Kugadzirisa kuburitswa kwekugovera kweOpenWrt kwakaburitswa ΠΈ , umo inobviswa (CVE-2020-7982) mune maneja wepakeji , iyo inokutendera iwe kuita MITM kurwisa uye kutsiva zviri mukati mepakeji yakatorwa kubva pane repository. Nekuda kwechikanganiso mucheki yekuongorora kodhi, munhu anorwisa anogona kugadzira mamiriro ekuti iyo SHA-256 cheki cheki iripo mudhijitari yakasainwa packet index icharegererwa, izvo zvinoita kuti zvikwanise kunzvenga nzira dzekutarisa kuvimbika kwezviwanikwa zvepk zvakadhawunirwa.
Dambudziko ranga richionekwa kubva muna Kukadzi 2017, mushure kodhi yekufuratira nzvimbo dzinotungamira pamberi pecheki. Nekuda kwekukanganisa pakusvetuka nzvimbo, chinongedzo chenzvimbo mumutsara hachina kuchinjika uye iyo SHA-256 hexadecimal sequence decoding loop yakabva yadzosa kudzora uye yakadzosa cheki yehurefu hwe zero.
Sezvo opkg package maneja muOpenWrt yakatangwa nekodzero dzemidzi, kana pakaitika MITM kurwiswa, munhu anorwisa anogona chinyararire kuchinja ipk package yakatorwa kubva pane repository mushandisi arikuita "opkg install" kuraira, uye kuronga iyo Kuitwa kwekodhi yake ine kodzero dzemidzi nekuwedzera yako wega mugadziri zvinyorwa pasuru, inodanwa panguva yekuisa. Kushandisa kusazvibata, munhu anorwisa anofanirawo kuronga kuti pave nekutsiviwa kweindekisi yepasuru chaiyo uye yakasainwa (semuenzaniso, yakapihwa kubva kudownloads.openwrt.org). Saizi yepasuru yakagadziridzwa inofanirwa kuenderana nehukuru hwepakutanga hunotsanangurwa muindex.
Mumamiriro ezvinhu apo iwe unofanirwa kuita pasina kugadzirisa iyo firmware yese, unogona kugadzirisa chete opkg package maneja nekumhanyisa inotevera mirairo:
cd / tmp
opkg update
opkg download opkg
zcat ./opkg-lists/openwrt_base | grep -A10 "Package: opkg" | grep SHA256sum
sha256sum ./opkg_2020-01-25-c09fe209-1_*.ipk
Tevere, enzanisa inoratidzwa cheki uye kana ichienderana, ita:
opkg install ./opkg_2020-01-25-c09fe209-1_*.ipk
Shanduro itsva dzinobvisawo imwezve muraibhurari , iyo inogona kutungamira kune buffer kufashukira kana yagadziriswa mune basa yakanyatso kurongeka serialized binary kana JSON data. Raibhurari inoshandiswa muzvikamu zvekugovera zvakadai se netifd, procd, ubus, rpcd uye uhttpd, pamwe nepasuru. (Akapinda sysUpgrade CLI). Kufashukira kwebhafa kunoitika kana mahombe enhamba emhando ye "mbiri" achifambiswa mumabhurobhu. Iwe unogona kutarisa kusazvibata kwesystem yako nekusagadzikana nekumhanyisa murairo:
$ubus fonera luci getFeatures\
'{ "banik": 00192200197600198000198100200400.1922 }'
Pamusoro pekubvisa kusakuvara uye kugadzirisa zvikanganiso zvakaunganidzirwa, OpenWrt 19.07.1 kuburitswa yakagadziridzawo shanduro yeLinux kernel (kubva pa4.14.162 kusvika 4.14.167), yakagadzirisa nyaya dzekuita kana uchishandisa 5GHz frequency, uye yakagadziridzwa tsigiro yeUbiquiti Rocket M. Titanium, Netgear WN2500RP v1 zvishandiso,
Zyxel NSA325, Netgear WNR3500 V2, Archer C6 v2, Ubiquiti EdgeRouter-X, Archer C20 v4, Archer C50 v4 Archer MR200, TL-WA801ND v5, HiWiFi HC5962, Xiaomi Mi Router 3 Pro uye 6350R Netgear.
Source: opennet.ru