I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ukuba sengozini kumarutha e-MikroTik okuholela ekusebenziseni ikhodi lapho kucutshungulwa i-IPv6 RA

Ukuba sengozini kumarutha e-MikroTik okuholela ekusebenziseni ikhodi lapho kucutshungulwa i-IPv6 RA

Ukuba sengozini okubalulekile (CVE-2023-32154) kukhonjwe kusistimu yokusebenza ye-RouterOS esetshenziswa kumarutha e-MikroTik, okuvumela umsebenzisi ongagunyaziwe ukuthi akhiphe ikhodi ekude kudivayisi ngokuthumela isikhangiso serutha se-IPv6 esiklanywe ngokukhethekile (i-RA, Isikhangiso Somzila).

Inkinga ibangelwa ukuntuleka kokuqinisekiswa okufanele kwedatha evela ngaphandle ohlelweni olubhekele ukucubungula izicelo ze-IPv6 RA (Isikhangiso Somzila), okwenze kwaba nokwenzeka ukubhala idatha ngale kwemingcele yebhafa eyabiwe futhi kuhlelwe ukwenziwa kwekhodi yakho. ngamalungelo ezimpande. Ukuba sengozini kuvela emagatsheni e-MikroTik RouterOS v6.xx kanye ne-v7.xx, lapho i-IPv6 RA inikwe amandla kuzilungiselelo zokwamukela imilayezo ye-IPv6 RA (β€œipv6/settings/ set accept-router-advertisements=yebo” noma β€œipvXNUMX/settings/ set forward=cha yamukela-irutha -advertisements=yebo-uma-ukudlulisela-kukhutshaziwe").

Amathuba okuxhaphaza ubungozi ekusebenzeni aboniswe emqhudelwaneni we-Pwn2Own eToronto, lapho abacwaningi abahlonze inkinga bathola umvuzo we-$ 100,000 ngokugebenga ingqalasizinda ngezigaba eziningi ngokuhlaselwa kwe-router ye-Mikrotik futhi bayisebenzise njenge isisekelo sokuhlasela kwezinye izingxenye zenethiwekhi yendawo (abahlaseli bakamuva bathole ukulawula iphrinta yeCanon, ulwazi olumayelana nokuba sengozini okwavezwa futhi kukho).

Ulwazi olumayelana nokuba sengozini lushicilelwe ekuqaleni ngaphambi kokuthi ipheshi yenziwe umkhiqizi (0-day), kodwa i-RouterOS 7.9.1, 6.49.8, 6.48.7, 7.10beta8 izibuyekezo ezilungisa ukuba sengozini sezishicilelwe. Ngokolwazi oluvela kuphrojekthi ye-ZDI (Zero Day Initiative), eqhuba umncintiswano we-Pwn2Own, umkhiqizi wazisiwe ngokuba sengozini ngoDisemba 29, 2022. Abamele iMikroTik bathi abasitholanga isaziso futhi bafunde ngenkinga ngoMeyi 10 kuphela, ngemuva kokuthumela isixwayiso sokugcina sokudalulwa. Ngaphezu kwalokho, umbiko wokuba sengozini uveza ukuthi ulwazi olumayelana nesimo senkinga ludluliselwe kummeleli we-MikroTik mathupha ngesikhathi somncintiswano we-Pwn2Own e-Toronto, kodwa ngokusho kweMikroTik, abasebenzi beMikroTik abazange bahlanganyele emcimbini nganoma yisiphi isikhundla.

Source: opennet.ru

Engeza amazwana