I totonu o se fa'aputuga TCP/IP , faʻaaogaina e ala i le auina atu o afifi faʻapitoa. O fa'aletonu ua tu'uina atu i ai se igoa fa'ailoga . O nisi fa'aletonu e aliali mai i le KASAGO TCP/IP stack mai le Zuken Elmic (Elmic Systems), lea e masani ona a'a ma Treck. O le Treck stack o loʻo faʻaaogaina i le tele o fale gaosi oloa, fomaʻi, fesoʻotaʻiga, faʻapipiʻi ma masini faʻatau (mai moli atamai i lomitusi ma sapalai eletise e le mafai ona faʻalavelaveina), faʻapea foʻi ma le malosi, felauaiga, vaalele, faʻatauga ma masini gaosiga o suauʻu.
Ta'uta'ua osofa'iga sini e fa'aaoga ai le fa'aputuga TCP/IP a Treck e aofia ai lomitusi feso'ota'iga HP ma Intel chips. Faatasi ai ma isi mea, o faʻafitauli i le Treck TCP/IP stack na avea ma mafuaʻaga talu ai nei i le Intel AMT ma le ISM subsystems, faʻatautaia e ala i le lafoina o se pusa fesoʻotaʻiga. O le i ai o faʻafitauli na faʻamaonia e le au gaosi Intel, HP, Hewlett Packard Enterprise, Baxter, Caterpillar, Digi, Rockwell Automation ma Schneider Electric. E sili atu
, o ana oloa e faʻaaogaina le Treck's TCP/IP stack, e leʻi tali atu i faʻafitauli. 5 gaosi oloa, e aofia ai le AMD, na taʻua o latou oloa e le afaina i faʻafitauli.
O faʻafitauli na maua i le faʻatinoina o le IPv4, IPv6, UDP, DNS, DHCP, TCP, ICMPv4 ma le ARP protocols, ma na mafua mai i le le saʻo o le faʻaogaina o faʻamaumauga o le tele o faʻamaumauga (faʻaaogaina o le tele o fanua e aunoa ma le siakiina o le tele o faʻamaumauga), mea sese i totonu. siaki fa'amatalaga fa'aoga, fa'alua fa'asa'olotoga o le manatua, faitau i fafo-o-pa'u, fa'asolo atoa, le sa'o le fa'atonutonuina o avanoa, ma fa'afitauli i le taulimaina o manoa fa'amavae.
O faʻafitauli sili ona mataʻutia e lua (CVE-2020-11896, CVE-2020-11897), o loʻo tuʻuina atu i le CVSS level 10, faʻatagaina le code e faʻatinoina i luga o se masini e ala i le lafoina faʻapitoa IPv4 / UDP poʻo IPv6 packets. O le fa'afitauli tu'utia muamua e aliali mai i masini o lo'o i ai le lagolago mo le IPv4 tunnels, ma le lona lua i fa'aliliuga na fa'amatu'u mai i luma ole 04.06.2009/6/9 ma le IPv2020 lagolago. O le isi faʻafitauli matuia (CVSS 11901) o loʻo i ai i le DNS resolver (CVE-XNUMX-XNUMX) ma faʻatagaina le faʻatinoina o tulafono e ala i le tuʻuina atu o se talosaga DNS faʻapitoa (o le faʻafitauli na faʻaaogaina e faʻaalia ai le hacking a Schneider Electric APC UPS ma faʻaalia i luga o masini ma lagolago DNS).
O isi fa'afitauli CVE-2020-11898, CVE-2020-11899, CVE-2020-11902, CVE-2020-11903, CVE-2020-11905 fa'atagaina mea o lo'o i totonu o le IPv4/ICMPv4, IPv6OverIPv4, fa'aalia i le IPv6, IPv6OverIPvXNUMX, IPvXNUMX auina atu o paketi ua fuafuaina faapitoa nofoaga e manatua ai. O isi fa'afitauli e ono i'u ai i le fa'afitia o le tautua po'o le lia'i o fa'amaumauga o totoe mai fa'apolopolo faiga.
O le tele o faʻafitauli o loʻo faʻamauina i le Treck 6.0.1.67 (CVE-2020-11897 ua faʻamauina i le 5.0.1.35, CVE-2020-11900 i le 6.0.1.41, CVE-2020-11903 i le 6.0.1.28, CVE-2020-11908 4.7.1.27. 20). Talu ai o le sauniaina o faʻafouga firmware mo masini faʻapitoa e ono tuai pe le mafai (o le Treck stack ua avanoa mo le sili atu i le 6 tausaga, o le tele o masini e tumau pea le le tausia pe faigata ona faʻafouina), ua fautuaina pule e faʻamavaeina masini faʻafitauli ma faʻapipiʻi faiga siaki siaki, puipui afi. poʻo alalaupapa e faʻavasega pe poloka poloka vaeluaga, poloka IP tunnels (IPv4-in-IPv6 ma IP-in-IP), poloka le "source routing", faʻatagaina le asiasia o filifiliga le saʻo i totonu o paʻu TCP, poloka le faʻaaogaina o feʻau faʻatonutonu ICMP (MTU Update ma Address Mask), faʻamalo le IPvXNUMX multicast ma toe faʻafeiloaʻi fesili DNS i se faʻamaumau DNS server.
puna: opennet.ru