Ruzivo rwakaburitswa pamusoro pekusagadziriswa (0-zuva) kusagadzikana (CVE-2023-2156) muLinux kernel inobvumira kumisa sisitimu nekutumira akanyatso gadzirwa IPv6 mapaketi (packet-ye-rufu). Dambudziko rinoonekwa chete kana tsigiro yeRPL protocol (Routing Protocol yeLow-Power uye Lossy Networks) yagoneswa, iyo inovharwa nekusarudzika mukugovera uye inoshandiswa zvakanyanya pamidziyo yakamisikidzwa inoshanda mumatambo asina waya nekurasikirwa kukuru kwepaketi.
Kusagadzikana kunokonzerwa nekubata zvisirizvo kwe data rekunze muRPL protocol parsing kodhi, izvo zvinotungamira mukutadza kwekutaura uye kernel ichipinda mukuvhunduka. Pakuisa mu k_buff (Socket Buffer) gadzira iyo data yakawanikwa semhedzisiro yekupatsanura IPv6 RPL packet musoro, kana CmprI ndima yaiswa ku15, iyo Segleft ndima inoiswa ku1, uye CmprE yakaiswa ku0, a 48. -byte kero vector yakavhurwa kusvika 528 bytes uye mamiriro apo pasina ndangariro yakakwana yakagoverwa kune buffer. Muchiitiko ichi, skb_push basa rinoshandiswa kusundidzira data muchigadziriso rinopisa cheki yekusaenzana saizi yedata uye buffer, ichigadzira mamiriro ekutya kudzivirira kupfuudza buffer.
Shandisa muenzaniso: # Tichashandisa Scapy kugadzira packet kubva scapy.all import * import socket # Shandisa IPv6 kubva kuLAN yako DST_ADDR = sys.argv[1] SRC_ADDR = DST_ADDR # Isu tinoshandisa zvigadziko kutumira packet sockfd = socket.socket(socket.AF_INET6, socket.SOCK_RAW, socket.IPPROTO_RAW) # Gadzira packet # Type = 3 ita iri RPL packet # Kero ine 3 kero, asi nekuti CmprI igumi nemashanu, # octet yega yega kero mbiri dzekutanga inobatwa sekero yakamanikidzwa # Segleft = 15 kukonzeresa amplification # lastentry = 1xf0 inoisa CmprI ku0 uye CmprE ku15 p = IPv0(src=SRC_ADDR, dst=DST_ADDR) / IPv6ExtHdrSegmentRouting(type=6:= :", "a3::", "a8::"], segleft=7, lastentry=6xf1) # Tumira packet yakaipa iyi sockfd.sendto(bytes(p), (DST_ADDR, 0))
Zvinokosha kuziva kuti vanogadzira kernel vakaziviswa nezvekusagadzikana kumashure muna Ndira 2022 uye mukati memwedzi gumi nemishanu yapfuura vakaedza kugadzirisa dambudziko iri katatu nekuburitsa zvigamba munaGunyana 15, Gumiguru 2022 naKubvumbi 2022, asi pese pese pakagadziriswa zvakakwana uye kusagadzikana kwakakwanisa kubereka. Pakupedzisira, purojekiti yeZDI, iyo yakaronga basa kuti ibvise kusagadzikana, yakafunga kuburitsa ruzivo rwakadzama nezvekusagadzikana, pasina kumirira kuti chigamba chinoshanda chioneke mukernel.
Nokudaro, kusagadzikana hakusati kwagadziriswa. Kusanganisira chigamba chinosanganisirwa mu6.4-rc2 kernel hachishande. Vashandisi vanorayirwa kuti vaone kuti RPL protocol haisi kushandiswa pamasisitimu avo, izvo zvinogona kuitwa uchishandisa iyo sysctl -a | grep -i rpl_seg_enabled
Source: opennet.ru