Kusagadzikana kwakadzama (CVE-2021-43267) kwakaonekwa mukuitwa kweTIPC (Transparent Inter-process Communication) network protocol inopihwa muLinux kernel, iyo inokutendera kuti uite kodhi yako kure nerubatsiro rwekernel nekutumira yakanyatsogadzirirwa. network packet. Ngozi yedambudziko inodzikiswa nenyaya yekuti kurwiswa kunoda kugoneswa kwakajeka kweTIPC rutsigiro muhurongwa (kurodha nekugadzirisa iyo tipc.ko kernel module), iyo isingaitwe nekusarudzika mune isiri-yakasarudzika Linux kugovera.
Iyo TIPC protocol yakatsigirwa kubva kuLinux kernel 3.19, asi iyo kodhi inotungamira mukusagadzikana yakaverengerwa mukernel 5.10. Kusagadzikana kwakagadziriswa mu kernels 5.15.0, 5.10.77 uye 5.14.16. Dambudziko rinoonekwa uye harisati ragadziriswa muDebian 11, Ubuntu 21.04 / 21.10, SUSE (mune iyo isati yaburitswa SLE15-SP4 bazi), RHEL (haisati yanyatsotsanangurwa kana kugadzirisa kwenjodzi kwadzoserwa) uye Fedora. Iyo kernel yekuvandudza yakatoburitswa yeArch Linux. Kugovera ne kernel yakakura kupfuura 5.10, yakadai seDebian 10 uye Ubuntu 20.04, haina kukanganiswa nedambudziko.
Iyo TIPC protocol yakatanga kugadzirwa na Ericsson, yakagadzirirwa kuronga inter-process kutaurirana musumbu uye inobatidzwa zvakanyanya pane cluster node. TIPC inogona kushanda pamusoro peEthernet kana UDP (network port 6118). Paunenge uchishanda pamusoro peEthernet, kurwiswa kunogona kuitwa kubva kunetiweki yemunharaunda, uye kana uchishandisa UDP, kubva kune network network kana chiteshi chisina kuvharwa nefirewall. Kurwiswa kwacho kunogona zvakare kuitwa nemushandisi wemuno asina rusarura wemuenzi. Kuti uvhure TIPC, unofanirwa kudhawunirodha tipc.ko kernel module uye gadzirisa inosunga kune network interface uchishandisa netlink kana tipc utility.
Kusagadzikana kunozviratidza mune yetipc_crypto_key_rc basa uye kunokonzerwa nekushaikwa kwechokwadi chechokwadi chekuenderana pakati peiyo data inotsanangurwa mumusoro uye saizi chaiyo yedata pakuparadzanisa mapaketi nemhando yeMSG_CRYPTO, inoshandiswa kuwana makiyi ekunyorera kubva kune dzimwe node. mu cluster nechinangwa chekutevera decryption yemameseji anotumirwa kubva kumanodhi aya. Saizi yedata yakakopwa mundangariro inoverengerwa semusiyano pakati pezvakakosha zveminda ine saizi yemeseji uye saizi yemusoro, asi pasina kurangarira saizi chaiyo yezita reiyo encryption algorithm uye zviri mukati. key inotumirwa mumeseji. Zvinofungidzirwa kuti saizi yezita regorgorithm yakagadziriswa, uye hunhu hwakasiyana nehukuru hunowedzerwa kune kiyi, uye munhu anorwisa anogona kutsanangura kukosha mune iyi hunhu hunosiyana kubva kune chaiyo, izvo zvinozotungamira pakunyora muswe wemeseji kupfuura iyo buffer yakagoverwa. struct tipc_aead_key {char alg_name[TIPC_AEAD_ALG_NAME]; unsigned int keylen; /* mumabhaiti */ char kiyi[]; };
Source: opennet.ru