Mune inomiririra TCP/IP stack
Zvinocherechedzwa zvibodzwa zvekurwisa uchishandisa Treck's TCP/IP stack inosanganisira HP network maprinta uye Intel chips. Pakati pezvimwe zvinhu, matambudziko ari muTreck TCP/IP stack yakazova chikonzero chezvino
Zvinetso zvakawanikwa mukushandiswa kweIPv4, IPv6, UDP, DNS, DHCP, TCP, ICMPv4 uye ARP protocol, uye zvakakonzerwa nekusagadziriswa kweiyo data size parameters (uchishandisa saizi ndima pasina kutarisa chaiyo data size), kukanganisa mukati. kutarisa ruzivo rwekupinza, kusunungura kaviri ndangariro, kunze-kwe-buffer kuverenga, nhamba inofashukira, isiriyo yekutonga kwekupinda, uye matambudziko kubata null-delimited tambo.
Iwo matambudziko maviri ane njodzi zvakanyanya (CVE-2020-11896, CVE-2020-11897), ayo akapihwa CVSS level 10, anobvumira kodhi kuti iitwe pachishandiso nekutumira zvakanyatso fomatirwa IPv4/UDP kana IPv6 mapaketi. Dambudziko rekutanga rakakosha rinoonekwa pamidziyo ine rutsigiro rweIPv4 tunnel, uye yechipiri mushanduro dzakaburitswa pamberi pa04.06.2009/6/9 nerutsigiro rweIPv2020. Imwezve njodzi yakaoma (CVSS 11901) iripo muDNS solver (CVE-XNUMX-XNUMX) uye inobvumira kodhi kuuraya nekutumira yakanyatsogadzirwa DNS chikumbiro (dambudziko rakashandiswa kuratidza kubirwa kweSchneider Electric APC UPS uye inoonekwa pamidziyo ine. DNS rutsigiro).
Kumwe kusavimbika CVE-2020-11898, CVE-2020-11899, CVE-2020-11902, CVE-2020-11903, CVE-2020-11905 bvumira zviri mukati IPv4/ICMPv4, IPvCP to DH 6-4, CVE-6-6 kutumira zvakanyatsogadzirwa mapaketi system memory nzvimbo. Mamwe matambudziko anogona kukonzera kurambwa kwesevhisi kana kuvuza kwe data rasara kubva kune system buffers.
Zvizhinji zvekusasimba zvakagadziriswa muTreck 6.0.1.67 (CVE-2020-11897 yakagadziriswa mu 5.0.1.35, CVE-2020-11900 mu 6.0.1.41, CVE-2020-11903 mu 6.0.1.28. 2020. 11908). Sezvo kugadzirira firmware zvigadziriso zvezvishandiso chaiwo zvinogona kunonoka kana kusagoneka (iyo Treck stack yave iripo kweanopfuura makore makumi maviri, michina mizhinji inoramba isina kuchengetedzwa kana yakaoma kugadzirisa), vatariri vanorayirwa kuti vaparadzanise zvishandiso zvinonetsa uye kugadzirisa mapaketi ekuongorora masisitimu, firewall. kana ma routers kuti agadzirise kana kuvhara mapaketi akatsemuka, vhara IP tunnels (IPv4.7.1.27-in-IPv20 uye IP-in-IP), block "source routing", inogonesa kuongororwa kwesarudzo dzisiridzo mumapakiti eTCP, vhara isina kushandiswa ICMP mameseji (MTU Update uye Kero Mask), dzima IPv6 multicast uye tungamira DNS mibvunzo kune yakachengeteka inodzokorodza DNS server.
Source: opennet.ru