Ka har'a pokello ea thepa ea TCP/IP
Lipheo tse hlokomelehang tsa tlhaselo tse sebelisang stack ea Treck's TCP/IP li kenyelletsa bahatisi ba marang-rang ba HP le li-Intel chips. Har'a tse ling, mathata a Treck TCP / IP stack e bile sesosa sa morao tjena
Mathata a ile a fumanoa ts'ebetsong ea IPv4, IPv6, UDP, DNS, DHCP, TCP, ICMPv4 le ARP protocol, 'me a bakoa ke ts'ebetso e fosahetseng ea litekanyetso tsa boholo ba data (ho sebelisa tšimo ea boholo ntle le ho hlahloba boholo ba data), liphoso ho ho lekola lintlha tse kentsoeng, ho lokolla mohopolo habeli, ho bala ho tsoa ho buffer, palo e felletseng, taolo e fosahetseng ea phihlello, le mathata a ho sebetsana le likhoele tse se nang moeli.
Mathata a mabeli a kotsi ka ho fetisisa (CVE-2020-11896, CVE-2020-11897), a abetsoeng CVSS level 10, a lumella khoutu ho etsoa ka sesebelisoa ka ho romela lipakete tsa IPv4 / UDP kapa IPv6 tse hlophisitsoeng ka mokhoa o khethehileng. Bothata ba pele bo boima bo hlaha ho lisebelisoa tse nang le tšehetso bakeng sa lithanele tsa IPv4, 'me ea bobeli liphetolelong tse lokollotsoeng pele ho 04.06.2009/6/9 ka tšehetso ea IPv2020. Kotsi e 'ngoe ea bohlokoa (CVSS 11901) e teng ho DNS resolutionr (CVE-XNUMX-XNUMX) mme e lumella ts'ebetso ea khoutu ka ho romella kopo e entsoeng ka ho khetheha ea DNS (bothata bo ne bo sebelisetsoa ho bonts'a ho qhekelloa ha Schneider Electric APC UPS mme e hlaha lisebelisoa tse nang le Tšehetso ea DNS).
Bofokoli bo bong CVE-2020-11898, CVE-2020-11899, CVE-2020-11902, CVE-2020-11903, CVE-2020-11905 lumella litaba tsa IPv4/ICMPv4, IPvCP to DHCPv6, IPv4OverIPv6, IPv6OverIPvXNUMX ho romela libaka tsa memori tsa sistimi tse etselitsoeng ka ho khetheha. Mathata a mang a ka baka ho haneloa ha litšebeletso kapa ho lutla ha data e setseng ho tsoa ho buffer ea sistimi.
Boholo ba bofokoli bo tsitsitse ho Treck 6.0.1.67 (CVE-2020-11897 e tsitsitse ho 5.0.1.35, CVE-2020-11900 ho 6.0.1.41, CVE-2020-11903 ho 6.0.1.28-2020 CVE11908. 4.7.1.27. 20). Kaha ho lokisa lintlafatso tsa firmware bakeng sa lisebelisoa tse itseng ho ka lieha kapa ha ho khonehe (Treck stack e bile teng ka lilemo tse fetang 6, lisebelisoa tse ngata li lula li sa hlokomeloe kapa li thata ho li nchafatsa), batsamaisi ba eletsoa ho arola lisebelisoa tse nang le bothata le ho lokisa lits'ebetso tsa tlhahlobo ea lipakete, li-firewall. kapa li-routers ho tloaeleha kapa ho thibela lipakete tse arohaneng, thibela lithanele tsa IP (IPv4-in-IPv6 le IP-in-IP), thibela "mohloli oa litsela", ho nolofalletsa ho hlahloba likhetho tse fosahetseng lipaketeng tsa TCP, thibela melaetsa ea taolo ea ICMP e sa sebelisoang (MTU Update le Aterese Mask), tima IPvXNUMX multicast 'me u romelle lipotso tsa DNS ho seva sa DNS se sireletsehileng.
Source: opennet.ru