uhlaziyo lweseva ye-DNS enegunya apho Ubuthathaka obune, ezimbini zazo ezinokukhokelela ekuphunyezweni kwekhowudi ekude ngumhlaseli.
Ubuthathaka CVE-2020-24696, CVE-2020-24697 kunye CVE-2020-24698
ikhowudi ngokuphunyezwa kwendlela yokutshintshiselana engundoqo . Ubuthathaka buvela kuphela xa i-PowerDNS yakhiwe ngenkxaso ye-GSS-TSIG (β-enable-experimental-gss-tsigβ, ingasetyenziswa ngokungagqibekanga) kwaye ingasetyenziswa ngokuthumela ipakethi yenethiwekhi eyenzelwe ngokukodwa. Iimeko zomdyarho kunye nokuba semngciphekweni okuphindwe kabini kwe-CVE-2020-24696 kunye ne-CVE-2020-24698 kunokukhokelela ekuqhekekeni okanye ekuphunyezweni kwekhowudi yomhlaseli xa kusetyenzwa izicelo ngokufomathwa ngokungalunganga kwe-GSS-TSIG utyikityo. Ukuba sesichengeni kwe-CVE-2020-24697 kukhawulelwe kukwaliwa kwenkonzo. Ekubeni ikhowudi ye-GSS-TSIG yayingasetyenziswanga ngokungagqibekanga, kubandakanywa kwiiphakheji zokusabalalisa, kwaye inokuthi iqulethe ezinye iingxaki, kugqitywe ukuba iyisuse ngokupheleleyo ekukhululweni kwe-PowerDNS Authoritative 4.4.0.
ingakhokelela ekuvuzeni kolwazi kwimemori yenkqubo engenziwanga, kodwa kwenzeka kuphela xa kusenziwa izicelo ezivela kubasebenzisi abaqinisekisiweyo abanako ukongeza iirekhodi ezintsha kwiindawo zeDNS ezinikezelwa ngumncedisi.
umthombo: opennet.ru