Qualys yakawana nzira yekunzvenga malloc uye chengetedzo-yemahara mbiri yekutanga kuendesa kutonga kune kodhi, vachishandisa kusazvibata muOpenSSH 9.1 iyo yakatemwa kuve nenjodzi yakaderera yekugadzira kushandiswa kwekushanda. Panguva imwecheteyo, mukana wekugadzira kushandiswa kwekushanda kunoramba kuri mubvunzo mukuru.
Kusagadzikana kunokonzerwa ne pre-authentication yakasununguka kaviri. Kuti ugadzire mamiriro ekusagadzikana kuratidzwa, zvakakwana kushandura SSH mutengi banner kuti "SSH-2.0-FuTTYSH_9.1p1" (kana imwe yekare SSH client) kuitira kuseta "SSH_BUG_CURVE25519PAD" uye "SSH_OLD_DHGEX" mireza. Mushure mekuseta mireza iyi, ndangariro ye "options.kex_algorithms" buffer inosunungurwa kaviri.
Vatsvagiri kubva kuQualys, vachiri kushandura kusazvibata, vakakwanisa kuwana kutonga kwe "% rip" processor register, iyo ine chinongedzo kune rinotevera rairo kuti riitwe. Iyo yakagadziridzwa nzira yekubiridzira inokutendera iwe kuendesa kutonga kune chero nzvimbo munzvimbo yekero ye sshd maitiro mune isina kuvandudzwa OpenBSD 7.2 nharaunda, inopihwa nekusarudzika neOpenSSH 9.1.
Zvinocherechedzwa kuti prototype yakarongwa ndeyekuitwa kwekutanga chete nhanho yekurwiswa - kugadzira kushandiswa kwekushanda, zvinofanirwa kunzvenga nzira dzekudzivirira dzeASLR, NX neROP, uye kupukunyuka kuparadzaniswa kwebhokisi rejecha, izvo zvisingaite. Kugadzirisa dambudziko rekupfuura ASLR, NX neROP, zvinodikanwa kuwana ruzivo nezve kero, iyo inogona kuwanikwa nekuona imwe njodzi inotungamira mukuburitswa kweruzivo. Bug mune yakasarudzika mubereki maitiro kana kernel inogona kubatsira kubuda mubhokisi rejecha.
Source: opennet.ru