O tagata suʻesuʻe mai Claroty ma JFrog na faʻasalalau iʻuga o se suʻega saogalemu o le pusa BusyBox, faʻaaogaina lautele i masini faʻapipiʻi ma ofoina atu se seti o faʻaoga masani UNIX ua afifiina i totonu o se faila e tasi. I le taimi o le faʻataʻitaʻiga, 14 faʻafitauli na faʻaalia, lea ua uma ona faʻamautuina i le faʻasalalauga Aukuso o BusyBox 1.34. Toeitiiti lava o faʻafitauli uma e le afaina ma fesiligia mai le tulaga o le faʻaaogaina i osofaʻiga moni, talu ai latou te manaʻomia le faʻaogaina o mea faʻaoga ma finauga na maua mai fafo.
O se faʻafitauli eseʻese o le CVE-2021-42374, lea e mafai ai ona e faʻatupuina se faʻafitia o le tautua pe a faʻapipiʻiina se faila faʻapipiʻiina faʻapitoa faʻatasi ma le aoga unlzma, ma i le tulaga o le faʻapotopotoga faʻatasi ma filifiliga CONFIG_FEATURE_SEAMLESS_LZMA, faʻapea foʻi ma isi vaega BusyBox, e aofia ai. ta, tatala sipa, rpm, dpkg, lzma ma le tagata.
Vulnerabilities CVE-2021-42373, CVE-2021-42375, CVE-2021-42376 ma CVE-2021-42377 e mafai ona mafua ai le faʻafitia o le tautua, ae manaʻomia le faʻaogaina o le tagata, lefulefu ma le faʻaogaina o mea faʻaoga faʻatasi ai ma tapulaʻa faʻamaonia e le osofaʻiga. Vulnerabilities CVE-2021-42378 i le CVE-2021-42386 aʻafia ai le aoga awk ma e mafai ona taʻitaʻia ai le faʻatinoina o tulafono, ae mo lenei mea e manaʻomia e le tagata osofaʻi ia faʻamautinoa o loʻo faʻatinoina se mamanu i le awk (e manaʻomia le tamoe awk ma faʻamatalaga maua. mai le osofaʻi).
E le gata i lea, e mafai foi ona e maitauina se faʻafitauli (CVE-2021-43523) i totonu o le uclibc ma le uclibc-ng faletusi, ona o le mea moni pe a faʻaogaina le galuega gethostbyname(), getaddrinfo(), gethostbyaddr() ma getnameinfo(), le e le o siakiina le igoa ole igoa ma toe fa'amama le igoa ole DNS server. Mo se faʻataʻitaʻiga, i le tali atu i se talosaga faʻatonuga, o se DNS server e pulea e se tagata osofaʻi e mafai ona toe faʻafoʻi au e pei o le " alert(‘xss’) .attacker.com" ma o le a toe faʻafoisia i latou i se polokalame e aunoa ma le faʻamamaina, e mafai ona faʻaalia i latou i luga o le upega tafaʻilagi. O le faʻafitauli na faʻamautuina i le tatalaina o le uclibc-ng 1.0.39 e ala i le faʻaopoopoina o le code e siaki ai le saʻo o le toe foʻi mai o igoa ole igoa, faʻatinoina tutusa ma Glibc.
puna: opennet.ru