ProHoster > Блог > wararka internetka > Nuglaanta dnsmasq U oggolow sunta DNS Cache iyo fulinta Root Koodhka

Nuglaanta dnsmasq U oggolow sunta DNS Cache iyo fulinta Root Koodhka

Lix nugul ayaa lagu aqoonsaday xirmada Dnsmasq, kaas oo isku daraya xalliyaha DNS ee kaydinta, server-ka DHCP, adeegga ku dhawaaqida wadada IPv6, iyo nidaamka boot-ka shabakadda. Nuglaannadani waxay u oggolaanayaan fulinta koodhka xididka, dib u habeeynta domain-ka, helitaanka xusuusta habka, iyo shilalka adeegga. Arrimaha waxaa lagu xalliyay dnsmasq 2.92rel2. Hagaajinta sidoo kale waxaa loo heli karaa balastar ahaan.

Arrimaha la aqoonsaday:

  • CVE-2026-4892 waa dul-saar kayd ah oo ku jira hirgelinta DHCPv6 kaas oo u oggolaanaya weeraryahan leh marin u helidda shabakadda maxalliga ah inuu fuliyo kood leh xuquuq xidid isagoo diraya baakad DHCPv6 oo si gaar ah loo farsameeyay. Dul-saarku wuxuu dhacaa sababtoo ah DHCPv6 CLID waxaa loo qoraa kaydka iyada oo aan la tixgelin in baakaddu ay xogta ku kaydiso calaamadda hexadecimal, taas oo adeegsata saddex "%xx" bayt oo loogu talagalay bayt kasta oo CLID ah oo dhab ah (tusaale ahaan, kaydinta 1000-byte CLID waxay keeni doontaa in 3000 bayt la qoro).
  • CVE-2026-2291 — Buuxinta kaydka ee ku jirta shaqada extract_name() waxay u oggolaanaysaa weeraryahan inuu geliyo diiwaannada beenta ah kaydka DNS-ka oo uu u weeciyo domain cinwaan IP oo kale. Buuxintu waxay dhacday sababtoo ah qoondayn kayd ah oo ku guuldareysatay inay si sax ah uga baxdo jilayaasha qaarkood ee matalaadda gudaha ee magaca domain-ka ee dnsmasq.
  • CVE-2026-4893 waa daadasho macluumaad oo u oggolaanaysa in laga gudbo xaqiijinta DNS iyadoo la dirayo xirmo DNS ah oo si gaar ah loo farsameeyay oo ka kooban macluumaadka subnetka macmiilka (RFC 7871). Nuglaantaan waxaa loo isticmaali karaa in dib loogu celiyo jawaabaha DNS loona wareejiyo isticmaalayaasha domainka weerarka. Nuglaanta waxaa sababa iyadoo dhererka diiwaanka OPT loo gudbiyo shaqada check_source() halkii laga isticmaali lahaa dhererka baakadka, taasoo keenta in shaqadu ay had iyo jeer soo celiso natiijo xaqiijin oo guul leh.
  • CVE-2026-4891 - Nuglaanta akhrinta ee ka baxsan xadka ee ansaxinta DNSSEC waxay keentaa daadashada xusuusta ee jawaabta marka la farsameynayo weydiin DNS ah oo si gaar ah loo sameeyay.
  • CVE-2026-4890 – Wareegga xaqiijinta DNSSEC wuxuu keeni karaa in la diido adeegga iyada oo loo marayo xirmo DNS ah oo si gaar ah loo sameeyay.
  • CVE-2026-5172 - Akhrinta aan xadka lahayn ee ku jirta shaqada extract_addresses() waxay horseedaa shil marka la farsameynayo jawaabaha DNS ee si gaar ah loo sameeyay.

Xaaladda hagaajinta nuglaanta ee qaybinta waxaa lagu qiimeyn karaa bogagga soo socda (haddii bog aan la heli karin, horumariyayaasha qaybinta weli ma aysan bilaabin baaritaanka arrinta): Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch, Fedora, OpenWRT, iyo FreeBSD. Mashruuca Dnsmasq waxaa loo isticmaalaa madal Android iyo qaybinta gaarka ah sida OpenWrt iyo DD-WRT, iyo sidoo kale firmware-ka router-yada wireless-ka ee soo saarayaasha badan. Qaybinta caadiga ah, Dnsmasq waxaa lagu rakibi karaa marka la isticmaalayo libvirt si loo bixiyo adeegga DNS ee mashiinnada dalwaddu ama lagu hawlgeliyo habeeyaha NetworkManager.

Source: opennet.ru

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers 🔥 Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster