Ubuthathaka buchongiwe kwikhowudi yomphathi weprotocol ye-RDS esekelwe kwi-TCP (iSokhethi yeDatha ethembekileyo, i-net/rds/tcp.c) (), enokukhokelela ekufikeleleni kwindawo yememori esele ikhululiwe kunye nokukhanyela inkonzo (ngokunokwenzeka, ukuxhaphazwa kwengxaki ukuququzelela ukuphunyezwa kwekhowudi akubandakanywanga). Ingxaki ibangelwa yimeko yogqatso enokuthi yenzeke xa kusenziwa umsebenzi we-rds_tcp_kill_sock ngelixa ucoca iisokethi zesithuba segama lomsebenzi womnatha.
Inkcazo ingxaki iphawulwe njengokusebenziseka kude kuthungelwano, kodwa ngokugweba ngenkcazo , ngaphandle kobukho bendawo kwisixokelelwano kunye nokuguqulwa kweendawo zamagama, akuyi kwenzeka ukuba uququzelele uhlaselo ukude. Ngokukodwa, ngokutsho Abaphuhlisi be-SUSE, ubuthathaka buxhatshazwa kuphela ekuhlaleni; ukuququzelela uhlaselo kunzima kakhulu kwaye kufuna amalungelo awongezelelweyo kwinkqubo. Ukuba kwi-NVD inqanaba lengozi livavanywa kwi-9.3 (CVSS v2) kunye ne-8.1 (CVSS v2) amanqaku, ngoko ngokwe-SUSE yokulinganisa ingozi ihlolwe kumanqaku angama-6.4 kwi-10.
Abameli boBuntu nabo ingozi yengxaki ithathwa njengephakathi. Ngexesha elifanayo, ngokuhambelana nenkcazo ye-CVSS v3.0, ingxaki inikwe inqanaba eliphezulu lokuhlaselwa kobunzima kwaye ukuxhaphazwa kunikwe kuphela amanqaku angama-2.2 kwi-10.
Ukugweba ukusuka eCisco, ubuthathaka buxhatshazwa ukude ngokuthumela iipakethi zeTCP kwiinkonzo zenethiwekhi ezisebenzayo kwaye sele kukho iprototype ye-exploit. Ubungakanani apho olu lwazi luhambelana nenyani ayikacaci; mhlawumbi ingxelo iqulunqa kuphela uqikelelo lwe-NVD ngobugcisa. Ngu I-VulDB exploit ayikadalwa kwaye ingxaki isetyenziswa ekuhlaleni kuphela.
Ingxaki ibonakala kwiinkozo phambi kwe-5.0.8 kwaye ivaliwe ngoMatshi , ifakwe kwi-kernel 5.0.8. Kuninzi lonikezelo ingxaki ihlala ingasonjululwa (, , , ). Ukulungiswa kukhutshwe kwi-SLE12 SP3, i-openSUSE 42.3 kunye .
umthombo: opennet.ru