Oligo Chengetedzo yakaburitsa ruzivo nezve njodzi inobata Chrome, Firefox neSafari, iyo inokutendera kuti upfuure chirambidzo chekuwana masevhisi etiweki anowanikwa chete pane yemuno system nekuwana iyo IP kero 0.0.0.0. Yambiro dzekutanga pamusoro pekusagadzikana dzakaburitswa makore gumi nemasere apfuura, asi dambudziko harisati ragadziriswa.
Kusasimba kunongozviratidza chete mu Linux Šø macOSIzvi zvinokonzerwa nekuti kero ye IP 0.0.0.0 pamapuratifomu aya inoita kuti chikumbiro chiendeswe kune local network interface (localhost), kureva kuti, kutumira chikumbiro ku 0.0.0.0 kwakafanana nechikumbiro ku 127.0.0.1. Mabrowser emazuva ano ane zvinhu zvinodzivirira kupinda mu 127.0.0.1 pakushanda nemawebsite ekunze, sezvo ichigona kushandiswa kugadzirisa masevhisi emukati pasystem yemushandisi, inongowanikwa chete kumaapplication emunharaunda.
Kusagadzikana kunokubvumira kuti upfuure kurambidzwa kwekupinda 127.0.0.1 uye kuronga kurwisa kwemukati masevhisi kana peji rekunze rinodzorwa neanorwisa rakavhurwa mubrowser. Kana yasvika kuburikidza ne0.0.0.0, iyo CORS (Cross-Origin Resource Sharing) uye PNA (Private Network Access) nzira haigoni kudzivirira kurwisa kwakadaro. Zvinocherechedzwa kuti dambudziko harina kukuvadza sezvarinoratidzika, uye riri kutoshandiswa nevanorwisa mukuita kurwiswa chaiko kunoshandisa kusasimba kwakakosha mumashandisirwo evhavha, kuwana kunovhurika chete kune yemuno system.
Semuenzaniso, kushandiswa kwe0.0.0.0 kuwana masevhisi emunharaunda kwakanyorwa muShadowRay neSelenium Grid kurwiswa kwakaonekwa munaKurume naChikunguru, iyo yakashandiswa kuronga kuurayiwa kwekodhi pane masisitimu evagadziri. Panyaya yekurwiswa kweShadowRay, zvinangwa zvaive masisitimu evagadziri vachishandisa iyo Ray AI chimiro. Kurwiswa kwechipiri kwaive kwakanangana nekushandisa kusazvibata kwakakomba muSelenium Grid papuratifomu mune zvigadziriso zvinongogamuchira zvikumbiro kubva kumugadziri wenzvimbo.
Pamusoro pezvo, mukana wekushandisa nzira iyi kushandisa ShellTorch vulnerability unotaurwa. server PyTorch TorchServe, inoshandiswa pamakombiyuta evagadziri veAI application. Kupinda mu localhost network services kunogonawo kushandiswa kuskena network ports kuti uone kana mushandisi asina kujeka aripo.
Vagadziri veFirefox vakagadzirira shanduko yeiyo Fetch call yekuramba kuwana 0.0.0.0, asi havasati vaziva kuti kuvharika kuchatanga riini mubrowser. Chrome inoronga kutanga kuvharira kupinda 0.0.0.0 muChrome 128, inotarisirwa svondo rinouya. Safari inoronga kuita kuvhara 0.0.0.0 muSafari 18.
Source: opennet.ru
