Pamusoro peFreeBSD kusagadzikana mu USB stack (CVE-2020-7456) iyo inobvumira kodhi kuuraya pa kernel level kana munzvimbo yemushandisi kana yakashata USB mudziyo yakabatana kune system. USB HID (Human Interface Device) zvinotsanangudza mudziyo zvinogona kuisa uye kudzoreredza mamiriro azvino, zvichibvumira tsananguro yechinhu kuti iunganidzwe mumapoka-matanho akawanda. FreeBSD inotsigira anosvika mana akadai ekubvisa mazinga. Kana iyo nhanho isina kudzoserwa paunenge uchigadzira iyo imwechete HID chinhu, isina ndangariro nzvimbo inowanikwa. Dambudziko rakagadziriswa muFreeBSD 4-RELEASE-p11.3 uye 10-RELEASE-p12.1 zvigadziriso. Sekuchengetedzwa kwekuchengetedza, zvinokurudzirwa kuisa parameter "sysctl hw.usb.disable_enumeration=6".
Kusagadzikana uku kwakaonekwa naAndy Nguyen wekuGoogle uye haapindirane nerimwe dambudziko raive nguva pfupi yadarika. vaongorori kubva kuPurdue University uye École Polytechnique Fédérale de Lausanne. Vatsvagiri ava vakagadzira USBFuzz toolkit, iyo inoteedzera isiriyo inoshanda USB mudziyo we fuzzing kuyedza ye USB madhiraivha. USBFuzz yakarongwa munguva pfupi . Uchishandisa chishandiso chitsva, 26 kusasimba kwakaonekwa, uko gumi nemasere muLinux, 18 muWindows, 4 muMacOS uye imwe muFreeBSD. Tsanangudzo nezve matambudziko aya haisati yaburitswa; zvinongotaurwa kuti CVE identifiers yakawanikwa kune gumi, uye gumi nerimwe matambudziko ari kuitika muLinux akatogadziriswa. Iyo yakafanana fuzzing yekuyedza tekinoroji Andrey Konovalov kubva kuGoogle, uyo mumakore mashoma apfuura muLinux USB stack.
Source: opennet.ru