I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ukuba sengozini ku-pppd naku-lwIP evumela ukusetshenziswa kwekhodi yesilawuli kude namalungelo ezimpande

Ukuba sengozini ku-pppd naku-lwIP evumela ukusetshenziswa kwekhodi yesilawuli kude namalungelo ezimpande

Kuphakheji pppd ikhonjiwe ukuba sengozini (I-CVE-2020-8597), okukuvumela ukuthi usebenzise ikhodi yakho ngokuthumela izicelo zokuqinisekisa eziklanywe ngokukhethekile kumasistimu asebenzisa iphrothokholi ye-PPP (Point-to-Point Protocol) noma i-PPPoE (PPP over Ethernet). Lezi zivumelwano zivame ukusetshenziswa abahlinzeki ukuhlela ukuxhumana nge-Ethernet noma i-DSL, futhi zisetshenziswa kwamanye ama-VPN (isibonelo, pptpd kanye i-openfortivpn). Ukuhlola ukuthi amasistimu akho ayathinteka yini inkinga zilungisiwe sebenzisa i-prototype.

Ukuba sengozini kubangelwa ukuchichima kwebhafa ekusetshenzisweni kwephrothokholi yokuqinisekisa ye-EAP (Extensible Authentication Protocol). Ukuhlasela kungenziwa esigabeni sokuqinisekisa kwangaphambilini ngokuthumela iphakethe elinohlobo lwe-EAPT_MD5CHAP, okuhlanganisa negama lomsingathi elide kakhulu elingangeni kubhafa enikeziwe. Ngenxa yesiphazamisi kukhodi yokuhlola usayizi wenkambu ye-rhostname, umhlaseli angabhala phezu kwedatha ngaphandle kwebhafa kustaki futhi azuze ekusebenziseni ukude kwekhodi yakhe ngamalungelo empande. Ukuba sengozini kuzibonakalisa kuseva nasezinhlangothini zeklayenti, i.e. Akuyona iseva kuphela engahlaselwa, kodwa futhi iklayenti elizama ukuxhuma kuseva elawulwa umhlaseli (isibonelo, umhlaseli angaqala ngokugebenga iseva ngokuba sengozini, bese eqala ukuhlasela amakhasimende axhumayo).

Inkinga ithinta izinguqulo pppd kusukela ku-2.4.2 kuya ku-2.4.8 kuhlangene futhi kukhishwe efomini isichibi. Ukuba sengozini futhi kuyathinta isitaki lwIP, kodwa ukulungiselelwa okuzenzakalelayo ku-lwIP akuniki amandla usekelo lwe-EAP.

Isimo sokulungisa inkinga kumakhithi wokusabalalisa singabukwa kulawa makhasi: Debian, Ubuntu, RHEL, Fedora, SUSE, I-OpenWRT, Arch, I-NetBSD. Ku-RHEL, OpenWRT kanye ne-SUSE, iphakheji ye-pppd yakhiwe ngokuvikela "Isitaki Smashing Protection" esinikwe amandla (imodi ye-"-fstack-protector" ku-gcc), ekhawulela ukuxhashazwa ekuhlulekeni. Ngokungeziwe ekusabalaliseni, ukuba sengozini kuphinde kwaqinisekiswa kweminye imikhiqizo Cisco (Umphathi Wezingcingo) TP-LINK kanye ne-Synology (I-DiskStation Manager, VisualStation VS960HD kanye ne-Router Manager) kusetshenziswa ikhodi ye-pppd noma ye-lwIP.

Source: opennet.ru

Engeza amazwana