Kwi-FreeBSD, ubuthathaka (i-CVE-2022-23093) ichongiwe kwi-ping utility efakwe kwi-distribution eyisiseko. Umba unokukhokelela ekuphunyezweni kwekhowudi ekude ngamalungelo engcambu xa u-pinging umamkeli wangaphandle olawulwa ngumhlaseli. Ukulungiswa kwanikezelwa kuhlaziyo lwe-FreeBSD 13.1-RELEASE-p5, 12.4-RC2-p2 kunye ne-12.3-RELEASE-p10. Akukacaci ukuba ezinye iinkqubo ze-BSD ziyachatshazelwa bubuthathaka obuchongiweyo (akukho ngxelo zobuthathaka kwi-NetBSD, DragonFlyBSD kunye ne-OpenBSD okwangoku).
Ukuba sesichengeni kubangelwa kukuphuphuma kwebuffer kwikhowudi yokwahlulahlula yemiyalezo ye-ICMP efunyenwe ngokuphendula isicelo sokuqinisekisa. Ikhowudi yokuthumela nokufumana imiyalezo ye-ICMP kwi-ping isebenzisa iisokethi ezikrwada kwaye iphunyezwa ngamalungelo aphakamileyo (into eluncedo iza neflegi yengcambu ye-setuid). Impendulo icutshungulwa kwicala le-ping ngokwakhiwa kwakhona kwe-IP kunye neentloko ze-ICMP zeepakethi ezifunyenwe kwi-socket eluhlaza. I-IP ekhethiweyo kunye neentloko ze-ICMP zikopishwa kwi-buffers nge-pr_pack (), ngaphandle kokuqwalasela ukuba iintloko ezongezelelweyo ezongezelelweyo zinokuba khona kwipakethi emva kwe-header ye-IP.
Iiheader ezinjalo zikhutshwe kwipakethi kwaye zifakwe kwi-header block, kodwa azithathelwa ngqalelo xa kubalwa ubungakanani be-buffer. Ukuba umamkeli, ngokuphendula isicelo esithunyelweyo se-ICMP, ubuyisela ipakethi enezihloko ezongezelelweyo, imixholo yazo iya kubhalwa kwindawo engaphaya komda webuffer kwisitaki. Ngenxa yoko, umhlaseli unokubhala ngaphezulu ukuya kuthi ga kwi-40 bytes yedatha kwisitaki, ngokunokuvumela ikhowudi yakhe ukuba iphunyezwe. Ubuzaza bengxaki buncitshiswe yinto yokuba ngexesha le mpazamo isenzeka, inkqubo ikwimo yenkqubo yokufowuna yodwa (imowudi yobuchule), nto leyo eyenza kube nzima ukufikelela kuyo yonke inkqubo emva kokuxhaphaza ubuthathaka. .
umthombo: opennet.ru