Nyanzvi dzinobva kuJSOF dzekutsvagisa marabhu dzakashuma hutsva hutsva hutsva muDNS/DHCP server dnsmasq. Iyo dnsmasq server inonyanya kufarirwa uye inoshandiswa nekusarudzika mukugovera kwakawanda kweLinux, pamwe nemunetiweki michina kubva kuCisco, Ubiquiti nevamwe. Dnspooq kusakwana kunosanganisira DNS cache chepfu pamwe nekuita kodhi kure. Kusagadzikana kwakagadziriswa mudnsmasq 2.83.
Muna 2008, muongorori wezvekuchengetedza ane mukurumbira Dan Kaminsky akawana uye akafumura chikanganiso chakakosha muInternet DNS michina. Kaminsky akaratidza kuti vanorwisa vanogona kukanganisa kero dzedomasi uye kuba data. Izvi zvakabva zvazivikanwa se "Kaminsky Attack".
DNS yave ichionekwa seyakachengetedzeka protocol kwemakumi emakore, kunyangwe ichifanirwa kuvimbisa imwe nhanho yekuvimbika. Ndicho chikonzero nei ichiri kuvimbwa nayo zvakanyanya. Panguva imwecheteyo, maitiro akagadzirwa kuti avandudze kuchengetedzwa kweiyo yekutanga DNS protocol. Matanho aya anosanganisira HTTPS, HSTS, DNSSEC uye mamwe maitirwo. Nekudaro, kunyangwe nemagadzirirwo ese aya aripo, DNS kupambwa kuchiri kurwisa kune njodzi muna 2021. Yakawanda yeInternet ichiri kuvimba neDNS nenzira imwechete yayakaita muna 2008, uye inotapukirwa nemhando dzakafanana dzekurwiswa.
DNSpooq cache chepfu kusagadzikana:
CVE-2020-25686, CVE-2020-25684, CVE-2020-25685. Kusagadzikana uku kwakafanana nekurwiswa kweSAD DNS nguva pfupi yadarika yakashumwa nevaongorori kubva kuYunivhesiti yeCalifornia neTsinghua University. SAD DNS uye DNSpooq kusakwana kunogonawo kusanganiswa kuita kuti kurwiswa kuve nyore. Kumwe kurwiswa nemhedzisiro isina kujeka kwakataurwawo nekuedza kwakabatana kwemayunivhesiti (Poison Over Troubled Forwarders, nezvimwewo).
Kusagadzikana kunoshanda nekudzikisa entropy. Nekuda kwekushandiswa kwehashi isina kusimba kuona zvikumbiro zveDNS uye kusaenzana kwechikumbiro kune mhinduro, entropy inogona kuderedzwa zvakanyanya uye chete ~ 19 bits inoda kufembera, zvichiita kuti cache poison igoneke. Nzira iyo dnsmasq inogadzirisa CNAME marekodhi inobvumira kuti iparadze cheni yeCNAME marekodhi uye zvinobudirira chepfu inosvika 9 DNS marekodhi panguva.
Buffer kufashukira kusasimba: CVE-2020-25687, CVE-2020-25683, CVE-2020-25682, CVE-2020-25681. Ese 4 akacherechedzwa kusakwana aripo mukodhi neDNSSEC kuita uye anoonekwa chete kana uchitarisa kuburikidza neDNSSEC inogoneswa muzvirongwa.
Source: linux.org.ru