I-Qualys ifumene indlela yokudlula i-malloc kunye nokukhuselwa kwamahhala kabini ukuqalisa ukudluliselwa kolawulo kwikhowudi usebenzisa ubuthathaka kwi-OpenSSH 9.1 eyayinqunywe ukuba ibe nomngcipheko ophantsi wokudala ukuxhaphazwa kokusebenza. Ngelo xesha, ithuba lokudala ukuxhaphazwa kokusebenza lihlala lingumbuzo omkhulu.
Ukuba sesichengeni kubangelwa kuqinisekiso lwangaphambili oluphindwe kabini simahla. Ukudala iimeko zokuba sesichengeni kubonakale, kwanele ukutshintsha ibhena yomxhasi we-SSH ukuya ku-"SSH-2.0-FuTTYSH_9.1p1" (okanye omnye umxhasi we-SSH omdala) ukuze usete "SSH_BUG_CURVE25519PAD" kunye neeflegi "SSH_OLD_DHGEX". Emva kokuseta ezi flegi, inkumbulo ye "options.kex_algorithms" buffer ikhululwa kabini.
Abaphandi abavela kwi-Qualys, ngelixa beqhuba ubuthathaka, bakwazile ukufumana ulawulo lwerejista yeprosesa ye-"% rip", equlethe isalathisi kumyalelo olandelayo oza kuphunyezwa. Ubuchule boxhaphazo obuphuhlisiwe bukuvumela ukuba udlulisele ulawulo kuyo nayiphi na indawo kwindawo yedilesi yenkqubo ye-sshd kwindawo engekahlaziywa ye-OpenBSD 7.2, enikezelwe ngokungagqibekanga nge-OpenSSH 9.1.
Kuqatshelwe ukuba iprototype ecetywayo kukuphunyezwa kuphela kwinqanaba lokuqala lohlaselo - ukudala ukuxhaphazwa okusebenzayo, kuyimfuneko ukudlula i-ASLR, i-NX kunye ne-ROP yokukhusela iindlela, kunye nokuphunyuka kwe-sandbox yodwa, engenakwenzeka. Ukusombulula ingxaki yokudlula i-ASLR, i-NX kunye ne-ROP, kuyimfuneko ukufumana ulwazi malunga needilesi, ezinokuthi ziphunyezwe ngokuchonga omnye umngcipheko okhokelela ekuvuzeni kolwazi. I-bug kwinkqubo yabazali enelungelo okanye i-kernel inokunceda ukuphuma kwibhokisi yesanti.
umthombo: opennet.ru