Inkinga
Ikhodi yokubiza i-string_interpret_escape() yabela isilondolozi sokudonsa ngokususelwe kusayizi wangempela, futhi isikhombisi esiveziwe sigcina sisendaweni engaphandle kwemingcele yebhafa. Ngokufanelekile, lapho uzama ukucubungula iyunithi yezinhlamvu yokufaka, isimo siphakama lapho kufundwa idatha endaweni engaphandle kwemingcele yebhafa eyabelwe, futhi umzamo wokubhala iyunithi yezinhlamvu ezingaphunyuki ungaholela ekubhaleni ngale kwemingcele yebhafa.
Ekucushweni okuzenzakalelayo, ubungozi bungasetshenziswa ngokuthumela idatha eklanywe ngokukhethekile ku-SNI lapho kusungulwa uxhumano oluvikelekile kuseva. Inkinga ingase futhi isetshenziswe ngokushintsha amanani e-peerdn ekucushweni okulungiselelwe ukuqinisekiswa kwesitifiketi seklayenti noma lapho kungenisa izitifiketi. Ukuhlasela nge-SNI kanye ne-peerdn kungenzeka kusukela ekukhululweni
I-prototype yokuxhaphaza isilungiselelwe ukuhlaselwa nge-SNI, esebenza ku-i386 kanye nezakhiwo ze-amd64 ezinhlelweni ze-Linux nge-Glibc. Ukuxhaphaza kusebenzisa imbondela yedatha endaweni yenqwaba, okuholela ekubhaleni phezu kwememori lapho kugcinwa khona igama lefayela lokungena. Igama lefayela lithathelwa indawo "/../../../../../../../../etc/passwd". Okulandelayo, okuguquguqukayo okunekheli lomthumeli kubhalwa ngaphezulu, okulondolozwe okokuqala kulogi, okukuvumela ukuthi wengeze umsebenzisi omusha ohlelweni.
Izibuyekezo zephakheji ezinokulungiswa kokuba sengozini ezikhishwe ngokusatshalaliswa
Njengendlela yokwenza ukuvimba ukuba sengozini, ungakhubaza ukusekelwa kwe-TLS noma wengeze
Isigaba se-ACL βacl_smtp_mailβ:
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
Source: opennet.ru