitsa kuwonongeka kwa OpenSMTPD kuti amalize kuukira.
Vuto likupezeka mu ntchito ya mta_io() mu code yofotokozera mayankho amitundu yambiri omwe abwezedwa ndi seva yakutali pambuyo polumikizana ndi kukhazikitsidwa (mwachitsanzo, "250-ENHANCEDSTATUSCODES" ndi "250 HELP"). OpenSMTPD imawerengera kuti mzere woyamba uli ndi nambala ya manambala atatu ndi mawu olekanitsidwa ndi β-β, ndipo mzere wachiwiri uli ndi manambala atatu ndi mawu olekanitsidwa ndi danga. Ngati chiwerengero cha manambala atatu sichitsatiridwa ndi danga ndi malemba mumzere wachiwiri, cholozera chomwe chimagwiritsidwa ntchito kutanthauzira malembawo chimayikidwa ku byte motsatira khalidwe la '\ 0' ndipo kuyesa kupangidwa kukopera deta pambuyo pa mapeto. ya mzere mu buffer.
Pempho la pulojekiti ya OpenBSD, kufalitsa tsatanetsatane wokhudzana ndi kugwiritsidwa ntchito kwachiwopsezo kwachedwetsedwa mpaka February 26th kuti alole ogwiritsa ntchito kusintha machitidwe awo. Vutoli lakhala likupezeka mu codebase kuyambira Disembala 2015, koma kugwiritsa ntchito ma code kusanachitike ndi mwayi wa mizu kwatheka kuyambira Meyi 2018. Ofufuzawo adakonza chiwonetsero chogwira ntchito, chomwe chidayesedwa bwino mu OpenSMTPD imamanga OpenBSD 6.6, OpenBSD 5.9, Debian 10, Debian 11 (mayeso) ndi Fedora 31.
Mu OpenSMTPD komanso Chiwopsezo china (CVE-2020-8793) chomwe chimalola wogwiritsa ntchito wamba kuti awerenge mzere woyamba wa fayilo iliyonse pamakina. Mwachitsanzo, mutha kuwerenga mzere woyamba wa /etc/master.passwd, womwe uli ndi mawu achinsinsi a muzu. Kusatetezeka kumakupatsaninso mwayi wowerenga zonse zomwe zili mufayilo ya wogwiritsa ntchito wina ngati fayiloyi ili m'mafayilo omwewo monga /var/spool/smtpd/ directory. Vuto silimagwiritsidwa ntchito pamagawidwe ambiri a Linux pomwe mtengo wa /proc/sys/fs/protected_hardlinks wakhazikitsidwa ku 1.
Vutoli ndi zotsatira za kuchotsedwa kosakwanira , zomwe zidanenedwa pakuwunika kochitidwa ndi Qualys mu 2015. Wowukira atha kukwaniritsa ma code ake ndi ufulu wa gulu la "_smtpq" pokhazikitsa "PATH=." ndikuyika script yotchedwa makemap m'ndandanda wamakono (zothandizira za smtpctl zimayendetsa makemap popanda kufotokoza mwatsatanetsatane njirayo). Pokhala ndi mwayi wopita ku gulu la "_smtpq", wowukirayo amatha kuyambitsa mpikisano (kupanga fayilo yayikulu m'ndandanda wapaintaneti ndikutumiza chizindikiro cha SIGSTOP) ndipo, kukonzanso kusanamalize, sinthani fayiloyo mu bukhu lopanda intaneti ndi cholimba. symlink akulozera ku fayilo yomwe mukufuna kuti zolemba zake ziwerengedwe .
Ndizofunikira kudziwa kuti ku Fedora 31 kusatetezeka kumakupatsani mwayi wopeza mwayi wagulu la mizu nthawi yomweyo, popeza njira ya smtpctl ili ndi mizu ya setgid, m'malo mwa mbendera ya setgid smtpq. Pokhala ndi mwayi wopita ku gulu la mizu, mutha kulembanso zomwe zili mu /var/lib/sss/mc/passwd ndikupeza mizu yonse kudongosolo.
Source: opennet.ru