Amaqela ophando iiLabhu zoPhando lwe-Forescout kunye noPhando lwe-JSOF baye bapapasha iziphumo zophando oluhlangeneyo lokhuseleko lweendlela ezahlukeneyo zokuphunyezwa kweskimu soxinzelelo olusetyenziselwa ukupakisha amagama aphindwe kabini kwi-DNS, mDNS, DHCP, kunye ne-IPv6 RA imiyalezo (ukupakisha iindawo zesizinda eziphindwe kabini kwimiyalezo. eziquka amagama amaninzi). Ngethuba lomsebenzi, ubuthathaka be-9 bachongwa, obushwankathelwa phantsi kwegama lekhowudi NAME: WRECK.
Imiba ichongiwe kwi-FreeBSD, kunye nakwi-networking subsystems IPnet, i-Nucleus NET kunye ne-NetX, eziye zasasazeka kwiinkqubo ze-VxWorks, i-Nucleus kunye ne-ThreadX yexesha langempela elisetyenziswa kwizixhobo ezizenzekelayo, ukugcinwa, izixhobo zonyango, ii-avionics, iiprinta. kunye nee-elektroniki zabathengi. Kuqikelelwa ukuba ubuncinane izixhobo ezili-100 lezigidi zichatshazelwa bubuthathaka.
- Ubuthathaka kwi-FreeBSD (CVE-2020-7461) yenze ukuba kube lula ukuququzelela ukuphunyezwa kwekhowudi yayo ngokuthumela ipakethe ye-DHCP eyenzelwe ngokukodwa kubahlaseli ababekwe kuthungelwano lwendawo efanayo njengexhoba, ukuqhutyelwa kwayo ngumthengi we-DHCP osengozini. Ukuphuphuma kwesithinteli. Ingxaki yathotywa yinto yokuba inkqubo ye-dhclient apho ubuthathaka bebukho ibiqhutywa ngamalungelo okusetwa ngokutsha kwindawo ekwanti yeCapsicum, ebifuna ukuchonga omnye ubuthathaka ukuphuma.
Impazamo ivela ekuqinisekisweni kweparameter okungachanekanga kwipakethi ebuyisiweyo yeseva ye-DHCP enokhetho lwe-DHCP 119, oluvumela uluhlu "lokukhangela idomeyini" ukuba ludluliselwe kwisisombululo. Ubalo olungachanekanga lobungakanani be-buffer olufunekayo ukuze kuhlangatyezwane nedatha engafakwanga. amagama eedomeyini, ibangele ukuba ulwazi olulawulwa ngabahlaseli lubhalwe ngaphaya kwe-buffer eyabelweyo. Le ngxaki yalungiswa kwiFreeBSD emva phaya ngoSeptemba kunyaka ophelileyo. Ingasetyenziswa kuphela ngokufikelela kwinethiwekhi yasekuhlaleni.
- Ubuthathaka kwi-IPnet networking stack efakwe kwi-RTOS VxWorks ivumela ukuphunyezwa kwekhowudi enokwenzeka kwicala lomxhasi we-DNS ngenxa yokuphathwa kakubi koxinzelelo lomyalezo we-DNS. Njengoko kwavelayo, obu buthathaka bachongwa okokuqala yi-Exodus ngo-2016, kodwa ayizange ilungiswe. Isicelo esitsha kuWind River naso asikhange siphenduleke kwaye izixhobo ze-IPnet zihlala zisesichengeni.
- В TCP/IP Kuchongwe iingxaki ezintandathu kwi-Nucleus NET stack exhaswa yi-Siemens, ezimbini zazo ezinokukhokelela ekusebenziseni ikhowudi ekude kwaye ezine ezinokubangela ukungavunyelwa kwenkonzo. Ingxaki yokuqala ebalulekileyo inxulumene nempazamo ekukhupheni imiyalezo ye-DNS ecinezelweyo, kwaye eyesibini kuhlalutyo olungalunganga lweeleyibhile zamagama edomeyini. Zombini ezi ngxaki zibangela ukugcwala kwe-buffer xa kusetyenzwa iimpendulo ze-DNS ezenziwe ngokukodwa.
Ukuxhaphaza ubuthathaka, umhlaseli ufuna nje ukuthumela impendulo eyilelwe ngokukodwa kuso nasiphi na isicelo esisemthethweni esithunyelwe kwisixhobo esisengozini, umzekelo, ngokuqhuba uhlaselo lwe-MTIM kunye nokuphazamisa ukugcwala phakathi kweseva ye-DNS kunye nexhoba. Ukuba umhlaseli unokufikelela kwinethiwekhi yendawo, ngoko unokuqalisa iseva ye-DNS ezama ukuhlasela izixhobo eziyingxaki ngokuthumela izicelo ze-mDNS kwimodi yosasazo.
- Ukuba sesichengeni kwisitaki senethiwekhi ye-NetX (i-Azure RTOS NetX), ephuhliselwe i-ThreadX RTOS kwaye yavulwa ngo-2019 emva kokuba ithathwe nguMicrosoft, yaphelela ekukhanyeni inkonzo. Ingxaki ibangelwa yimpazamo ekucazululeni imiyalezo ecinezelweyo ye-DNS ekuphunyezweni komsombululi.
Kuluhlu oluvavanyiweyo lwenethiwekhi apho kungekho buthathaka bufunyenweyo obunxulumene noxinzelelo lwedatha ephindaphindiweyo kwimiyalezo ye-DNS, ezi projekthi zilandelayo zathiywa amagama: lwIP, Nut/Net, Zephyr, uC/TCP-IP, uC/TCP-IP, FreeRTOS+TCP , OpenThread kunye neFNET. Ngaphezu koko, ezimbini zokuqala (iNut/Net kunye ne-lwIP) azixhasi ucinezelo kwimiyalezo ye-DNS konke konke, ngelixa ezinye ziphumeza lo msebenzi ngaphandle kweempazamo. Ukongezelela, kuphawulwe ukuba ngaphambili abaphandi abafanayo sele bechonge ubuthathaka obufanayo kwi-Treck, i-uIP kunye ne-PicoTCP stacks.
umthombo: opennet.ru
