Ruzivo rwakaburitswa pamusoro pekusagadzikana kweCVE-2023-6200) munetiweki stack yeLinux kernel, iyo, mune mamwe mamiriro ezvinhu, inobvumira anorwisa kubva kune yemunharaunda network kuti azadzise kuita kwekodhi yake nekutumira yakanyatsogadzirirwa ICMPv6 pakiti ine. meseji yeRA (Router Advertisement) yakanangana kushambadza ruzivo nezve router.
Kusagadzikana kunongo shandiswa kubva kunetiweki yemunharaunda uye kunoonekwa pamasisitimu ane IPv6 rutsigiro yakagoneswa uye sysctl parameter “net.ipv6.conf.<network_interface_name>.accept_ra” inoshanda (inogona kutariswa nemurairo “sysctl net.ipv6.conf | grep accept_ra”) , iyo yakavharwa nekusarudzika muRHEL neUbuntu kune ekunze network network, asi yakagoneswa iyo loopback interface, inobvumira kurwiswa kubva kune imwecheteyo system.
Kusagadzikana kunokonzerwa nemamiriro emujaho apo muunganidzi wemarara anogadzirisa stale fib6_info marekodhi, izvo zvinogona kutungamira kusvika kune yakatosunungurwa ndangariro nzvimbo (kushandisa-mushure-yemahara). Paunenge uchigamuchira ICMPv6 packet ine router advertisement meseji (RA, Router Advertisement), network stack inodaidza ndisc_router_discovery() basa, iro, kana meseji yeRA iine ruzivo nezve nzira yehupenyu hwese, inodaidza iyo fib6_set_expires () basa uye inozadza iyo gc_link. chimiro. Kuti uchenese zvinyorwa zvakasakara, shandisa iyo fib6_clean_expires() basa, inovhara yekupinda mu gc_link uye inobvisa ndangariro inoshandiswa nefib6_info chimiro. Muchiitiko ichi, pane imwe nguva apo chiyeuchidzo che fib6_info chimiro chave chasunungurwa, asi chinongedzo kune icho chinoramba chiri mune gc_link chimiro.
Kusagadzikana kwakaonekwa kutangira pabazi 6.6 uye kwakagadziriswa mushanduro 6.6.9 uye 6.7. Mamiriro ekugadzirisa kusagadzikana mukugovera anogona kuongororwa pamapeji aya: Debian, Ubuntu, SUSE, RHEL, Fedora, Arch Linux, Gentoo, Slackware. Pakati pekugoverwa kunotakura mapakeji ne6.6 kernel, tinogona kucherechedza Arch Linux, Gentoo, Fedora, Slackware, OpenMandriva uye Manjaro; mune kumwe kugoverwa, zvinogoneka kuti shanduko ine chikanganiso inodzoserwa mumapakeji ane matavi ekare kernel (ye. semuenzaniso, muDebian panotaurwa kuti pasuru ine kernel 6.5.13 iri panjodzi, nepo shanduko ine dambudziko yakaonekwa mubazi re6.6). Senzira yekuchengetedza, unokwanisa kudzima IPv6 kana kuseta “net.ipv0.conf.*.accept_ra” maparamita ku6.
Source: opennet.ru