I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ukuba sengozini kumojula ye-Linux kernel ksmbd evumela ukusetshenziswa kwekhodi yesilawuli kude

Ukuba sengozini kumojula ye-Linux kernel ksmbd evumela ukusetshenziswa kwekhodi yesilawuli kude

Kumojula ye-ksmbd, enikeza ukuqaliswa kweseva yefayela ngokusekelwe kuphrothokholi ye-SMB eyakhelwe ku-Linux kernel, ubungozi obuyi-14 buhlonziwe, obune buvumela umuntu ukuthi akhiphe ikhodi yakhe ekude ngamalungelo e-kernel. Ukuhlasela kungenziwa ngaphandle kokuqinisekisa; kwanele ukuthi imodyuli ye-ksmbd icushwe ohlelweni. Izinkinga zivela kusukela ku-kernel 5.15, ehlanganisa imojuli ye-ksmbd. Ubungozi bulungisiwe kuzibuyekezo ze-kernel 6.3.2, 6.2.15, 6.1.28 kanye no-5.15.112. Ungakwazi ukulandelela ukulungiswa kokusatshalaliswa emakhasini alandelayo: I-Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Gentoo, Arch.

Izinkinga ezikhonjiwe:

  • I-CVE-2023-32254, CVE-2023-32250, CVE-2023-32257, CVE-2023-32258 - ukusetshenziswa kwekhodi yesilawuli kude esinamalungelo e-kernel ngenxa yokuntuleka kokukhiya into efanele lapho kucutshungulwa izicelo zangaphandle eziqukethe i-SMB2_TREE_DISCONNECTION_DISCONNECTION_MB2MB, SMB2_TREE_DISCONNECTION_DISCONNECTION SMB2_CLOSE, okuholela esimweni somjaho esisebenzisekayo. Ukuhlasela kungenziwa ngaphandle kokuqinisekisa.
  • I-CVE-2023-32256 - Ukuvuza okuqukethwe kwezifunda zenkumbulo ye-kernel ngenxa yesimo somjaho phakathi nokucutshungulwa kwemiyalo ye-SMB2_QUERY_INFO kanye ne-SMB2_LOGOFF. Ukuhlasela kungenziwa ngaphandle kokuqinisekisa.
  • I-CVE-2023-32252, CVE-2023-32248 - Ukwenqatshelwa kwesevisi kude ngenxa yesikhombi esingu-NULL lapho kucutshungulwa imiyalo ye-SMB2_LOGOFF, SMB2_TREE_CONNECT kanye ne-SMB2_QUERY_INFO. Ukuhlasela kungenziwa ngaphandle kokuqinisekisa.
  • I-CVE-2023-32249 - Amathuba okudunwa kweseshini nomsebenzisi ngenxa yokuntuleka kokuhlukaniswa okufanele lapho uphatha i-ID yeseshini kumodi yeziteshi eziningi.
  • I-CVE-2023-32247, CVE-2023-32255 - Ukunqatshelwa kwesevisi ngenxa yokuvuza kwememori lapho kucubungula umyalo we-SMB2_SESSION_SETUP. Ukuhlasela kungenziwa ngaphandle kokuqinisekisa.
  • I-CVE-2023-2593 iwukunqatshelwa kwesevisi ngenxa yokukhathala kwenkumbulo etholakalayo, okubangelwa ukwehluleka kwenkumbulo lapho kucubungula ukuxhumana okusha kwe-TCP. Ukuhlasela kungenziwa ngaphandle kokuqinisekisa.
  • I-CVE-2023-32253 Ukunqatshelwa kwesevisi ngenxa ye-deadlock kwenzeka lapho kucubungula umyalo we-SMB2_SESSION_SETUP. Ukuhlasela kungenziwa ngaphandle kokuqinisekisa.
  • I-CVE-2023-32251 - ukuntuleka kokuvikelwa ekuhlaselweni kwe-brute force.
  • I-CVE-2023-32246 Umsebenzisi wesistimu yendawo onelungelo lokukhipha imojuli ye-ksmbd angakwazi ukufeza ukusetshenziswa kwekhodi ezingeni le-Linux kernel.

Ukwengeza, ubungozi obungaphezulu obu-5 buhlonzwe kuphakheji yamathuluzi we-ksmbd, okufaka izinsiza zokuphatha nokusebenza nge-ksmbd, okwenziwa endaweni yomsebenzisi. Ubungozi obuyingozi kakhulu (ZDI-CAN-17822, ZDI-CAN-17770, ZDI-CAN-17820, CVE obungakanikezwa) buvumela umhlaseli okude, ongagunyaziwe ukuthi asebenzise ikhodi yakhe enamalungelo ezimpande. Ubungozi bubangelwa ukuntuleka kokuhlola usayizi wedatha yangaphandle etholiwe ngaphambi kokuyikopisha kusigcinalwazi esikukhodi yesevisi ye-WKSSVC kanye naku-LSARPC_OPNUM_LOOKUP_SID2 kanye nezibambi ze-opcode ze-SAMR_OPNUM_QUERY_USER_INFO. Okunye ubungozi obubili (ZDI-CAN-17823, ZDI-CAN-17821) kungaholela ekunqatshelweni kwesevisi ukude ngaphandle kokuqinisekisa.

I-Ksmbd ithathwa njengesandiso se-Samba esisebenza kahle kakhulu, esishumekiwe esilungele amathuluzi e-Samba nemitapo yolwazi njengoba kudingeka. Usekelo lokusebenzisa iseva ye-SMB kusetshenziswa imojuli ye-ksmbd lukhona kuphakheji ye-Samba kusukela ekukhululweni kuka-4.16.0. Ngokungafani neseva ye-SMB esebenza esikhaleni somsebenzisi, i-ksmbd isebenza kahle kakhulu ngokuya ngokusebenza, ukusetshenziswa kwenkumbulo, kanye nokuhlanganiswa namandla athuthukile e-kernel. I-ksmbd ifakwe ikhodi ngu-Namjae Jeon we-Samsung kanye no-Hyunchul Lee we-LG, futhi igcinwa njengengxenye ye-kernel. nguSteve French we-Microsoft, umnakekeli we-CIFS/SMB2/SMB3 subsystems ku-Linux kernel futhi oyilungu lesikhathi eside lethimba lokuthuthukisa i-Samba, wenze igalelo elibalulekile ekuqalisweni kokusekelwa kwezivumelwano ze-SMB/CIFS e-Samba kanye I-Linux.

Ukwengeza, ubungozi obubili bungaqashelwa kumshayeli wezithombe ze-vmwgfx, ezisetshenziselwa ukusebenzisa ukusheshisa kwe-3D ezindaweni ze-VMware. Ukuba sengozini kokuqala (ZDI-CAN-20292) kuvumela umsebenzisi wasendaweni ukuthi akhuphule amalungelo akhe ohlelweni. Ukuba sengozini kungenxa yokuntuleka kokuhlola isimo se-buffer ngaphambi kokuyikhulula lapho kucutshungulwa i-vmw_buffer_object, okungase kuholele ekushayeni kabili umsebenzi wamahhala. Ukuba sengozini kwesibili (ZDI-CAN-20110) kuholela ekuvuzeni kokuqukethwe kwenkumbulo ye-kernel ngenxa yamaphutha ekuhleleni ukukhiywa kwezinto ze-GEM.

Source: opennet.ru

Engeza amazwana