Ubuthathaka obubalulekileyo (CVE-2021-43267) ichongiwe ekuphunyezweni kwe-TIPC (Transparent Inter-process Communication) protocol yenethiwekhi enikezelwe kwi-Linux kernel, ekuvumela ukuba wenze ukude ikhowudi yakho ngamalungelo e-kernel ngokuthumela eyilwe ngokukodwa. ipakethi yenethiwekhi. Ingozi yengxaki iyancitshiswa yinto yokuba uhlaselo lufuna unikezelo olucacileyo lwenkxaso ye-TIPC kwinkqubo (ukulayisha kunye nokuqwalasela imodyuli ye-tipc.ko kernel), engenziwanga ngokungagqibekanga kunikezelo lwe-Linux olungeyodwa.
Iprotocol ye-TIPC iye yaxhaswa ukususela kwi-Linux kernel 3.19, kodwa ikhowudi ekhokelela ekubeni sesichengeni ifakwe kwi-kernel 5.10. Ubuthathaka bulungisiwe kwiikernels 5.15.0, 5.10.77 kunye ne-5.14.16. Ingxaki ibonakala kwaye ayikalungiswa kwi-Debian 11, Ubuntu 21.04/21.10, SUSE (kwisebe elingekakhululwa le-SLE15-SP4), i-RHEL (ayikacaciswa ukuba ngaba ukulungiswa okusemngciphekweni kubuyiselwe emva) kunye ne-Fedora. Uhlaziyo lwe-kernel sele lukhutshiwe kwiArch Linux. Ukuhanjiswa kunye ne-kernel endala kune-5.10, njenge-Debian 10 kunye ne-Ubuntu 20.04, ayichatshazelwa yingxaki.
Iprothokholi ye-TIPC yaphuhliswa ekuqaleni ngu-Ericsson, eyilelwe ukuququzelela unxibelelwano phakathi kwenkqubo kwiqela kwaye ivulwa ikakhulu kwii-cluster nodes. I-TIPC ingasebenza phezu kwe-Ethernet okanye i-UDP (i-network port 6118). Xa usebenza nge-Ethernet, ukuhlaselwa kunokuqhutyelwa kwinethiwekhi yendawo, kwaye xa usebenzisa i-UDP, ukusuka kumnatha wehlabathi jikelele ukuba i-port ayifakwanga kwi-firewall. Uhlaselo lunokuqhutywa ngumsebenzisi wasekhaya ongenanto yakwenza nomkhosi. Ukwenza i-TIPC isebenze, kufuneka ukhuphele imodyuli ye-tipc.ko kernel kwaye uqwalasele isibophelelo kujongano lomsebenzi womnatha usebenzisa i-netlink okanye into eluncedo ye-tipc.
Ubuthathaka buzibonakalisa kumsebenzi we-tipc_crypto_key_rc kwaye kubangelwa ukunqongophala koqinisekiso olululo lwembalelwano phakathi kwedatha echazwe kwisihloko kunye nobukhulu bedatha xa ucazulula iipakethi kunye nohlobo lwe-MSG_CRYPTO, olusetyenziselwa ukufumana izitshixo ze-encryption kwezinye iindawo. kwiqela lenjongo yokulandela uguqulelo oluntsonkothileyo lwemiyalezo ethunyelwe kwezi nodi. Ubungakanani bedatha ekhutshelwe kwimemori ibalwa njengomahluko phakathi kwamaxabiso emihlaba enobungakanani bomyalezo kunye nobukhulu bentloko, kodwa ngaphandle kokuthathela ingqalelo ubungakanani begama le-algorithm yofihlo kunye nemixholo iqhosha ligqithiselwe kumyalezo. Kucingelwa ukuba ubungakanani begama le-algorithm lulungisiwe, kwaye uphawu olwahlukileyo kunye nobukhulu lugqithiselwe isitshixo, kwaye umhlaseli angakhankanya ixabiso kule mpawu eyahlukileyo kweyokwenene, eya kukhokelela ekubhaleni umsila womyalezo ngaphaya kwesikhuseli esinikezelweyo. i-struct tipc_aead_key {char alg_name[TIPC_AEAD_ALG_NAME]; isitshixo esingatyikitywanga; /* ngeebhayithi */ iqhosha le-char[]; };
umthombo: opennet.ru