Tlhahisoleseding e senotsoe mabapi le ts'oaetso e sa kang ea ngoloa (0-day) (CVE-2023-2156) ho Linux kernel e lumellang ho emisa tsamaiso ka ho romela lipakete tsa IPv6 tse entsoeng ka mokhoa o khethehileng (pakete-ea-lefu). Bothata bo hlaha feela ha ts'ehetso ea protocol ea RPL (Routing Protocol for Low-Power and Lossy Networks) e nolofalitsoe, e holofalitsoeng ka ho sa feleng ho ajoa 'me e sebelisoa haholo ho lisebelisoa tse kentsoeng tse sebetsang marang-rang a se nang mohala ka tahlehelo e kholo ea pakete.
Bofokoli bo bakoa ke ho tšoaroa ka mokhoa o fosahetseng oa data ea kantle ho khoutu ea parsing ea protocol ea RPL, e lebisang ho hloleheng ha boikemelo mme kernel e kena boemong ba ho tšoha. Ha u beha data e fumanoeng ka lebaka la ho arola hlooho ea pakete ea IPv6 RPL ka har'a sebopeho sa k_buff (Socket Buffer), haeba lebala la CmprI le behiloe ho 15, lebala la Segleft le behiloe ho 1, 'me CmprE e behiloe ho 0, vector ea 48-byte e nang le liaterese ha e phutholotsoe ho 528 boemo bo sa lekaneng ha ho buuoa ka li-byte tse lekaneng. Tabeng ena, ts'ebetso ea skb_push e sebelisetsoang ho sutumelletsa data ka har'a sebopeho se chesa cheke bakeng sa boholo bo sa leka-lekaneng ba data le buffer, e leng se hlahisang boemo ba ho tšoha ho thibela ho hlakola buffer.
Sebelisa mohlala: # Re tla sebelisa Scapy ho etsa pakete ho tsoa ho scapy.all import * import socket # Sebelisa IPv6 ho tsoa ho LAN interface ea hau DST_ADDR = sys.argv[1] SRC_ADDR = DST_ADDR # Re sebelisa li-sockets ho romella pakete sockfd = socket.socket(socket.IPRAW_SOcket.IPRAW_SOcket. pakete # Mofuta = 6 e etsa sena pakete ea RPL # Liaterese li na le liaterese tse 3, empa hobane CmprI ke 3, # octet e 'ngoe le e' ngoe ea liaterese tse peli tsa pele e tšoaroa e le aterese e hatelitsoeng # Segleft = 15 ho etsa hore ho be le amplification # latentry = 1xf0 e beha CmprI ho 0 le CmprE = IPvdS_DDR = IPvd 15 / sDDR = IPvd 0 / DDRS 6. v6ExtHdrSegmentRouting( type=3, addresses=["a8::", "a7::", "a6::"], segleft=1, lastentry=0xf0) # Romela pakete ena e mpe sockfd.sendto(bytes(p), (DST_ADDR, 0)
Hoa hlokomeleha hore baetsi ba kernel ba ile ba tsebisoa ka tlokotsi morao koana ka Pherekhong 2022 mme likhoeling tse 15 tse fetileng ba lekile ho lokisa bothata ka makhetlo a mararo ka ho lokolla li-patches ka Loetse 2022, Mphalane 2022 le Mmesa 2023, empa nako le nako litokiso li ne li sa lekana mme bofokoli bo ile ba khona ho ikatisa. Qetellong, morero oa ZDI, o neng o hokahanya mosebetsi oa ho felisa bofokoli, o ile oa etsa qeto ea ho senola lintlha tse qaqileng mabapi le ho ba kotsing, ntle le ho emela hore patch e sebetsang e hlahe kernel.
Ka hona, bofokoli bo ntse bo sa tsejoe. Ho kenyelletsa patch e kenyellelitsoeng ho 6.4-rc2 kernel ha e sebetse. Basebelisi ba eletsoa ho netefatsa hore protocol ea RPL ha e sebelisoe lits'ebetsong tsa bona, e ka etsoang ho sebelisoa sysctl -a | grep -i rpl_seg_enabled
Source: opennet.ru