kugadzirisa kusunungurwa nekubviswa kwekutsoropodza (), iyo mune yekumisikidzwa yekumisikidza inogona kutungamira kune kure kodhi kuuraya neanorwisa ane midzi ropafadzo. Dambudziko rinongoonekwa chete kana TLS inotsigira uye ichishandiswa nekupfuudza yakanyatsogadzirwa setifiketi yemutengi kana kukosha kwakagadziridzwa kuSNI. Kusagadzikana by Qualys.
dambudziko mumubati wekutiza mavara akakosha mutambo ( from string.c) uye inokonzerwa ne'\' character iri kumagumo kwetambo iri kududzirwa pamberi pemavara asina maturo ('\0') uye opukunyuka. Paunenge uchipukunyuka, kutevedzana '\' uye inotevera null end-of-line code inobatwa sechinhu chimwe chete uye pointer inotamirwa kune data kunze kwemutsara, iyo inobatwa sekuenderera mberi kwemutsara.
Kodhi yekudaidza string_interpret_escape() inogovera buffer yekudonhedza zvichienderana nehukuru chaihwo, uye chinongedzo chakafumurwa chinoguma chave munzvimbo iri kunze kwemuganhu webuffer. Saizvozvo, kana uchiedza kugadzirisa tambo yekupinda, mamiriro anomuka paunenge uchiverenga data kubva kune imwe nzvimbo iri kunze kwemiganhu yebhafa yakagoverwa, uye kuyedza kunyora tambo isina kupukunyuka inogona kutungamira pakunyora kupfuura miganhu yebhafa.
Muchigadziro chekugadzirisa, kusagadzikana kunogona kushandiswa nekutumira data rakagadzirirwa kuSNI paunenge uchitanga kubatana kwakachengeteka kune server. Iyo nyaya inogona zvakare kushandiswa nekugadzirisa peerdn hunhu mune zvigadziriso zvakagadzirirwa kusimbiswa kwechitupa chemutengi kana pakuunza zvitupa. Kurwisa kuburikidza neSNI uye peerdn kunokwanisika kutanga kubva pakusunungurwa , umo iyo string_unprinting() basa rakashandiswa kuburitsa peerdn uye SNI zviri mukati.
An exploit prototype yakagadzirirwa kurwiswa kuburikidza neSNI, ichimhanya paI386 uye amd64 zvivakwa paLinux masisitimu ane Glibc. Iko kushandiswa kunoshandisa data pamusoro penzvimbo yemurwi, zvichikonzera kudzoreredza ndangariro umo zita refaira regi rinochengetwa. Zita refaira rinotsiviwa ne "/../../../../../../../../etc/passwd". Zvadaro, shanduko ine kero yemutumiri inonyorwa, iyo inotanga kuchengetwa murogi, iyo inokubvumira kuwedzera mushandisi mutsva kuhurongwa.
Package inogadziridza ine njodzi inogadziriswa inoburitswa nekugoverwa , , , ΠΈ . RHEL uye CentOS dambudziko , sezvo Exim isingabatanidzwe mune yavo yenguva dzose package repository (in update , asi ikozvino kunzvimbo yeruzhinji). MuExim kodhi dambudziko rinogadziriswa ne-one-liner , iyo inodzivisa kutiza maitiro ekudzokera shure kana iri pamagumo emutsara.
Sechishandiso chekuvhara kusazvibata, unogona kudzima TLS rutsigiro kana kuwedzera
ACL chikamu "acl_smtp_mail":
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
Source: opennet.ru