zvine mvumo DNS server zvigadziriso , mairi ina kusagadzikana, maviri ayo anogona kutungamira kune kure kure kodhi kuurayiwa neanorwisa.
Kusagadzikana CVE-2020-24696, CVE-2020-24697 uye CVE-2020-24698
kodhi nekushandiswa kweiyo kiyi yekutsinhana michina . Kusagadzikana kunongoonekwa kana PowerDNS yavakwa neGSS-TSIG rutsigiro (β-gonesa-yekuedza-gss-tsigβ, isingashandiswe neyakagadzika) uye inogona kushandiswa nekutumira yakanyatsogadzirwa network packet. Mamiriro ezvinhu emujaho uye kusakanganiswa kwakapetwa kaviri CVE-2020-24696 uye CVE-2020-24698 kunogona kutungamira mukupunzika kana kuurayiwa kweanorwisa kodhi kana uchigadzirisa zvikumbiro nemasiginecha eGSS-TSIG asina kurongeka. Kusagadzikana CVE-2020-24697 kunogumira pakuramba sevhisi. Sezvo GSS-TSIG kodhi isina kushandiswa neyakagadzika, kusanganisira mumapaketi ekugovera, uye inogona kunge ine mamwe matambudziko, yakasarudzwa kuibvisa zvachose mukuburitswa kwePowerDNS Authoritative 4.4.0.
inogona kutungamira kune ruzivo rwekudonha kubva kune uninitialized process memory, asi inongoitika kana kugadzirisa zvikumbiro kubva kune vakatendeseka vashandisi vane kugona kuwedzera marekodhi matsva kuDNS nzvimbo dzinoshandirwa neseva.
Source: opennet.ru