ProHoster > Blog > litaba tsa inthanete > Bofokoli bo ka sebelisoang hole ho FreeBSD

Bofokoli bo ka sebelisoang hole ho FreeBSD

Ho FreeBSD felisitsoe bofokoli bo mehlano, ho kenyeletsoa le litaba tse ka lebisang ho hlakoloeng ha data ea boemo ba kernel ha u romella liphutheloana tse itseng tsa marang-rang kapa ho lumella mosebelisi oa lehae ho eketsa menyetla ea bona. Bofokoli bo ile ba lokisoa lintlafatsong 12.1-RELEASE-p5 le 11.3-RELEASE-p9.

Kotsi e kotsi ka ho fetisisa (CVE-2020-7454) e bakoa ke khaello ea boholo bo nepahetseng ba pakete ea ho hlahloba laebrari ea libalias ha ho hlahlobisisoa lihlooho tse ikhethileng tsa protocol. Laeborari ea libalias e sebelisoa ka har'a sefe ea pakete ea ipfw bakeng sa phetolelo ea liaterese 'me e kenyelletsa mesebetsi e tloaelehileng ea ho nkela liaterese sebakeng sa lipakete tsa IP le liprothokhole tsa ho arola. Ho ba kotsing ho lumella, ka ho romella pakete ea marang-rang e etselitsoeng ka ho khetheha, ho bala kapa ho ngola data sebakeng sa memori ea kernel (ha o sebelisa ts'ebetso ea NAT kernel) kapa ts'ebetso.
natd (haeba u sebelisa sebaka sa mosebelisi ts'ebetsong ea NAT). Taba ena ha e ame litlhophiso tsa NAT tse hahiloeng ka li-filters tsa pakete tsa pf le ipf, kapa litlhophiso tsa ipfw tse sa sebeliseng NAT.

Bofokoli bo bong:

  • CVE-2020-7455 - tlokotsi e 'ngoe e ka sebelisoang hole ho libalias e amanang le lipalo tse fosahetseng tsa bolelele ba lipakete ho sebatli sa FTP. Bothata bo lekanyelitsoe ho lutla litaba tsa li-byte tse 'maloa tsa data ho tsoa sebakeng sa memori ea kernel kapa ts'ebetso ea natd.
  • CVE-2019-15879 - ho ba kotsing ea mojule oa "cryptodev" o bakoang ke ho fihlella sebaka sa memori se seng se lokolotsoe (ts'ebeliso-kamora-mahala), le ho lumella ts'ebetso e se nang tokelo ea ho hlakola libaka tse hanyetsanang tsa mohopolo oa kernel. E le mokhoa oa ho thibela bofokoli, ho kgothaletswa ho laolla mojule wa cryptodev ka taelo ea "kldunload cryptodev" haeba e ne e kentsoe (cryptdev ha e laeloe ka ho sa feleng). Mojule oa cryptodev o fana ka lits'ebetso tsa sebaka sa mosebelisi monyetla oa ho fihlella sebopeho sa /dev/crypto ho fihlella ts'ebetso ea cryptographic e potlakileng ea hardware (/dev/crypto ha e sebelisoe ho AES-NI le OpenSSL).
  • CVE-2019-15880 - ts'oaetso ea bobeli ho cryptodev, e lumellang mosebedisi ea se nang tokelo hore a qale ho senyeha ha kernel ka ho romela kopo ea ho etsa mosebetsi oa cryptographic ka MAC e fosahetseng. Bothata bo bakoa ke khaello ea ho lekola boholo ba senotlolo sa MAC ha ho ajoa buffer ho e boloka (buffer e entsoe ho ipapisitsoe le data ea boholo bo fanoeng ke mosebelisi, ntle le ho sheba boholo ba nnete).
  • CVE-2019-15878 - ho ba kotsing ts'ebetsong ea protocol ea SCTP (Stream Control Transmission Protocol) e bakoang ke netefatso e fosahetseng ea senotlolo se arolelanoang se sebelisoang ke katoloso ea SCTP-AUTH ho netefatsa tatelano ea SCTP. Sesebelisoa sa lehae se ka ntlafatsa senotlolo ka Socket API ha ka nako e ts'oanang e emisa khokahano ea SCTP, e tla lebisa ho phihlello ea sebaka sa memori se seng se lokolotsoe (sebelisa-kamora-mahala).

Source: opennet.ru

Eketsa ka tlhaloso