Dambudziko rinokonzerwa nekukanganisa (CVE-2019-9506) muBluetooth BR/EDR Core 5.1 kududzirwa uye shanduro dzekare, izvo zvinobvumira kushandiswa kwemakiyi mapfupi ekunyorera uye hazvidzivise anorwisa kupindira padanho rekutaurirana kudonha. dzokera kumakiyi asina kuvimbika akadaro (mapaketi anogona kutsiviwa neanorwisa asina kutenderwa ). Kurwiswa kwacho kunogona kuitwa panguva iyo michina iri kutaurirana yekubatanidza (yakatosimbiswa masesheni haigone kurwiswa) uye inongoshanda pakubatanidza muBR/EDR (Bluetooth Basic Rate/Enhanced Data Rate) modhi kana zvese zviri panjodzi. Kana kiyi yasarudzwa zvakabudirira, anorwisa anogona kubvisa data rakafambiswa uye, asingazive kune anenge abatwa, anotsiva anopokana ciphertext mutraffic.
Pakuisa hukama pakati pevaviri maBluetooth controllers A uye B, controller A, mushure mekusimbiswa uchishandisa kiyi yekubatanidza, inogona kufunga kushandisa 16 bytes ye entropy yekiyi yekuvharidzira, uye controller B anogona kubvumirana neichi kukosha kana kutsanangura kukosha kwakaderera, mu kesi kana zvisingaite kugadzira kiyi yehukuru hwakarongwa. Mukupindura, mutongi A anogona kugamuchira chikumbiro chekupindura uye kumisa iyo encrypted yekutaurirana chiteshi. Pane ino nhanho yekutaurirana kweparameter, encryption haishandiswe, saka munhu anorwisa ane mukana wekuchinjisa dhata kuchinjanisa pakati pevatongi uye kutsiva pakiti neyakarongwa entropy saizi. Sezvo saizi yakakosha yekiyi inosiyana kubva pa1 kusvika ku16 bytes, wechipiri controller anobvuma kukosha uku uye kutumira simbiso yayo inoratidza saizi yakafanana.
Kuberekazve kusagadzikana mumamiriro erabhoritari (chiitiko cheanorwisa chakabudiswa pane chimwe chezvishandiso), zvakarongwa.
Kurwiswa chaiko, anorwisa anofanira kunge ari munzvimbo inogashira yemidziyo yevakabatwa uye ave nekwaniso yekuvharisa muchidimbu chiratidzo kubva kune yega yega mudziyo, iyo inofungidzirwa kuti iitwe kuburikidza nechiratidzo chekunyengera kana reactive jamming.
Iyo Bluetooth SIG, sangano rinotarisira kugadzira Bluetooth zviyero,
Source: opennet.ru