Kusitaki sokuphathelene se-TCP/IP , ixhashazwe ngokuthumela amaphakheji aklanywe ngokukhethekile. Ubungozi bunikezwe igama lekhodi . Obunye ubungozi buphinde buvele kusitaki se-KASAGO TCP/IP esivela ku-Zuken Elmic (Elmic Systems), enezimpande ezifanayo ne-Treck. I-Treck stack isetshenziswa kumishini eminingi yezimboni, yezokwelapha, yezokuxhumana, eshumekiwe kanye neyabathengi (kusuka kumalambu ahlakaniphile ukuya kumaphrinta kanye nempahla kagesi engaphazamiseki), kanye namandla, ezokuthutha, izindiza, ezohwebo kanye nemishini yokukhiqiza uwoyela.
Okuqondiwe okuphawulekayo kokuhlasela kusetshenziswa isitaki se-TCP/IP sika-Treck kufaka phakathi amaphrinta enethiwekhi ye-HP nama-Intel chips. Ikakhulukazi, izinkinga kusitaki se-Treck TCP/IP kuvele ukuthi kube yimbangela yakamuva kumasistimu angaphansi we-Intel AMT kanye ne-ISM, asetshenziswa ngokuthumela iphakethe lenethiwekhi. Ukuba khona kobungozi kuqinisekiswe ngabakhiqizi i-Intel, HP, Hewlett Packard Enterprise, Baxter, Caterpillar, Digi, Rockwell Automation kanye neSchneider Electric. Okuningi
, imikhiqizo yayo esebenzisa isitaki se-TCP/IP sika-Treck, ayikaphenduli ezinkingeni. 5, okuhlanganisa ne-AMD, bathe imikhiqizo yabo ayinazo izinkinga.
Izinkinga zatholwa ekusetshenzisweni kwezivumelwano ze-IPv4, IPv6, UDP, DNS, DHCP, TCP, ICMPv4 kanye ne-ARP, futhi zidalwe ukucubungula okungalungile kwamapharamitha kasayizi wedatha (kusetshenziswa inkambu yosayizi ngaphandle kokuhlola usayizi wedatha wangempela), amaphutha ukuhlola ulwazi lokufakwayo, ukukhululeka kabili kwenkumbulo, ukufundwa ngaphandle kwebhafa, ukuchichima okuphelele, ukulawula ukufinyelela okungalungile, kanye nezinkinga zokuphatha amayunithi ezinhlamvu ahlukaniswe ngalutho.
Izinkinga ezimbili eziyingozi kakhulu (CVE-2020-11896, CVE-2020-11897), ezinikezwe i-CVSS ileveli 10, zivumela ikhodi ukuthi isetshenziswe kudivayisi ngokuthumela amaphakethe e-IPv4/UDP noma IPv6 afomethwe ngokukhethekile. Inkinga yokuqala ebalulekile ivela kumadivayisi anosekelo lwemigudu ye-IPv4, kanti eyesibili kuzinguqulo ezikhishwe ngaphambi komhla ka-04.06.2009/6/9 ngokusekelwa kwe-IPv2020. Okunye ubungozi obubalulekile (CVSS 11901) bukhona kusixazululi se-DNS (CVE-XNUMX-XNUMX) futhi kuvumela ukwenziwa kwekhodi ngokuthumela isicelo se-DNS esakhiwe ngokukhethekile (inkinga yasetshenziselwa ukubonisa ukugetshengwa kwe-Schneider Electric APC UPS futhi ivela kumadivayisi ane Ukusekelwa kwe-DNS).
Obunye ubungozi CVE-2020-11898, CVE-2020-11899, CVE-2020-11902, CVE-2020-11903, CVE-2020-11905 vumela okuqukethwe kwe-IPv4/ICMPv4, IPvCPtovDH, IPv6, IPv4, IPv6, IPv. ukuthumela izindawo zememori zamaphakethe eziklanywe ngokukhethekile. Ezinye izinkinga zingase zibangele ukunqatshelwa kwesevisi noma ukuvuza kwedatha eyinsalela evela kumabhafa wesistimu.
Ubungozi obuningi bulungisiwe ku-Treck 6.0.1.67 (CVE-2020-11897 ilungiswe kokuthi 5.0.1.35, CVE-2020-11900 kokuthi 6.0.1.41, CVE-2020-11903 kokuthi 6.0.1.28-2020 ku-CVE11908. 4.7.1.27). Njengoba ukulungiselela izibuyekezo ze-firmware zamadivayisi athile kungase kubambezeleke noma kungenzeki (isitaki se-Treck sesikhona iminyaka engaphezu kwengu-20, amadivaysi amaningi ahlala enganakekelwa noma kunzima ukuwabuyekeza), abalawuli bayelulekwa ukuthi bahlukanise amadivaysi ayinkinga futhi balungise amasistimu okuhlola amaphakethe, izindonga zomlilo. noma ama-routers ukuze ajwayele noma avimbe amaphakethe ahlukene, vimba imigudu ye-IP (IPv6-in-IPv4 ne-IP-in-IP), vimba “umzila womthombo”, unike amandla ukuhlolwa kwezinketho ezingalungile kumaphakethe we-TCP, uvimbele imilayezo yokulawula ye-ICMP engasetshenziswanga (MTU Update kanye Imaski Yekheli), khubaza i-IPv6 multicast futhi uqondise kabusha imibuzo ye-DNS kuseva ye-DNS ephindayo evikelekile.
Source: opennet.ru