dambudziko
Kodhi yekudaidza string_interpret_escape() inogovera buffer yekudonhedza zvichienderana nehukuru chaihwo, uye chinongedzo chakafumurwa chinoguma chave munzvimbo iri kunze kwemuganhu webuffer. Saizvozvo, kana uchiedza kugadzirisa tambo yekupinda, mamiriro anomuka paunenge uchiverenga data kubva kune imwe nzvimbo iri kunze kwemiganhu yebhafa yakagoverwa, uye kuyedza kunyora tambo isina kupukunyuka inogona kutungamira pakunyora kupfuura miganhu yebhafa.
Muchigadziro chekugadzirisa, kusagadzikana kunogona kushandiswa nekutumira data rakagadzirirwa kuSNI paunenge uchitanga kubatana kwakachengeteka kune server. Iyo nyaya inogona zvakare kushandiswa nekugadzirisa peerdn hunhu mune zvigadziriso zvakagadzirirwa kusimbiswa kwechitupa chemutengi kana pakuunza zvitupa. Kurwisa kuburikidza neSNI uye peerdn kunokwanisika kutanga kubva pakusunungurwa
An exploit prototype yakagadzirirwa kurwiswa kuburikidza neSNI, ichimhanya paI386 uye amd64 zvivakwa paLinux masisitimu ane Glibc. Iko kushandiswa kunoshandisa data pamusoro penzvimbo yemurwi, zvichikonzera kudzoreredza ndangariro umo zita refaira regi rinochengetwa. Zita refaira rinotsiviwa ne "/../../../../../../../../etc/passwd". Zvadaro, shanduko ine kero yemutumiri inonyorwa, iyo inotanga kuchengetwa murogi, iyo inokubvumira kuwedzera mushandisi mutsva kuhurongwa.
Package inogadziridza ine njodzi inogadziriswa inoburitswa nekugoverwa
Sechishandiso chekuvhara kusazvibata, unogona kudzima TLS rutsigiro kana kuwedzera
ACL chikamu "acl_smtp_mail":
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
Source: opennet.ru