Kwi-stack ye-TCP/IP yobunini
Iithagethi zohlaselo eziphawulekayo zisebenzisa iTreck's TCP/IP stack ziquka iiprinta zenethiwekhi zeHP kunye neIntel chips. Phakathi kwezinye izinto, iingxaki kwi-Treck TCP / IP stack yajika yaba yimbangela yakutshanje
Iingxaki zifunyenwe ekuphunyezweni kwe-IPv4, IPv6, UDP, DNS, DHCP, TCP, ICMPv4 kunye neeprotokholi ze-ARP, kwaye zibangelwa ukuqhutyelwa okungalunganga kweeparitha zobungakanani bedatha (ukusebenzisa intsimi yobungakanani ngaphandle kokujonga ubungakanani bedatha yangempela), iimpazamo ukujonga ulwazi lwegalelo, ukukhululwa kabini kwememori, ukufundwa ngaphandle kwe-buffer, ukuphuphuma kwenani elipheleleyo, ulawulo lofikelelo olungachanekanga, kunye nengxaki yokuphatha imitya enganqunywanga.
Iingxaki ezimbini eziyingozi kakhulu (i-CVE-2020-11896, i-CVE-2020-11897), eyabelwe i-CVSS inqanaba le-10, ivumela ikhowudi ukuba iqhutywe kwisixhobo ngokuthumela iipakethi ze-IPv4 / UDP okanye IPv6 ezifomathiweyo ngokukodwa. Ingxaki yokuqala ebalulekileyo ibonakala kwizixhobo ezinenkxaso yeetonela ze-IPv4, kwaye okwesibini kwiinguqulelo ezikhutshwe ngaphambi kwe-04.06.2009/6/9 ngenkxaso ye-IPv2020. Obunye ubuthathaka obubalulekileyo (CVSS 11901) bukhona kwi-DNS resolutionr (CVE-XNUMX-XNUMX) kwaye ivumela ukwenziwa kwekhowudi ngokuthumela isicelo esenziwe ngokukhethekileyo se-DNS (ingxaki yayisetyenziselwa ukubonisa ukukhwabanisa kwe-Schneider Electric APC UPS kwaye ibonakala kwizixhobo ezine Inkxaso ye-DNS).
Obunye ubuthathaka CVE-2020-11898, CVE-2020-11899, CVE-2020-11902, CVE-2020-11903, CVE-2020-11905 vumela imixholo ye IPv4/ICMPv4, IPvCP to DHCPv6 IPv4, IPv6OverIP, IPv6OverIP, IPvXNUMXOverIP ukuthumela iipakethi eziyilwe ngokukodwa iindawo zememori yenkqubo. Ezinye iingxaki zinokubangela ukwaliwa kwenkonzo okanye ukuvuza kwedatha eyintsalela kwizithinteli zesixokelelwano.
Uninzi lwezinto ezibuthathaka zilungisiwe kwi-Treck 6.0.1.67 (i-CVE-2020-11897 igxininise kwi-5.0.1.35, i-CVE-2020-11900 kwi-6.0.1.41, i-CVE-2020-11903 kwi-6.0.1.28-2020. 11908. 4.7.1.27). Ukusukela ekulungiseleleni uhlaziyo lwe-firmware yezixhobo ezithile kunokulibaziseka okanye akunakwenzeka (i-Treck stack ikhona iminyaka engaphezu kwe-20, izixhobo ezininzi zihlala zingagcinwanga okanye kunzima ukuzihlaziya), abalawuli bayacetyiswa ukuba bahlukanise izixhobo eziyingxaki kwaye baqwalasele iinkqubo zokuhlola iipakethi, iindonga zomlilo. okanye ii-routers ukuba ziqheleke okanye zithintele iipakethi eziqhekekileyo, ibhlokhi ye-IP tunnels (IPv6-in-IPv4 kunye ne-IP-in-IP), ibhloko "umzila womthombo", yenza ukuba kuhlolwe iinketho ezingalunganga kwiipakethi ze-TCP, vimba imiyalezo yokulawula i-ICMP engasetyenziswanga (Uhlaziyo lwe-MTU kunye Idilesi yeMask), khubaza i-IPv6 multicast kwaye uphinde uqondise imibuzo ye-DNS kwiseva ye-DNS ekhuselekileyo.
umthombo: opennet.ru