Ukhupho olululo losasazo lwe-OpenWrt lupapashiwe ΠΈ , apho kupheliswa (CVE-2020-7982) kumphathi wephakheji , ekuvumela ukuba wenze uhlaselo lwe-MITM kwaye ubuyisele imixholo yephakheji ekhutshelwe kwindawo yokugcina. Ngenxa yempazamo kwikhowudi yokuqinisekisa i-checksum, umhlaseli unokudala iimeko apho i-SHA-256 checksums ekhoyo kwisalathiso sepakethe esayiniweyo ngedijithali iya kuhoywa, nto leyo eyenza kube lula ukudlula iindlela zokukhangela ingqibelelo yezixhobo ze-ipk ezikhutshelweyo.
Ingxaki ibonakala ukususela ngoFebruwari 2017, emva koko ikhowudi yokungahoyi izithuba ezikhokelayo phambi kokukhangela. Ngenxa yempazamo xa utsiba izithuba, isalathisi kwindawo emgceni asizange sitshintshe kwaye i-SHA-256 yehexadecimal decoding loop yolandelelwano lwe-hexadecimal ngoko nangoko ibuyise ulawulo kwaye ibuyise itshekhi yobude obunguziro.
Ukusukela ukuba umphathi wephakheji ye-opkg kwi-OpenWrt iqaliswe ngamalungelo engcambu, kwimeko yohlaselo lwe-MITM, umhlaseli angenza utshintsho ngokuzolileyo kwiphakheji ye-ipk ekhutshelwe kwindawo yokugcina ngelixa umsebenzisi ephumeza umyalelo "wokufaka i-opkg", kwaye ulungelelanise ukuphunyezwa kwekhowudi yakhe ngamalungelo engcambu ngokongeza izikripthi zomphathi wakho kwiphakheji, ebizwa ngexesha lofakelo. Ukusebenzisa ubuthathaka, umhlaseli kufuneka kwakhona alungiselele ukutshintshwa kwesalathiso sephakheji esichanekileyo kunye esayiniweyo (umzekelo, unikwe kwi-downloads.openwrt.org). Ubungakanani bepakethe elungisiweyo kufuneka ihambelane nobungakanani boqobo obuchazwe kwisalathiso.
Kwimeko apho kufuneka wenze ngaphandle kokuhlaziya yonke i-firmware, unokuhlaziya kuphela umphathi wephakheji ye-opkg ngokusebenzisa le miyalelo ilandelayo:
cd / tmp
uhlaziyo lwe-opkg
i-opkg yokukhuphela i-opkg
zcat ./opkg-lists/openwrt_base | grep -A10 "Iphakheji: opkg" | grep SHA256sum
sha256sum ./opkg_2020-01-25-c09fe209-1_*.ipk
Emva koko, thelekisa ii-checksums ezibonisiweyo kwaye ukuba ziyahambelana, yenza:
opkg install ./opkg_2020-01-25-c09fe209-1_*.ipk
Iinguqulelo ezintsha zikwasusa enye enye kwilayibrari , enokukhokelela ekuphuphumeni kwesikhuseli xa kusenziwa umsebenzi idata efomathwe ngokukhethekileyo yokubini okanye yeJSON. Ithala leencwadi lisetyenziswa kumacandelo osasazo anjenge netifd, procd, ubus, rpcd kunye ne uhttpd, ngokunjalo nakwiphakheji. (Uye kwi-sysUpgrade CLI). Ukuphuphuma kwebuffer kwenzeka xa iimpawu zamanani ezinkulu zodidi "eziphindwe kabini" zisasazwa kwiibhloko zeblob. Ungajonga ukuba semngciphekweni kwenkqubo yakho kubuthathaka ngokusebenzisa umyalelo:
$ubus fowunela luci getFeatures\
'{ "banik": 00192200197600198000198100200400.1922}'
Ukongeza ekupheliseni ubuthathaka kunye nokulungisa iimpazamo eziqokelelweyo, ukukhutshwa kwe-OpenWrt 19.07.1 kuphinde kwahlaziya uguqulelo lwe-Linux kernel (ukusuka kwi-4.14.162 ukuya kwi-4.14.167), yayisombulula imiba yokusebenza xa usebenzisa iifrikhwensi ze-5GHz, kunye nenkxaso ephuculweyo ye-Ubiquiti Rocket M. I-Titanium, izixhobo zeNetgear WN2500RP v1,
Zyxel NSA325, Netgear WNR3500 V2, Archer C6 v2, Ubiquiti EdgeRouter-X, Archer C20 v4, Archer C50 v4 Archer MR200, TL-WA801ND v5, HiWiFi HC5962, Xiaomi Mi Router 3 Pro 6350 neNetgear.
umthombo: opennet.ru