ProHoster > Blog > internet nhau > Kusagadzikana muLinux kernel ksmbd module inobvumira kure kure kodhi kuuraya

Kusagadzikana muLinux kernel ksmbd module inobvumira kure kure kodhi kuuraya

Mune ksmbd module, iyo inopa kuisirwa kwefaira sevha yakavakirwa paSMB protocol yakavakirwa muLinux kernel, 14 kusasimba kwakaonekwa, ina iyo inobvumira imwe kure kure kodhi yemunhu ane kodzero dzekernel. Kurwiswa kwacho kunogona kuitwa pasina humbowo; zvakakwana kuti ksmbd module inoshandiswa pane system. Matambudziko anoonekwa kutanga kubva ku kernel 5.15, iyo yaisanganisira iyo ksmbd module. Kusagadzikana kwakagadziriswa mu kernel updates 6.3.2, 6.2.15, 6.1.28 uye 5.15.112. Iwe unogona kutevedzera zvigadziriso mukugoverwa pamapeji anotevera: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Gentoo, Arch.

Nyaya dzakaonekwa:

  • CVE-2023-32254, CVE-2023-32250, CVE-2023-32257, CVE-2023-32258 - kuremerwa kodhi kodhi ine kernel kodzero nekuda kwekushaikwa kwekukiya kwechinhu chaiko paunenge uchigadzirisa zvikumbiro zvekunze zvine SMB2_TREE_DISCONNECTION_MB2SMB_SETSCONNESS2MB, SMB2_DISCONNESSXNUMXMB uye SUPLOGXNUMXMB SMBXNUMX_CLOSE, izvo zvinoita kuti pave nemujaho unokwanisa kushandiswa. Kurwiswa kunogona kuitwa pasina chokwadi.
  • CVE-2023-32256 - Kuburitsa zviri mukati mekernel memory matunhu nekuda kwechimiro chemujaho panguva yekugadziriswa kweSMB2_QUERY_INFO uye SMB2_LOGOFF mirairo. Kurwiswa kunogona kuitwa pasina chokwadi.
  • CVE-2023-32252, CVE-2023-32248 - Kure kurambwa kwesevhisi nekuda kweNULL pointer dereference paunenge uchigadzira iyo SMB2_LOGOFF, SMB2_TREE_CONNECT uye SMB2_QUERY_INFO mirairo. Kurwiswa kunogona kuitwa pasina chokwadi.
  • CVE-2023-32249 -Kugona kwekubira chikamu nemushandisi nekuda kwekushaikwa kwekuzviparadzanisa nevamwe kana uchibata ID yechikamu mune akawanda-channel mode.
  • CVE-2023-32247, CVE-2023-32255 - Kurambwa kwesevhisi nekuda kwekudonha kwendangariro paunenge uchigadzira iyo SMB2_SESSION_SETUP murairo. Kurwiswa kunogona kuitwa pasina chokwadi.
  • CVE-2023-2593 kurambwa kwesevhisi nekuda kwekuneta kwendangariro iripo, kunokonzerwa nekutadza ndangariro pakugadzirisa hutsva hweTCP kubatana. Kurwiswa kunogona kuitwa pasina chokwadi.
  • CVE-2023-32253 Kurambwa kwesevhisi nekuda kwekumira kunoitika kana uchigadzira SMB2_SESSION_SETUP murairo. Kurwiswa kunogona kuitwa pasina chokwadi.
  • CVE-2023-32251 - kushaikwa kwedziviriro kubva pakurwisa kwechisimba.
  • CVE-2023-32246 Mushandisi wemuno system ane kodzero yekuburitsa ksmbd module anogona kuita kodhi kuuraya paLinux kernel level.

Pamusoro pezvo, 5 kumwe kusagadzikana kwakaonekwa mu ksmbd-zvishandiso package, iyo inosanganisira zviya zvekutarisira nekushanda ne ksmbd, inoitirwa munzvimbo yemushandisi. Kusagadzikana kwakanyanya kune ngozi (ZDI-CAN-17822, ZDI-CAN-17770, ZDI-CAN-17820, CVE haisati yapihwa) inobvumira anorwisa ari kure, asina kutenderwa kuti aite kodhi yavo nemidzi kodzero. Izvi zvinokonzerwa nekusatariswa kukura kwedata rakatambirwa usati wakopa kubhafa iri muWKSSVC sevhisi kodhi uye muLSARPC_OPNUM_LOOKUP_SID2 neSAMR_OPNUM_QUERY_USER_INFO zvibatiso zveopcode. Kumwe kusagadzikana kuviri (ZDI-CAN-17823, ZDI-CAN-17821) kunogona kutungamira mukurambwa kwesevhisi pasina humbowo.

Ksmbd inopihwa seyepamusoro-inoshanda, yakamisikidzwa-yakagadzirira Samba yekuwedzera iyo inobatanidza neSamba maturusi nemaraibhurari sezvinodiwa. Tsigiro yekumhanyisa SMB server uchishandisa ksmbd module yanga iripo muSamba package kubva pakaburitswa 4.16.0. Kusiyana neSMB sevha inomhanya munzvimbo yevashandisi, ksmbd inoshanda zvakanyanya maererano nekuita, kushandisa ndangariro, uye kusanganisa nepamusoro kernel kugona. naSteve French weMicrosoft, muchengeti weCIFS/SMB2/SMB3 subsystems muLinux kernel uye nhengo yenguva refu yeSamba Development timu, akaita zvakakosha mukuitwa kwerutsigiro rweSMB/CIFS protocol muSamba uye. Linux.

Pamusoro pezvo, kusakwana kuviri kunogona kucherechedzwa muvmwgfx graphics driver, inoshandiswa kuita 3D kukwidziridza munzvimbo dzeVMware. Kusagadzikana kwekutanga (ZDI-CAN-20292) inobvumira mushandisi wepano kuti akwidziridze maropafadzo avo muhurongwa. Kusagadzikana kunokonzerwa nekushaikwa kwekutarisa mamiriro ebhafa usati waisunungura paunenge uchigadzira vmw_buffer_object, izvo zvinogona kutungamirira kune kaviri kudana kune yemahara basa. Kusagadzikana kwechipiri (ZDI-CAN-20110) kunotungamira mukudonha kwemukati mendangariro nekuda kwezvikanganiso mukuronga kukiya kwezvinhu zveGEM.

Source: opennet.ru

Voeg