Mfundi othandekayo, okokuqala ngithanda ukuveza ukuthi njengesakhamuzi saseJalimane, ikakhulukazi ngichaza isimo saleli zwe. Mhlawumbe isimo ezweni lakini sihluke kakhulu.
Ngo-December 17, 2019, kwashicilelwa imininingwane ekhasini Lesikhungo Solwazi Se-Citrix mayelana nokuba sengozini okubucayi ku-Citrix Application Delivery Controller (NetScaler ADC) kanye nemigqa yomkhiqizo we-Citrix Gateway, edume ngokuthi i-NetScaler Gateway.
I-CTX267027: CVE-2019-19781 - Ukuba sengozini ku-Citrix Application Delivery Controller I-CTX267679: Izinyathelo Zokunciphisa I-CVE-2019-19781 I-CTX269180: CVE-2019-19781 - Ithuluzi Lokuqinisekisa (Kushicilelwe 15.01.2020/XNUMX/XNUMX!)
Ngesikhathi esifanayo nokushicilelwa kolwazi mayelana nokuba sengozini, i-Citrix ishicilele izincomo zokunciphisa ubungozi (Ukusebenza). Ukuvalwa okuphelele kokuba sengozini kwathenjiswa kuphela ekupheleni kukaJanuwari 2020.
Ubukhulu balokhu kuba sengcupheni (inombolo CVE-2019-19781)
Ukusabela okungenzeka ezindabeni
Njengomuntu onomthwalo wemfanelo, ngicabange ukuthi bonke ochwepheshe be-IT abanemikhiqizo ye-NetScaler kwingqalasizinda yabo benze lokhu okulandelayo:
- ngokushesha zenze zonke izincomo zokunciphisa ubungozi obushiwo esihlokweni esithi CTX267679.
- uhlole kabusha izilungiselelo ze-Firewall ngokuya ngethrafikhi evunyelwe esuka ku-NetScaler eya kunethiwekhi yangaphakathi.
- uncome ukuthi abaphathi bezokuphepha be-IT banake imizamo βengajwayelekileβ yokufinyelela i-NetScaler futhi, uma kunesidingo, bayivimbe. Ake ngikukhumbuze ukuthi i-NetScaler ivamise ukutholakala e-DMZ.
- ihlole ukuthi kungenzeka yini ukunqamula i-NetScaler okwesikhashana kunethiwekhi kuze kutholakale ulwazi oluningiliziwe mayelana nenkinga. Ngamaholide angaphambi kukaKhisimusi, amaholide, njll., lokhu bekungeke kube buhlungu kangako. Ngaphezu kwalokho, izinkampani eziningi zinenye indlela yokufinyelela nge-VPN.
Kwenzekani ngokulandelayo?
Ngeshwa, njengoba kuzocaca kamuva, lezi zinyathelo ezingenhla, okuyindlela evamile, azizange zishaywe indiva abaningi.
Ochwepheshe abaningi ababhekele ingqalasizinda ye-Citrix bafunde ngobungozi kuphela ngoJanuwari 13.01.2020, XNUMX.
Ngesizathu esithile, ngangikholelwa ukuthi ochwepheshe be-IT bafunda ama-imeyili avela kubakhiqizi, amasistimu abawaphathisiwe, abakwazi ukusebenzisa i-Twitter, babhalisele ochwepheshe abaholayo emkhakheni wabo futhi banesibopho sokugcina ulwazi ngezenzakalo zamanje.
Eqinisweni, isikhathi esingaphezu kwamasonto amathathu, amakhasimende amaningi akwaCitrix azinakanga ngokuphelele izincomo zomenzi. Futhi amaklayenti akwaCitrix afaka cishe zonke izinkampani ezinkulu neziphakathi eJalimane, kanye nazo zonke izinhlaka zikahulumeni. Okokuqala nje, ukuba sengozini kuthinte izinhlaka zikahulumeni.
Kodwa kukhona okumele ukwenze
Labo amasistimu abo afakwe ebucayini badinga ukufakwa kabusha okuphelele, okuhlanganisa ukushintshwa kwezitifiketi ze-TSL. Mhlawumbe lawo makhasimende e-Citrix abelindele ukuthi umenzi athathe isinyathelo esisebenzayo ekuqedeni ukuba sengozini okubalulekile azobheka enye indlela. Kufanele sivume ukuthi impendulo kaCitrix ayikhuthazi.
Miningi imibuzo kunezimpendulo
Umbuzo ophakamayo, ngabe benzani abalingani abaningi beCitrix, iplatinamu negolide? Kungani ulwazi oludingekayo luvele emakhasini abanye ozakwethu be-Citrix evikini lesi-3 lika-2020 kuphela? Kusobala ukuthi ochwepheshe bangaphandle abakhokhelwa kakhulu nabo balala kulesi simo esiyingozi. Angifuni ukucasula noma ubani, kodwa umsebenzi womlingani ngokuyinhloko ukuvimbela izinkinga ezivela, futhi hhayi ukunikeza = ukuthengisa usizo ekuziqedeni.
Eqinisweni, lesi simo sabonisa isimo sangempela sezindaba emkhakheni wezokuphepha kwe-IT. Bobabili abasebenzi beminyango ye-IT yezinkampani nabaxhumanisi bezinkampani ezisebenzisana nabo be-Citrix kufanele baqonde iqiniso elilodwa: uma kukhona ubungozi, kufanele buqedwe. Hhayi-ke, ukuba sengozini okubalulekile kufanele kuqedwe ngokushesha!
Source: www.habr.com