Boka revaongorori vanobva kuGraz University of Technology (Austria), vaimbozivikanwa nekugadzira MDS, NetSpectre, Throwhammer, uye ZombieLoad attacks, vakaburitsa nzira itsva yekurwisa divi (CVE-2021-3714) vachipesana neMemory-Deduplication engine. Kurwisa uku kunobvumira munhu kuona kuvapo kwedata rakati mumemory, kuronga byte-by-byte memory leak, kana kuona memory layout yekupfuura address-based randomization (ASLR). Nzira itsva iyi yakasiyana nekurwisa kwakamboratidzwa paengine deduplication nekuti kurwisa kunoitwa kubva kune imwe host yekunze uchishandisa shanduko dzenguva dzekupindura kune zvikumbiro zvinotumirwa neanorwisa pamusoro peHTTP/1 neHTTP/2 protocols senzira yekuongorora. Kugona kwekurwisa kwakaratidzwa kune maseva zvichibva pane Linux и Windows.
Kurwiswa kwememory deduplication mechanism inoshandisa mutsauko munguva yekugadzirisa yekunyora mashandiro senzira yekuburitsa ruzivo mumamiriro ezvinhu apo shanduko yedata inotungamira mukuumbwa kweiyo deduplicated memory peji uchishandisa iyo Copy-On-Write (COW) mashandiro. . Panguva yekushanda, kernel inoona mapeji akafanana ekurangarira kubva kune akasiyana maitiro uye oabatanidza, achigadzira mapeji akafanana endangariro munzvimbo imwechete yekuyeuka kwemuviri kuchengeta kopi imwe chete. Kana imwe yemaitiro ichiedza kushandura data yakabatana nemapeji akadhindwa, kusarudzika (peji kukanganisa) kunoitika uye, uchishandisa iyo Copy-On-Write michina, kopi yakaparadzana yepeji yekurangarira inogadzirwa otomatiki, iyo inopihwa maitiro. Nguva yekuwedzera inopedzwa kupedzisa kopi, inogona kunge iri chiratidzo chekuchinja kwedata kuchikanganisa imwe nzira.
Vatsvakurudzi vakaratidza kuti kunonoka kunokonzerwa neCOW nzira inogona kutorwa kwete chete munharaunda, asiwo nekuongorora kuchinja kwekupindura nguva dzekupindura pane network. Nzira dzinoverengeka dzakarongwa dzekutarisa zviri mukati mendangariro kubva kune ari kure anogamuchira nekuongorora iyo nguva yekuitwa yekukumbira pamusoro peHTTP/1 uye HTTP/2 protocol. Kuti uchengetedze matemplate akasarudzwa, akajairika mawebhusaiti anoshandiswa anochengeta ruzivo rwakagamuchirwa muzvikumbiro mundangariro.
Pfungwa huru yekurwiswa inobva pakuzadza server Mapeji endangariro ane data rinogona kutevedzera zviri mukati mepeji rendangariro riripo paseva. Murwisi anomirira kuti kernel iite dhiplication uye isanganise peji rendangariro, mushure mezvo vanozogadzirisa data rakadzokororwa rinodzorwa uye voongorora nguva yekupindura kuti vaone kubudirira kwekurwisa.
Munguva yekuedza, ruzivo rwakanyanya rwekudonha ruzivo rwakanga rwuri 34.41 bytes paawa paunenge uchirwisa kuburikidza netiweki yepasi rose uye 302.16 bytes paawa paunenge uchirwisa kuburikidza netiweki yemunharaunda, iyo inokurumidza kupfuura dzimwe nzira dzekutora data kuburikidza nemigwagwa yechitatu (somuenzaniso, mukurwiswa kweNetSpecter, mwero wekuchinjisa data ndeye 7.5 bytes pane imwe o'clock).
Mhando nhatu dzekurwisa dzakataurwa. Mhando yekutanga inobvumira kuziva data riri mundangariro. maseva ewebhu, iyo inoshandisa Memcached. Kurwiswa uku kunosanganisira kurodha data rakati wandei muMemcached storage, kubvisa block yakabviswa, kunyora patsva chinhu chimwe chete, uye kugadzira mamiriro eCOW copy nekugadzirisa zviri mukati me block. Munguva yekuedza neMemcached, zvaikwanisika kuona libc version yakaiswa pa system iri kushanda mu virtual machine mumasekonzi 166.51.
Yechipiri sarudzo yakaita kuti zvikwanise kuwana zviri mukati meMariaDB DBMS, kana uchishandisa InnoDB kuchengetedza, nekudzokorora zvirimo byte byte. Kurwiswa kwacho kunoitwa nekutumira zvikumbiro zvakagadziridzwa, zvichikonzera kusawirirana-byte mumapeji endangariro uye kuongorora nguva yekupindura kuti vaone kuti fungidziro yezviri mukati mebhaiti yaive yechokwadi. Muyero wekudonha kwakadaro wakaderera uye unosvika 1.5 bytes paawa paunenge uchirwisa kubva kune network yenzvimbo. Kubatsira kweiyo nzira ndeyekuti inogona kushandiswa kudzoreredza zvisingazivikanwe ndangariro zvirimo.
Sarudzo yechitatu yakaita kuti zvikwanise kupfuura zvachose nzira yekudzivirira yeKASLR mumaminetsi mana uye kuwana ruzivo nezve memory offset yemuchina wechina kernel mufananidzo, mumamiriro ezvinhu apo kero yekubvisa iri mune yekurangarira peji umo imwe data isingachinji. Kurwiswa kwacho kwakaitwa kubva kune muenzi anowanikwa 4 hops kubva kune yakarwiswa system. Mienzaniso yekodhi yekushandisa kurwiswa kwakaratidzwa inovimbiswa kuburitswa paGitHub.
Source: opennet.ru
