Ho fanoe ka tokollo ea "toolkit" ea Tor 0.4.6.5, e sebelisetsoang ho hlophisa ts'ebetso ea marang-rang a sa tsejoeng a Tor. Tor version 0.4.6.5 e nkoa e le tokollo ea pele e tsitsitseng ea lekala la 0.4.6, le ntseng le tsoela pele ka likhoeli tse hlano tse fetileng. Lekala la 0.4.6 le tla bolokoa e le karolo ea potoloho ea kamehla ea tlhokomelo - lintlafatso li tla emisoa kamora likhoeli tse 9 kapa likhoeli tse 3 kamora ho lokolloa ha lekala la 0.4.7.x. Tšehetso ea nako e telele (LTS) e fanoe bakeng sa lekala la 0.3.5, lintlafatso tse tla lokolloa ho fihlela la 1 Hlakola 2022. Ka nako e ts'oanang, Tor e lokolla 0.3.5.15, 0.4.4.9 le 0.4.5.9, e ileng ea felisa bofokoli ba DoS bo ka bakang ho haneloa ha tšebeletso ho bareki ba litšebeletso tsa onion le li-relays.
Liphetoho tse kholo:
- E kentse bokhoni ba ho theha lits'ebeletso tsa onion ho latela mofuta oa boraro oa protocol ka netefatso ea phihlello ea bareki ka lifaele tse bukeng ea 'authorized_clients'.
- Bakeng sa li-relay, ho kenyelitsoe folakha e lumellang mokhanni oa node ho utloisisa hore relay ha e kenyelelitsoe tumellanong ha li-server li khetha li-directory (mohlala, ha ho na le li-relay tse ngata ho aterese e le 'ngoe ea IP).
- Hoa khoneha ho fetisetsa tlhahisoleseding ea tšubuhlellano ho data ea extrainfo, e ka sebelisoang bakeng sa ho leka-lekanya mojaro marang-rang. Phetiso ea metric e laoloa ho sebelisoa khetho ea OverloadStatistics ho torrc.
- Bokhoni ba ho fokotsa matla a likhokahano tsa bareki ho li-relay bo kentsoe tsamaisong e nyane ea ts'ireletso ea tlhaselo ea DoS.
- Li-relay li kenya ts'ebetsong ho phatlalatsoa ha lipalo-palo mabapi le palo ea litšebeletso tsa onion tse thehiloeng ho mofuta oa boraro oa protocol le boholo ba sephethephethe sa bona.
- Tšehetso bakeng sa khetho ea DirPorts e tlositsoe ho khoutu ea relay, e sa sebelisetsoeng mofuta ona oa node.
- Khoutu e fetotsoe. Setsi sa ts'ireletso ea tlhaselo ea DoS se fetiselitsoe ho mookameli oa subsys.
- Tšehetso bakeng sa litšebeletso tsa khale tsa onion e thehiloeng phetolelong ea bobeli ea protocol, e ileng ea phatlalatsoa e sa sebetse selemo se fetileng, e khaotsoe. Ho tlosoa ka ho feletseng ha khoutu e amanang le phetolelo ea bobeli ea protocol ho lebeletsoe hoetla. Phetolelo ea bobeli ea protocol e ile ea ntlafatsoa hoo e ka bang lilemo tse 16 tse fetileng, 'me, ka lebaka la tšebeliso ea li-algorithms tsa khale, e ke ke ea nkoa e sireletsehile maemong a kajeno. Lilemong tse peli le halofo tse fetileng, ha ho lokolloa 0.3.2.9, basebelisi ba ile ba fuoa phetolelo ea boraro ea protocol bakeng sa litšebeletso tsa onion, e hlokomelehang bakeng sa phetoho ea liaterese tsa litlhaku tse 56, tšireletso e ka tšeptjoang khahlanong le ho lutla ha data ka li-server tsa directory, sebopeho se atolositsoeng sa modular. le tšebeliso ea SHA3, ed25519 le curve25519 algorithms sebakeng sa SHA1, DH le RSA-1024.
- Bofokoli bo tsitsitse:
- CVE-2021-34550 - phihlello ea sebaka sa memori kantle ho buffer e fanoeng khoutu bakeng sa litlhaloso tsa litšebeletso tsa onion tse ipapisitseng le mofuta oa boraro oa protocol. Mohlaseli a ka, ka ho beha tlhaloso ea tšebeletso ea onion e entsoeng ka mokhoa o khethehileng, a baka ho senyeha ha mofani ofe kapa ofe ea lekang ho fumana tšebeletso ena ea onion.
- CVE-2021-34549 - Ho haneloa ho ka bang teng ha tlhaselo ea litšebeletso ho li-relay. Mohlaseli a ka etsa liketane tse nang le li-identifiers tse bakang likhohlano mesebetsing ea li-hash, e leng ts'ebetso ea eona e bakang mojaro o boima ho CPU.
- CVE-2021-34548 - Relay e ka senya RELAY_END le RELAY_RESOLVED liseleng ka likhoele tse koetsoeng ka halofo, tse lumelletseng ho felisoa ha khoele e entsoeng ntle le ho kenya letsoho ho relay ena.
- TROVE-2021-004 - E kentse licheke tse ling bakeng sa liphoso ha o letsetsa jenereithara ea linomoro tsa OpenSSL (ka ts'ebetso ea kamehla ea RNG ho OpenSSL, liphoso tse joalo ha li etsahale).
Source: opennet.ru