Mapoka ekutsvagisa Forescout Research Labs uye JSOF Tsvagiridzo yakaburitsa mhedzisiro yeongororo yakabatana yekuchengetedzwa kwakasiyana-siyana kweiyo compression chirongwa chinoshandiswa kurongedza mazita akapetwa muDNS, mDNS, DHCP, uye IPv6 RA meseji (kurongedza duplicate domain zvikamu mumeseji. anosanganisira mazita akawanda). Munguva yebasa, 9 kusasimba kwakaonekwa, iyo inopfupikiswa pasi pezita rekodhi NAME: WRECK.
Matambudziko akaonekwa muFreeBSD, pamwe nemunetiweki subsystems IPnet, Nucleus NET uye NetX, dzave kupararira muVxWorks, Nucleus uye ThreadX chaiyo-nguva yekushandisa masisitimu anoshandiswa mune otomatiki zvishandiso, kuchengetedza, midziyo yekurapa, avionics, maprinta. uye zvemagetsi zvevatengi. Zvinofungidzirwa kuti zvinosvika 100 miriyoni zvishandiso zvinokanganiswa nekusagadzikana.
- Kusagadzikana muFreeBSD (CVE-2020-7461) kwakaita kuti zvikwanisike kuronga kuitwa kwekodhi yayo nekutumira yakanyatsogadzirirwa DHCP pakiti kune vanorwisa vari panzvimbo imwecheteyo network semunhu akabatwa, kugadziriswa kwacho nemutengi ari munjodzi weDHCP akatungamira. kune buffer kufashukira. Dambudziko rakadzikiswa nenyaya yekuti iyo dhclient maitiro umo kusagadzikana kwaivepo kwaimhanya nerubatsiro rwesetazve munzvimbo yakasarudzika yeCapsicum, izvo zvaida kuzivisa imwe njodzi yekubuda.
Chinhu chemhosho chiri mukutarisisa kwakashata kweparameter, mupakiti yakadzoserwa neDHCP server ine DHCP sarudzo 119, iyo inobvumidza iwe kuendesa iyo "domain yekutsvaga" rondedzero kune inogadzirisa. Kuverengera kusiri iko kwesaizi yebhafa inodiwa kuendesa mazita asina kurongedzerwa edomeini zvakaita kuti ruzivo rwunodzorwa neanorwisa rwunyorwe kunze kwebhafa yakapihwa. MuFreeBSD, dambudziko rakagadziriswa munaGunyana gore rapfuura. Dambudziko rinogona kushandiswa chete kana iwe uchikwanisa kuwana kune network yemuno.
- Kusagadzikana mune yakadzamirirwa IPnet networking stack inoshandiswa muRTOS VxWorks inobvumira inogona kuitika kodhi kuuraya padivi remutengi weDNS nekuda kwekubata zvisina kunaka kweDNS meseji compression. Sezvazvakazoitika, kusagadzikana uku kwakatanga kuzivikanwa naExodus kumashure muna 2016, asi hakuna kumbogadziriswa. Chikumbiro chitsva kuWind River zvakare haina kupindurwa uye IPnet zvishandiso zvinoramba zviri panjodzi.
- Kusagadzikana kutanhatu kwakaonekwa muNucleus NET TCP/IP stack, inotsigirwa neSiemens, iyo miviri inogona kutungamira kune kure kure kodhi kuuraya, uye ina inogona kutungamira mukuramba sevhisi. Dambudziko rekutanga rine njodzi rine chekuita nekukanganisa pakudzikisira yakadzvanywa DNS meseji, uye yechipiri ine chekuita nekusarurana kusiri kwemazita emazita emazita. Matambudziko ese ari maviri anoita kuti buffer ifashuke kana ichigadzira yakanyatso kurongeka DNS mhinduro.
Kushandisa kusasimba, munhu anorwisa anongoda kutumira mhinduro yakanyatsogadzirirwa kune chero chikumbiro chiri pamutemo chinotumirwa kubva kumudziyo uri munjodzi, semuenzaniso, nekuita kurwisa kweMTIM uye kukanganisa traffic pakati peDNS server neakabatwa. Kana munhu anorwisa achikwanisa kuwana kunetiweki yemuno, saka anogona kuvhura sevha yeDNS inoyedza kurwisa midziyo ine dambudziko nekutumira mDNS zvikumbiro munhepfenyuro.
- Kusagadzikana muNetX network stack (Azure RTOS NetX), yakagadzirirwa ThreadX RTOS uye yakavhurwa muna 2019 mushure mekutorwa neMicrosoft, yakagumira pakuramba basa. Dambudziko rinokonzerwa nekukanganisa pakupatsanura akadzvanywa DNS meseji mukugadzirisa kugadzirisa.
Pamatanho etiweki akaedzwa umo pasina njodzi yakawanikwa ine chekuita nekudzvanywa kwe data rakadzokororwa mumeseji yeDNS, mapurojekiti anotevera akatumidzwa mazita: lwIP, Nut/Net, Zephyr, uC/TCP-IP, uC/TCP-IP, FreeRTOS+TCP. , OpenThread uye FNET. Uyezve, maviri ekutanga (Nut/Net uye lwIP) haatsigire kudzvanya mumameseji eDNS zvachose, nepo vamwe vachiita oparesheni iyi pasina zvikanganiso. Pamusoro pezvo, zvinocherechedzwa kuti kare vaongorori vakafanana vakatoona kusagadzikana kwakafanana muTreck, uIP uye PicoTCP stacks.
Source: opennet.ru