ProHoster > Π‘Π»ΠΎΠ³ > Maamulka > Patched Exim - mar kale balastar. Fulinta taliska fog fog ee cusub ee Exim 4.92 hal codsi

Patched Exim - mar kale balastar. Fulinta taliska fog fog ee cusub ee Exim 4.92 hal codsi

Patched Exim - mar kale balastar. Fulinta taliska fog fog ee cusub ee Exim 4.92 hal codsi

Dhawaanahan, xagaagii hore, waxaa jiray wicitaano baahsan oo ku saabsan Exim in lagu cusboonaysiiyo nooca 4.92 sababtoo ah baylahda CVE-2019-10149 (Si degdeg ah u cusbooneysii Exim ilaa 4.92 - waxaa jira caabuq firfircoon / Sudo Null IT News). Dhawaanna waxay soo baxday in Sustes malware uu go'aansaday inuu ka faa'iidaysto nuglaantan.

Hadda dhammaan kuwa sida degdegga ah wax u cusboonaysiiyay mar labaad way "ku farxi karaan": Luulyo 21, 2019, cilmi-baare Zerons wuxuu ogaaday nuglaanshaha daran Wakiilka Wareejinta Exim Mail (MTA) markaad isticmaalayso TLS for versions ka 4.80 4.92.1 ilaa loo dhan yahay, oggolaanshaha fog ku fuli koodka xuquuqaha gaarka ah (CVE-2019-15846).

Nuglaanta

Nuglaanta ayaa jirta marka la isticmaalayo labada GnuTLS iyo OpenSSL maktabadaha marka la samaynayo xiriir aamin ah TLS.

Sida laga soo xigtay horumariye Heiko Schlittermann, faylka qaabeynta ee Exim uma isticmaalo TLS si caadi ah, laakiin qaybin badan ayaa abuurta shahaadooyinka lagama maarmaanka ah inta lagu jiro rakibidda waxayna awood u siineysaa xiriir sugan. Sidoo kale noocyada cusub ee Exim ayaa rakibaya ikhtiyaarka tls_xayaysiisay_martigeliyayaasha=* oo ay soo saaraan shahaadooyinka lagama maarmaanka ah.

waxay ku xiran tahay qaabeynta. Inta badan distros-ku si caadi ah ayey u suurta gelisaa, laakiin Exim wuxuu u baahan yahay shahaado+ fure si uu ugu shaqeeyo server-ka TLS. Malaha Distros wuxuu abuuraa Shahaado inta lagu jiro dejinta. Exims Newer waxay leeyihiin tls_advertise_hosts ikhtiyaarka u ah "*" oo samee shahaado iskiis u saxiixday, haddii aan midna la bixin.

Nuglaanta lafteedu waxay ku jirtaa habaynta khaldan ee SNI (Tilmaanta Magaca Adeegga, tignoolajiyada lagu soo bandhigay 2003 ee RFC 3546 ee macmiilka si uu u codsado shahaadada saxda ah ee magac domain, Qaybinta heerka TLS SNI / Kooxda WEBO Blog / Sudo Null IT News) inta lagu guda jiro gacan qaadka TLS. Weeraryahanku wuxuu kaliya u baahan yahay inuu soo diro SNI oo ku dhammaanaysa dib-u-dhac ("") iyo dabeecad aan jirin ("").

Cilmi-baarayaal ka socda Qualys waxay heleen cilad ku jirta shaqada string_printing(tls_in.sni), kaas oo ku lug leh baxsasho khaldan oo "". Natiijo ahaan, dib-u-celinta ayaa loo qoraa iyada oo aan laga baxsanayn faylka madaxa ee daabacaadda. Faylkan waxaa markaas lagu akhriyaa xuquuqaha mudnaanta leh ee shaqada spool_read_header(), taasoo u horseedda qulqul xad dhaaf ah.

Waxaa xusid mudan in xilligan, horumarinta Exim ay abuureen PoC ee dayacanka fulinta amarada server-ka nugul, laakiin wali si guud looma heli karo. Sababtoo ah fudaydka ka faa'iidaysiga cayayaanka, waa arrin waqti uun ah, oo aad u gaaban.

Daraasad faahfaahsan oo uu sameeyay Qualys ayaa laga heli karaa halkan.

Patched Exim - mar kale balastar. Fulinta taliska fog fog ee cusub ee Exim 4.92 hal codsi

Isticmaalka SNI gudaha TLS

Tirada adeegayaasha dadweynaha ee suurtagalka ah ee nugul

Marka loo eego tirakoobyada ka yimid bixiye weyn oo martigelinaya E-Soft Inc laga bilaabo Sebtembar 1, server-yada kirada ah, nooca 4.92 waxaa loo isticmaalaa in ka badan 70% martigeliyayaasha.

Version
Tirada Server-yada
boqolkiiba

4.92.1
6471
1.28%

4.92
376436
74.22%

4.91
58179
11.47%

4.9
5732
1.13%

4.89
10700
2.11%

4.87
14177
2.80%

4.84
9937
1.96%

Noocyo kale
25568
5.04%

Warbixinta maaliyadeed ee ugu dambeysay ee dakhliga E-Soft Inc

Haddii aad isticmaasho mashiinka raadinta Shodan, ka dibna 5,250,000 ee kaydka serverka:

  • qiyaastii 3,500,000 isticmaal Exim 4.92 (qiyaastii 1,380,000 isticmaalaya SSL/TLS);
  • in ka badan 74,000 isticmaalaya 4.92.1 (qiyaastii 25,000 isticmaalaya SSL/TLS).

Sidaa darteed, si guud loo yaqaan oo la heli karo Exim adeegayaasha suurtagalka ah ee nugul waxay ku saabsan yihiin 1.5M.

Patched Exim - mar kale balastar. Fulinta taliska fog fog ee cusub ee Exim 4.92 hal codsi

Ka raadi adeegayaasha Exim gudaha Shodan

ilaalinta

  • Xulashada ugu fudud, laakiin aan lagu talin, waa inaadan isticmaalin TLS, taas oo keeni doonta in fariimaha iimaylka loo gudbiyo si cad.
  • Si looga fogaado ka faa'iidaysiga dayacanka, waxa aad u door bidi lahayd in la cusboonaysiiyo nooca Boostada Internetka ee Exim 4.92.2.
  • Haddii aysan suurtagal ahayn in la cusboonaysiiyo ama la rakibo nooc dhejisan, waxaad dejin kartaa ACL qaabaynta Exim ee ikhtiyaarka acl_smtp_mail oo leh xeerarka soo socda: 
    # to be prepended to your mail acl (the ACL referenced
# by the acl_smtp_mail main config option)
deny    condition = ${if eq{}{${substr{-1}{1}{$tls_in_sni}}}}
deny    condition = ${if eq{}{${substr{-1}{1}{$tls_in_peerdn}}}}

Source: www.habr.com

Add a comment