Magulu ofufuza a Forescout Research Labs ndi JSOF Research asindikiza zotsatira za kafukufuku wophatikizana wokhudzana ndi chitetezo cha machitidwe osiyanasiyana ophatikizira omwe amagwiritsidwa ntchito kunyamula mayina obwereza mu DNS, mDNS, DHCP, ndi mauthenga a IPv6 RA (kuyika magawo obwerezabwereza mu mauthenga zomwe zili ndi mayina angapo). Pantchitoyi, zofooka za 9 zidadziwika, zomwe zimafupikitsidwa pansi pa dzina la code NAME: WRECK.
Nkhani zadziwika mu FreeBSD, komanso m'magawo ochezera a pa intaneti IPnet, Nucleus NET ndi NetX, zomwe zafala kwambiri mu VxWorks, Nucleus ndi ThreadX makina ogwiritsira ntchito nthawi yeniyeni omwe amagwiritsidwa ntchito pazida zodzipangira okha, kusungirako, zida zamankhwala, ma avionics, osindikiza. ndi ogula zamagetsi. Akuti pafupifupi zida 100 miliyoni zimakhudzidwa ndi kusatetezeka.
- Chiwopsezo cha FreeBSD (CVE-2020-7461) chinapangitsa kuti zitheke kukonza kachitidwe ka code yake potumiza paketi yopangidwa mwapadera ya DHCP kwa omwe akuwukira omwe ali pa netiweki ya komweko monga wozunzidwayo, kuwongolera komwe kumayendetsedwa ndi kasitomala wa DHCP yemwe ali pachiwopsezo. ku kusefukira kwa buffer. Vutoli lidachepetsedwa chifukwa njira ya dhclient momwe chiwopsezocho chinalipo chinali kuyendetsedwa ndi mwayi wokhazikitsanso malo akutali a Capsicum, omwe amafunikira kuzindikira chiwopsezo china kuti atuluke.
Cholakwikacho chimachokera ku kutsimikizika kolakwika kwa magawo mu paketi yobwezedwa ya seva ya DHCP yokhala ndi njira ya DHCP 119, yomwe imalola mndandanda wa "kusaka kwa domain" kuti uperekedwe kwa wosinthira. Kuwerengera kolakwika kwa kukula kwa buffer komwe kumafunika kuti kugwirizane ndi deta yosatsegulidwa. mayina a domain, zinapangitsa kuti zambiri zolamulidwa ndi owukira zilembedwe kupitirira buffer yomwe yaperekedwa. Vutoli linakonzedwa mu FreeBSD mu Seputembala chaka chatha. Lingagwiritsidwe ntchito pokhapokha ngati pali intaneti yapafupi.
- Chiwopsezo chapaintaneti ya IPnet yophatikizidwa yomwe imagwiritsidwa ntchito mu RTOS VxWorks imalola kuphedwa kwa ma code kumbali ya kasitomala wa DNS chifukwa chosagwira bwino mawu a DNS. Zotsatira zake, chiwopsezochi chidadziwika koyamba ndi Eksodo mu 2016, koma sichinakhazikitsidwe. Pempho latsopano ku Wind River silinayankhidwe ndipo zida za IPnet zimakhalabe pachiwopsezo.
- В TCP/IP Zofooka zisanu ndi chimodzi zinapezeka mu Nucleus NET stack yomwe imathandizidwa ndi Siemens, ziwiri mwa izo zingayambitse kugwiritsa ntchito ma code akutali ndipo zinayi zomwe zingayambitse kukanidwa kwa ntchito. Vuto loyamba lofunika kwambiri ndi lokhudzana ndi cholakwika pakuchotsa mauthenga a DNS opanikizika, ndipo lachiwiri ndi kusanthula molakwika kwa zilembo za mayina a domain. Mavuto onsewa amachititsa kuti buffer ichuluke pokonza mayankho a DNS opangidwa mwapadera.
Kuti agwiritse ntchito ziwopsezo, wowukirayo amangofunika kutumiza yankho lopangidwa mwapadera ku pempho lililonse lovomerezeka lomwe latumizidwa kuchokera ku chipangizo chomwe chili pachiwopsezo, mwachitsanzo, poyambitsa MTIM ndikusokoneza kuchuluka kwa magalimoto pakati pa seva ya DNS ndi wozunzidwayo. Ngati wowukirayo atha kugwiritsa ntchito netiweki yakomweko, ndiye kuti amatha kuyambitsa seva ya DNS yomwe imayesa kuwononga zida zovuta potumiza zopempha za mDNS munjira yowulutsira.
- Chiwopsezo cha NetX network stack (Azure RTOS NetX), yopangidwira ThreadX RTOS ndipo idatsegulidwa mu 2019 italandidwa ndi Microsoft, idangokhala kukana ntchito. Vutoli limadza chifukwa cha kulakwitsa pogawa mauthenga oponderezedwa a DNS pakukhazikitsa kothetsa.
Pa ma netiweki oyesedwa omwe palibe zowopsa zomwe zidapezeka zokhudzana ndi kukanikiza kwa data mobwerezabwereza mu mauthenga a DNS, ma projekiti otsatirawa adatchedwa: lwIP, Nut/Net, Zephyr, uC/TCP-IP, uC/TCP-IP, FreeRTOS+TCP , OpenThread ndi FNET. Komanso, ziwiri zoyamba (Nut/Net ndi lwIP) sizigwirizana ndi kukanikiza mu mauthenga a DNS nkomwe, pomwe enawo amagwiritsa ntchito ntchitoyi popanda zolakwika. Kuphatikiza apo, zimadziwika kuti m'mbuyomu ofufuza omwewo anali atazindikira kale zofooka zomwezo m'matumba a Treck, uIP ndi PicoTCP.
Source: opennet.ru
