Siideynta saxda ah ee qaybinta OpenWrt ayaa la daabacay ΠΈ , kaas oo lagu ciribtirayo (CVE-2020-7982) ee maareeyaha xirmada , kaas oo kuu ogolaanaya inaad qaaddo weerarka MITM oo aad bedesho waxa ku jira xirmo laga soo dejiyo kaydka. Cilad ku timid koodhka xaqiijinta jeegga, weerarku waxa uu abuuri karaa shuruudo kaas oo jeegaga SHA-256 ee ku jira tusmaynta baakidhka dhijitaalka ah saxeexay la iska indhotiray doono, taas oo suurtogal ka dhigaysa in la dhaafo hababka lagu hubinayo daacadnimada ilaha la soo dejiyay ee ipk.
Dhibaatadu waxay soo muuqatay ilaa Febraayo 2017, ka dib kood in la iska indho tiro meelaha hogaaminta ka hor jeeg-gudbinta. Cilad ku timid marka boosaska laga boodo, tilmaanta booska laynka lama beddelin oo SHA-256 wareegtada isku xigxiga ee hexadecimal ayaa isla markiiba soo celisay xakamaynta oo soo celisay jeeg dhererka eber ah.
Maaddaama maareeyaha xirmada opkg ee OpenWrt lagu bilaabay xuquuqaha xididka, haddii ay dhacdo weerar MITM, weerarku wuxuu si aamusnaan ah u beddeli karaa xirmada ipk ee laga soo dejiyey bakhaarka inta isticmaaluhu uu fulinayo amarka "opkg install", oo abaabulo fulinta koodkiisa oo leh xuquuqaha xididka adiga oo ku daraya qoraaladaada maamulaha xirmada, oo la yiraahdo inta lagu jiro rakibidda. Si looga faa'iidaysto nuglaanta, weeraryahanku waa inuu sidoo kale diyaariyaa beddelka tusmada xidhmo sax ah oo saxeexan (tusaale ahaan, laga helay downloads.openwrt.org). Baaxadda xirmada wax laga beddelay waa inay la mid tahay cabbirka asalka ah ee lagu qeexay tusmada.
Xaalad aad u baahan tahay inaad sameyso adiga oo aan cusboonaysiin dhammaan firmware-ka, waxaad cusboonaysiin kartaa oo keliya maamulaha xirmada opkg adiga oo socodsiinaya amarada soo socda:
cd / tmp
okg update
opkg soo dejiso okg
zcat ./opkg-lists/openwrt_base | grep -A10 "Package: opkg" | grep SHA256sum
sha256sum ./opkg_2020-01-25-c09fe209-1_*.ipk
Marka xigta, is barbar dhig jeegaga la soo bandhigay oo haddii ay iswaafaqayaan, fuli:
opkg install ./opkg_2020-01-25-c09fe209-1_*.ipk
Noocyo cusub ayaa sidoo kale meesha ka saaraya mid kale maktabadda , kaas oo u horseedi kara bakhaar xad-dhaaf ah marka la farsameeyo hawsha binary ama xogta JSON oo si gaar ah loo habeeyey. Maktabadda waxa loo isticmaalaa qaybaha qaybinta sida netifd, procd, ubus, rpcd iyo uhttpd, iyo sidoo kale xirmada (Ka qayb galay sysUpgrade CLI). Buux-dhaafku wuxuu dhacaa marka sifooyin tiro badan oo ah nooca "laba-laab" lagu kala qaado blocks. Waxaad ku hubin kartaa u nuglaanshaha nidaamkaaga adigoo socodsiinaya amarka:
$ubus wac luci getFeatures
'{"banik": 00192200197600198000198100200400.1922}'
Marka lagu daro baabi'inta dayacanka iyo hagaajinta khaladaadka urursan, OpenWrt 19.07.1 sii deynta ayaa sidoo kale cusboonaysiisay nooca Linux kernel (laga bilaabo 4.14.162 ilaa 4.14.167), arrimaha waxqabadka la xalliyey marka la isticmaalayo 5GHz soo noqnoqoshada, iyo hagaajinta taageerada Ubiquiti Rocket M Titanium, Netgear WN2500RP v1 aaladaha,
Zyxel NSA325, Netgear WNR3500 V2, Archer C6 v2, Ubiquiti EdgeRouter-X, Archer C20 v4, Archer C50 v4 Archer MR200, TL-WA801ND v5, HiWiFi HC5962, Xiaomi Mi Router 3 Pro iyo Netgear.
Source: opennet.ru