Qualys yakawana nzira yekunzvenga malloc uye kaviri-yemahara dziviriro yekutanga kutamisa kudzora uchishandisa kusazvibata muOpenSSH 9.1, iyo njodzi yekugadzira kushandiswa kwainzi yakaderera. Nekudaro, mukana wekugadzira kushandiswa kwekushanda unoramba uine mubvunzo zvakanyanya.
Kusagadzikana kunokonzerwa nekaviri isina nzvimbo yekuyeuka panguva ye pre-authentication phase. Kuti ugadzire njodzi, ingochinja SSH mutengi banner kuita "SSH-2.0-FuTTYSH_9.1p1" (kana mumwe mukuru SSH mutengi) kuseta "SSH_BUG_CURVE25519PAD" uye "SSH_OLD_DHGEX" mireza. Mushure mekunge mireza iyi yaiswa, "options.kex_algorithms" buffer inosunungurwa kaviri.
Nekushandisa kusazvibata, vaongorori veQualys vakakwanisa kutora kutonga kwe "% rip" processor register, iyo ine chinongedzo kune inotevera rairo ichaitwa. Iyo nzira yekubiridzira yavakagadzira inobvumira kutonga kuendeswa kune chero nzvimbo munzvimbo ye sshd process kero munzvimbo isina kurongeka yeOpenBSD 7.2, inova vhezheni yeOpenSSH 9.1.
Zvinocherechedzwa kuti prototype yakatsanangurwa ingori nhanho yekutanga kurwiswa - kugadzira kushandiswa kwekushanda kunoda kupfuura ASLR, NX, uye ROP nzira dzekudzivirira uye kubuda kunze kwebhokisi rejecha, izvo zvisingaite. Kupfuura ASLR, NX, uye ROP kunoda kuwana ruzivo rwekero, iyo inogona kuwanikwa nekuona imwe njodzi inotungamira mukuburitswa kweruzivo. Bug mune yakasarudzika maitiro evabereki kana kernel inogona kubatsira pakubuda mubhokisi rejecha.
Source: opennet.ru
