Qualys Company vana muOpenBSD, imwe yacho inokutendera kuti ubatanidze kure pasina humbowo kune mamwe masevhisi etiweki, uye mamwe matatu anowedzera ropafadzo dzako muhurongwa. Chirevo cheQualys chakacherechedza mhinduro yekukurumidza yevagadziri veOpenBSD - matambudziko ese aive в и mukati maawa makumi mana mushure mekuzivisa zvakavanzika.
Kusagadzikana kuri kure kuri kukonzereswa nekukanganisa kufonera mubati wechokwadi mu library ye libc, iyo inofona.
chirongwa /usr/libexec/auth/login_style ichipfuura nharo pamutsetse wemirairo. Kusanganisira pakufona login_style uchishandisa sarudzo paramende "-s sevhisi", zvinokwanisika kuendesa zita reprotocol. Kana ukashandisa "-" hunhu pakutanga kwezita rekushandisa, zita iri rinobatwa senge sarudzo paunenge uchimhanya login_style. Saizvozvo, kana iwe ukatsanangura "-schallenge" kana "-schallenge: passwd" sezita rekushandisa panguva yechokwadi, ipapo login_style ichaona chikumbiro sechikumbiro chekushandisa mubati. .
Dambudziko nderekuti S/Kiyi protocol mu login_style inotsigirwa chete zviri pamutemo, asi inonyatso furatirwa nekubuda kwechiratidzo chekubudirira kwechokwadi. Saka, munhu anorwisa anogona, nekuita semushandisi "-challenge", kunzvenga chokwadi uye kuwana mukana pasina kupa password kana makiyi. Ese masevhisi etiweki anoshandisa akajairwa libc anofona echokwadi anogona kukanganiswa nedambudziko. Semuenzaniso, kugona kunzvenga chokwadi kunotsigirwa mu smtpd (AUTH PLAIN), ldapd uye radiusd.
Kusagadzikana hakuoneke mu sshd, sezvo iine imwe dziviriro inotarisa kuvepo kwemushandisi muhurongwa. Nekudaro, sshd inogona kushandiswa kuyedza kusamira kwehurongwa - kana uchinge wawana zita rezita "-response:passwd", iyo yekubatanidza inorembera, sezvo sshd yakamirira login_passwd kudzoreredza maparamendi ekunetsa, uye login_passwd yakamirira iyo isipo paramita kuti. kutumirwa (zita "- mhinduro" rinobatwa sechisarudzo). Murwi wepanzvimbo anogona kuedza kunzvenga chokwadi mune su utility, asi kupfuudza zita rekuti "-response" kunoita kuti maitiro acho aparadze nekudzosera null pointer paunenge uchiita getpwnam_r("-schallenge", ...) basa.
Zvimwe zvinokanganisa:
- CVE-2019-19520 Ropafadzo yemunharaunda inowedzera kuburikidza nekunyengera kweiyo xlock utility yakapihwa ne sgid mureza kuchinja boka kuita "auth". Muiyo xlock kodhi, kutsanangudza nzira dzekuraibhurari kunorambidzwa chete kana mushandisi wemushandisi (setuid) achinjwa, izvo zvinoita kuti anorwisa achinje nharaunda inoshanduka "LIBGL_DRIVERS_PATH" uye kuronga kurodha kweraibhurari yake yakagovaniswa, iyo kodhi ichaitwa. mushure mekusimudza ropafadzo kuboka re "auth".
- CVE-2019-19522 - Inobvumira mushandisi wepano ari nhengo yeboka re "auth" kuti ashandise kodhi semudzi kana S/Kiyi kana YubiKey simbisiro yakagoneswa pane system (isingashande nekukasira). Kujoinha boka re "auth", iro rinogona kuwanikwa nekushandisa kusagadzikana kwataurwa pamusoro muxlock, kunokutendera kuti unyore mafaera ku /etc/skey uye /var/db/yubikey madhairekitori. Semuenzaniso, munhu anorwisa anogona kuwedzera faira nyowani /etc/skey/root kugadzira makiyi enguva-imwe yekusimbisa semudziyo mushandisi kuburikidza neS/Key.
- CVE-2019-19519 - mukana wekuwedzera zviwanikwa zvekushandisa kuburikidza nekunyengera kweiyo su utility. Kana iyo "-L" sarudzo yatsanangurwa, izvo zvinokonzeresa kuedza kwechokwadi kudzokororwa cyclic kana zvikasabudirira, kirasi yevashandisi inosetwa kamwe chete uye haigadzirwe patsva pakuedza kunotevera. Anorwisa anogona kuuraya "su -l -L" pakuedza kwekutanga kuisa login yemumwe munhu neakasiyana account account, asi pakuyedza kwechipiri anogona kubudirira kuita sezvaari. Mumamiriro ezvinhu aya, mushandisi achave ari pasi pemiganho zvichienderana nekirasi yevashandisi inotsanangurwa pakuedza kwekutanga (semuenzaniso, huwandu hwehuwandu hwemaitiro kana saizi yekurangarira kuita). Iyo nzira inongoshanda chete yekukwereta miganhu kubva kune vasina kurongeka, sezvo mudzi wemudzi anofanirwa kunge ari muboka remavhiri).
Uyezve, inogona kucherechedzwa muOpenBSD, nzira nyowani yekutarisa chokwadi chenharembozha, izvo zvinowedzera kuomesa kushandiswa kwekusagadzikana. Iyo nzira inobvumira masisitimu mafoni kuti aitwe chete kana awanikwa kubva munzvimbo dzakambonyoreswa ndangariro. Kutara nzvimbo dzendangariro new system call .
Source: opennet.ru