Ka har'a pokello ea thepa ea TCP/IP , e sebelisoa hampe ka ho romela liphutheloana tse entsoeng ka mokhoa o khethehileng. Lifokotsi li filoe lebitso la khoutu . Bofokoli bo bong bo boetse bo hlaha ho KASAGO TCP/IP stack ho tloha Zuken Elmic (Elmic Systems), e nang le metso e tloaelehileng le Treck. Treck stack e sebelisoa ho lisebelisoa tse ngata tsa indasteri, tsa bongaka, tsa puisano, tse kentsoeng le tsa bareki (ho tloha ka mabone a bohlale ho ea ho likhatiso le lisebelisoa tsa motlakase tse ke keng tsa senyeha), hammoho le lisebelisoa tsa matla, lipalangoang, lifofane, khoebo le oli.
Lipheo tse hlokomelehang tsa tlhaselo tse sebelisang stack ea Treck's TCP/IP li kenyelletsa bahatisi ba marang-rang ba HP le li-Intel chips. Har'a tse ling, mathata a Treck TCP / IP stack e bile sesosa sa morao tjena ho Intel AMT le ISM subsystems, e sebetsang ka ho romella pakete ea marang-rang. Ho ba teng ha bofokoli ho netefalitsoe ke baetsi ba Intel, HP, Hewlett Packard Enterprise, Baxter, Caterpillar, Digi, Rockwell Automation le Schneider Electric. Hape
, eo lihlahisoa tsa tsona li sebelisang stack ea TCP / IP ea Treck, ha e e-s'o arabele mathata. 5, ho kenyeletsoa le AMD, ba boletse hore lihlahisoa tsa bona ha li na mathata.
Mathata a ile a fumanoa ts'ebetsong ea IPv4, IPv6, UDP, DNS, DHCP, TCP, ICMPv4 le ARP protocol, 'me a bakoa ke ts'ebetso e fosahetseng ea litekanyetso tsa boholo ba data (ho sebelisa tšimo ea boholo ntle le ho hlahloba boholo ba data), liphoso ho ho lekola lintlha tse kentsoeng, ho lokolla mohopolo habeli, ho bala ho tsoa ho buffer, palo e felletseng, taolo e fosahetseng ea phihlello, le mathata a ho sebetsana le likhoele tse se nang moeli.
Mathata a mabeli a kotsi ka ho fetisisa (CVE-2020-11896, CVE-2020-11897), a abetsoeng CVSS level 10, a lumella khoutu ho etsoa ka sesebelisoa ka ho romela lipakete tsa IPv4 / UDP kapa IPv6 tse hlophisitsoeng ka mokhoa o khethehileng. Bothata ba pele bo boima bo hlaha ho lisebelisoa tse nang le tšehetso bakeng sa lithanele tsa IPv4, 'me ea bobeli liphetolelong tse lokollotsoeng pele ho 04.06.2009/6/9 ka tšehetso ea IPv2020. Kotsi e 'ngoe ea bohlokoa (CVSS 11901) e teng ho DNS resolutionr (CVE-XNUMX-XNUMX) mme e lumella ts'ebetso ea khoutu ka ho romella kopo e entsoeng ka ho khetheha ea DNS (bothata bo ne bo sebelisetsoa ho bonts'a ho qhekelloa ha Schneider Electric APC UPS mme e hlaha lisebelisoa tse nang le Tšehetso ea DNS).
Bofokoli bo bong CVE-2020-11898, CVE-2020-11899, CVE-2020-11902, CVE-2020-11903, CVE-2020-11905 lumella litaba tsa IPv4/ICMPv4, IPvCP to DHCPv6, IPv4OverIPv6, IPv6OverIPvXNUMX ho romela libaka tsa memori tsa sistimi tse etselitsoeng ka ho khetheha. Mathata a mang a ka baka ho haneloa ha litšebeletso kapa ho lutla ha data e setseng ho tsoa ho buffer ea sistimi.
Boholo ba bofokoli bo tsitsitse ho Treck 6.0.1.67 (CVE-2020-11897 e tsitsitse ho 5.0.1.35, CVE-2020-11900 ho 6.0.1.41, CVE-2020-11903 ho 6.0.1.28-2020 CVE11908. 4.7.1.27. 20). Kaha ho lokisa lintlafatso tsa firmware bakeng sa lisebelisoa tse itseng ho ka lieha kapa ha ho khonehe (Treck stack e bile teng ka lilemo tse fetang 6, lisebelisoa tse ngata li lula li sa hlokomeloe kapa li thata ho li nchafatsa), batsamaisi ba eletsoa ho arola lisebelisoa tse nang le bothata le ho lokisa lits'ebetso tsa tlhahlobo ea lipakete, li-firewall. kapa li-routers ho tloaeleha kapa ho thibela lipakete tse arohaneng, thibela lithanele tsa IP (IPv4-in-IPv6 le IP-in-IP), thibela "mohloli oa litsela", ho nolofalletsa ho hlahloba likhetho tse fosahetseng lipaketeng tsa TCP, thibela melaetsa ea taolo ea ICMP e sa sebelisoang (MTU Update le Aterese Mask), tima IPvXNUMX multicast 'me u romelle lipotso tsa DNS ho seva sa DNS se sireletsehileng.
Source: opennet.ru