Lihlopha tsa lipatlisiso tsa Forescout Research Labs le JSOF Research li phatlalalitse liphetho tsa phuputso e kopaneng ea ts'ireletso ea ts'ebetso e fapaneng ea leano la compression le sebelisetsoang ho paka mabitso a qotsitsoeng ho melaetsa ea DNS, mDNS, DHCP, le IPv6 RA (ho paka likarolo tsa domain tse kopitsoang melaetsa. tse kenyeletsang mabitso a mangata). Nakong ea mosebetsi, ho ile ha fumanoa bofokoli ba 9, bo akaretsoang tlas'a lebitso la khoutu NAME: WRECK.
Litaba li 'nile tsa tsejoa ho FreeBSD, hammoho le lits'ebetsong tsa marang-rang IPnet, Nucleus NET le NetX, tse atileng haholo ho VxWorks, Nucleus le ThreadX mekhoa ea sebele ea nako ea ho sebetsa e sebelisoang lisebelisoa tse ikemetseng, polokelo, lisebelisoa tsa bongaka, li-avionics, bahatisi. le lisebelisoa tsa elektronike tsa bareki. Ho hakanngoa hore bonyane lisebelisoa tse limilione tse 100 li angoa ke bofokoli boo.
- Ho ba kotsing ho FreeBSD (CVE-2020-7461) ho entse hore ho khonehe ho hlophisa ts'ebetsong ea khoutu ea eona ka ho romela pakete e khethehileng ea DHCP ho bahlaseli ba teng marang-rang a tšoanang le motho ea hlasetsoeng, eo ts'ebetso ea eona e lebisitsoeng ke mofani oa DHCP ea tlokotsing. ho koaheloa ke buffer. Bothata bo ile ba fokotsoa ke taba ea hore ts'ebetso ea dhclient eo ho ba kotsing e neng e le teng e ne e sebetsa ka litokelo tsa ho seta bocha tikolohong e ka thoko ea Capsicum, e neng e hloka ho tsebahatsa tlokotsi e 'ngoe ho tsoa.
Ntho ea bohlokoa ea phoso ke ho hlahloba mekhoa e fosahetseng, ka har'a pakete e khutlisitsoeng ke seva sa DHCP ka DHCP khetho ea 119, e leng se u lumellang hore u fetisetse lethathamo la "domain search" ho ea rarollang. Palo e fosahetseng ea boholo ba buffer e hlokehang ho amohela mabitso a domeine a sa pakiloeng e lebisitse ho hore litaba tse laoloang ke mohlaseli li ngoloe ka nqane ho buffer e fanoeng. Ho FreeBSD, bothata bo ile ba lokisoa morao ka Loetse selemong se fetileng. Bothata bo ka sebelisoa hafeela u khona ho kena marang-rang a lehae.
- Ho ba kotsing ho "IPnet networking stack" e sebelisitsoeng ho RTOS VxWorks e lumella ho ka etsahala hore ho sebelisoe khoutu ka lehlakoreng la bareki ba DNS ka lebaka la ho se sebetse hantle ha molaetsa oa DNS. Joalo ka ha ho ile ha etsahala, tlokotsi ena e ile ea tsejoa ka lekhetlo la pele ke Exoda morao koana ka 2016, empa ha ho mohla e kileng ea lokisoa. Kopo e ncha ho Wind River le eona ha ea ka ea arajoa mme lisebelisoa tsa IPnet li lula li le kotsing.
- Likotsi tse tšeletseng li ile tsa khetholloa ho Nucleus NET TCP / IP stack, e tšehetsoeng ke Siemens, eo tse peli tsa tsona li ka lebisang ho ts'ebetsong ea khoutu e hole, 'me tse' nè li ka lebisa ho haneloa ha tšebeletso. Bothata ba pele bo kotsi bo amana le phoso ha u fokotsa melaetsa ea DNS e hatelitsoeng, 'me ea bobeli e amana le ho arola ho fosahetseng ha mabitso a domain name. Mathata ka bobeli a fella ka hore buffer e tlosoe ha e sebetsana le likarabo tse hlophisitsoeng ka ho khetheha tsa DNS.
Ho sebelisa hampe bofokoli, mohlaseli o hloka feela ho romella karabo e khethehileng ho kopo efe kapa efe e nepahetseng e rometsoeng ho tsoa sesebelisoa se tlokotsing, mohlala, ka ho etsa tlhaselo ea MTIM le ho kena-kenana le sephethephethe pakeng tsa seva sa DNS le phofu. Haeba mohlaseli a khona ho kena marang-rang a lehae, joale a ka qala seva sa DNS se lekang ho hlasela lisebelisoa tse nang le bothata ka ho romella likopo tsa mDNS ka mokhoa oa phatlalatso.
- Ho ba kotsing ho NetX network stack (Azure RTOS NetX), e ntlafalitsoeng bakeng sa ThreadX RTOS mme ea buloa ka 2019 kamora ho nkuoa ke Microsoft, e ne e lekanyelitsoe ho hana ts'ebeletso. Bothata bo bakoa ke phoso ea ho arola melaetsa ea DNS e hatelitsoeng ts'ebetsong ea tharollo.
Har'a li-stack tsa marang-rang tse lekiloeng tseo ho tsona ho sa fumanoeng bofokoli bo amanang le khatello ea data e pheta-phetoang melaetsa ea DNS, merero e latelang e ile ea bitsoa: lwIP, Nut / Net, Zephyr, uC/TCP-IP, uC/TCP-IP, FreeRTOS+TCP , OpenThread le FNET. Ho feta moo, tse peli tsa pele (Nut/Net le lwIP) ha li tšehetse ho hatella melaetsa ea DNS ho hang, ha tse ling li phethahatsa ts'ebetso ena ntle le liphoso. Ho feta moo, ho hlokometsoe hore pele bafuputsi ba ts'oanang ba ne ba se ba hlokometse bofokoli bo ts'oanang mefuteng ea Treck, uIP le PicoTCP.
Source: opennet.ru