Ukuba sengozini kukhonjwe kukhodi yesibambi sephrothokholi ye-RDS esekwe ku-TCP (Isokhethi Yedatha Ethembekile, net/rds/tcp.c) (), okungaholela ekufinyeleleni endaweni yememori evele ikhululiwe kanye nokwenqatshwa kwenkonzo (okungenzeka, ukuthi kungenzeka ukuthi kusetshenziswe inkinga ukuhlela ukukhishwa kwekhodi akufakiwe). Inkinga ibangelwa isimo somjaho esingase sibe khona uma kwenziwa umsebenzi we-rds_tcp_kill_sock ngenkathi kusula amasokhethi endaweni yamagama yenethiwekhi.
Esicacisweni inkinga imakwe njengokusebenziseka ukude kunethiwekhi, kodwa uma kubhekwa incazelo , ngaphandle kokuba khona kwendawo kusistimu nokusetshenziswa kwezikhala zamagama, ngeke kwenzeke ukuhlela ukuhlasela ukude. Ikakhulukazi, ngokusho Onjiniyela be-SUSE, ukuba sengozini kuxhashazwa endaweni kuphela; ukuhlela ukuhlasela kuyinkimbinkimbi futhi kudinga amalungelo angeziwe ohlelweni. Uma ku-NVD izinga lengozi lihlolwa kumaphuzu angu-9.3 (CVSS v2) kanye nangu-8.1 (CVSS v2), bese ngokwesilinganiso se-SUSE ingozi ihlolwa ngamaphoyinti angu-6.4 kwangu-10.
Abamele Ubuntu futhi ingozi yenkinga ibhekwa njengokulinganisela. Ngesikhathi esifanayo, ngokuhambisana nokucaciswa kwe-CVSS v3.0, inkinga inikezwa izinga eliphezulu lobunzima bokuhlasela futhi ukuxhashazwa kunikezwa amaphuzu angu-2.2 kuphela kwangu-10.
Ukwahlulela kusuka ku-Cisco, ubungozi buxhashazwa kude ngokuthumela amaphakethe e-TCP kumasevisi enethiwekhi asebenzayo futhi sekuvele kukhona i-prototype yokuxhashazwa. Izinga lolu lwazi oluhambisana ngalo neqiniso alikacaci kahle; mhlawumbe umbiko ufaka ngobuciko kuphela ukuqagela kwe-NVD. Ngu Ukuxhaphaza kwe-VulDB akukakadalwa futhi inkinga isetshenziswa endaweni kuphela.
Inkinga ivela ezinhlamvini ngaphambi kuka-5.0.8 futhi ivinjwe ngoNdasa , kufakwe ku-kernel 5.0.8. Ekusakazweni okuningi inkinga ihlala ingaxazululiwe (, , , ). Ukulungiswa kukhishwe i-SLE12 SP3, i-openSUSE 42.3 kanye .
Source: opennet.ru