O faʻamatalaga ua faʻaalia e uiga i le vaivai CVE-2023-6200) i le upega o fesoʻotaʻiga o le fatu Linux, lea, i lalo o nisi tulaga, e mafai ai e se tagata osofaʻi mai se fesoʻotaʻiga faʻapitonuʻu ona ausia le faʻatinoina o lana code e ala i le auina atu o se afifi ICMPv6 faʻapitoa faʻatasi ma ose RA (Router Advertisement) feʻau faʻamoemoe e faʻasalalau faʻamatalaga e uiga i le router.
O le faʻafitauli e mafai ona faʻaaogaina mai le fesoʻotaʻiga faʻapitonuʻu ma faʻaalia i luga o faiga faʻatasi ai ma le IPv6 lagolago faʻamalosia ma le sysctl parameter "net.ipv6.conf.<network_interface_name>.accept_ra" faʻagaoioia (e mafai ona siaki i le poloaiga "sysctl net.ipv6.conf | grep accept_ra") , lea e le atoatoa i le RHEL ma le Ubuntu mo fesoʻotaʻiga fesoʻotaiga i fafo, ae mafai mo le faʻaogaina o le loopback, lea e mafai ai se osofaʻiga mai le faiga lava e tasi.
O le fa'aletonu e mafua mai i se tu'uga ta'aloga pe a fa'agaoioi e le ao lapisi fa'amaumauga fib6_info ua tuai, lea e mafai ona o'o atu ai i se nofoaga e manatua ai (fa'aoga-pe'a-leai). A maua se pepa ICMPv6 o loʻo i ai se feʻau faʻasalalauga faʻasalalau (RA, Router Advertisement), e taʻua e le upega o fesoʻotaʻiga le ndisc_router_discovery() galuega, lea, afai o le RA feʻau o loʻo i ai faʻamatalaga e uiga i le auala i le olaga atoa, valaʻau le fib6_set_expires() galuega ma faʻatumu le gc_link fausaga. Ina ia fa'amama fa'amaumauga ua le toe aoga, fa'aaoga le fib6_clean_expires() galuega, lea e fa'ate'aina ai le fa'ailoga i le gc_link ma fa'amama le manatua na fa'aogaina e le fausaga fib6_info. I lenei tulaga, o loʻo i ai se taimi faʻapitoa pe a maeʻa ona faʻasaʻoloto le manatua mo le fausaga fib6_info, ae o le fesoʻotaʻiga i ai o loʻo faʻaauau pea i le gc_link structure.
O le faʻafitauli na faʻaalia e amata mai le lala 6.6 ma faʻamautu i lomiga 6.6.9 ma le 6.7. O le tulaga o le faʻamautuina o le faʻafitauli i tufatufaga e mafai ona iloiloina i luga o itulau nei: Debian, Ubuntu, SUSE, RHEL, Fedora, Arch Linux, Gentoo, Slackware. Faatasi ai ma tufatufaga o loʻo faʻauluina afifi ma le 6.6 kernel, e mafai ona tatou matauina Arch Linux, Gentoo, Fedora, Slackware, OpenMandriva ma Manjaro; i isi tufatufaga, e ono mafai ona toe faʻafoʻisia le suiga ma se mea sese i totonu o afifi ma lala matua matutua (mo faʻataʻitaʻiga, i Debian o loʻo taʻua ai o le afifi ma le kernel 6.5.13 e vaivai, ae o le suiga faʻafitauli na faʻaalia i le 6.6 lala). I le avea ai o se fofo saogalemu, e mafai ona e tape le IPv6 pe seti le "net.ipv0.conf.*.accept_ra" i le 6.
puna: opennet.ru