Iphrojekthi ye-Zero Day Initiative (ZDI) idalule ulwazi mayelana nokuba sengozini okungakabhalwa (izinsuku ezi-0) (CVE-2023-42115, CVE-2023-42116, CVE-2023-42117) kuseva ye-Exim mail, okukuvumela ukuthi usebenzise ukude ikhodi kuseva enenqubo yamalungelo eyamukela uxhumo embotsheni yenethiwekhi 25. Abukho ubuqiniso obudingekayo ukuze wenze ukuhlasela.
Ukuba sengozini kokuqala (CVE-2023-42115) kubangelwa iphutha kusevisi ye-smtp futhi kuhlotshaniswa nokuntuleka kokuhlola okufanele kudatha etholwe kumsebenzisi phakathi neseshini ye-SMTP futhi isetshenziselwa ukubala usayizi webhafa. Njengomphumela, umhlaseli angakwazi ukuzuza ukubhalwa okulawulwayo kwedatha yakhe endaweni yenkumbulo ngale komngcele webhafa eyabelwe.
Ukuba sengozini kwesibili (CVE-2023-42116) bukhona kusibambi sesicelo se-NTLM futhi kubangelwa ukukopisha idatha etholwe kumsebenzisi iye kubhafa yosayizi ogxilile ngaphandle kokuhlolwa okudingekayo kosayizi wolwazi olubhalwayo.
Ubungozi besithathu (i-CVE-2023-42117) bukhona kunqubo ye-smtp yokwamukela ukuxhumeka ku-TCP port 25 futhi kubangelwa ukuntuleka kokuqinisekisa okokufaka, okungaholela ekutheni idatha ehlinzekwe ngumsebenzisi ibhalwe endaweni yememori ngaphandle kwebhafa eyabiwe. .
Ukuba sengozini kumakwa njengosuku olungu-0, i.e. zihlala zingalungisiwe, kodwa umbiko we-ZDI uthi abathuthukisi be-Exim baziswe ngezinkinga kusenesikhathi. Ushintsho lokugcina lwesisekelo sekhodi ye-Exim lwenziwa ezinsukwini ezimbili ezedlule futhi akukacaci ukuthi izinkinga zizolungiswa nini (abakhiqizi bokusabalalisa abakabi naso isikhathi sokusabela kusukela ulwazi lwadalulwa ngaphandle kwemininingwane emahoreni ambalwa edlule). Okwamanje, abathuthukisi be-Exim balungiselela ukukhipha inguqulo entsha engu-4.97, kodwa alukho ulwazi oluqondile mayelana nesikhathi sokushicilelwa kwayo okwamanje. Okuwukuphela kwendlela yokuvikela eshiwo njengamanje ukukhawulela ukufinyelela kusevisi ye-SMTP esekelwe ku-Exim.
Ngokungeziwe ezingozini ezibalulwe ngenhla, ulwazi luphinde lwadalulwa mayelana nezinkinga ezimbalwa ezingeyona ingozi kangako:
- I-CVE-2023-42118 iyinani elichichimayo kulabhulali ye-libspf2 lapho kudluliswa amamakhro e-SPF. Ukuba sengozini kukuvumela ukuthi uqalise ukonakala kwesilawuli kude sokuqukethwe kwememori futhi kungasetshenziswa ukuhlela ukwenziwa kwekhodi yakho kuseva.
- I-CVE-2023-42114 ifundeka ngaphandle kwe-buffer kusibambi se-NTLM. Inkinga ingase ibangele ukuthi okuqukethwe yinkumbulo yenqubo yokuseviswa kwezicelo zenethiwekhi kuvuze.
- I-CVE-2023-42119 iwukuba sengcupheni kusibambi se-dnsdb okuholela ekuvuzeni kwenkumbulo kunqubo ye-smtp.
Source: opennet.ru