Inkampani ye-Qualys okunye ubungozi obukude (CVE-2020-8794) kuseva yemeyili , ithuthukiswe iphrojekthi ye-OpenBSD. Njengalena ekhonjwe ekupheleni kukaJanuwari , inkinga entsha yenza kube nokwenzeka ukwenza ukude imiyalo yegobolondo engafanele kuseva enamalungelo omsebenzisi. Ukuba sengozini odabeni .
Inkinga ibangelwa iphutha kukhodi eletha imeyili kuseva yemeyili ekude (hhayi kukhodi ephethe ukuxhumana okungenayo). Ukuhlasela kungenzeka kokubili ohlangothini lweklayenti futhi ohlangothini lweseva. Ngasohlangothini lweklayenti, ukuhlasela kungenzeka ekucushweni okuzenzakalelayo kwe-OpenSMTPD, lapho i-OpenSMTPD yamukela izicelo kuphela ku-interface yenethiwekhi yangaphakathi (localhost) futhi ithumela imilayezo yemeyili kumaseva angaphandle. Ukuze kuxhashazwe ubungozi, kwanele ukuthi, phakathi nokulethwa kwencwadi, i-OpenSMTPD isungula iseshini ngeseva yemeyili elawulwa umhlaseli, noma ukuthi umhlaseli angakwazi ukungena ekuxhumekeni kweklayenti (i-MITM noma ukuqondisa kabusha ngesikhathi sokuhlaselwa nge-DNS noma i-BGP. ).
Ngokuhlaselwa kohlangothi lweseva, i-OpenSMTPD kufanele ilungiselelwe ukuthola izicelo zenethiwekhi yangaphandle ezivela kwamanye amaseva wemeyili noma inikeze izinsizakalo zezinkampani zangaphandle ezikuvumela ukuthi uthumele isicelo ku-imeyili engafanele (ngokwesibonelo, amafomu okuqinisekisa ikheli kumawebhusayithi). Isibonelo, umhlaseli angaxhuma kuseva ye-OpenSMTPD futhi athumele incwadi engalungile (kumsebenzisi ongekho), okuzoholela empendulweni ethumela incwadi enekhodi yephutha (i-bounce) kuseva yomhlaseli. Umhlaseli angasebenzisa ubungozi lapho i-OpenSMTPD ixhumeka ukuze ilethe isaziso kuseva yomhlaseli. Imiyalo yegobolondo ejovwe ngesikhathi sokuhlasela ifakwa efayeleni elenziwa ngamalungelo ezimpande lapho i-OpenSMTPD iqalwa kabusha, ngakho umhlaseli kufanele alinde i-OpenSMTPD ukuthi iqale kabusha noma iqalise ukuphahlazeka kwe-OpenSMTPD ukuze kuqedelwe ukuhlasela.
Inkinga ikhona kumsebenzi we-mta_io() kukhodi yokuhlaziya impendulo yemigqa eminingi ebuyiswe yiseva eyirimothi ngemva kokusungulwa koxhumano (isibonelo, "250-ENHANCEDSTATUSCODES" kanye "250 HELP"). I-OpenSMTPD ibala ukuthi umugqa wokuqala uhlanganisa inombolo enezinhlamvu ezintathu nombhalo ohlukaniswe ngohlamvu “-“, futhi umugqa wesibili uqukethe inombolo enezinhlamvu ezintathu nombhalo ohlukaniswe yisikhala. Uma inombolo enezinhlamvu ezintathu ingalandelwa yisikhala nombhalo emugqeni wesibili, isikhombi esisetshenziselwa ukuchaza umbhalo sisethwa kubhayithi elandela uhlamvu lwe-'\0' futhi kwenziwa umzamo wokukopisha idatha elandela isiphetho. yomugqa ungene kusigcinalwazi.
Ngesicelo sephrojekthi ye-OpenBSD, ukushicilelwa kwemininingwane mayelana nokuxhashazwa kokuba sengozini kubambezelekile kuze kube umhla zingama-26 kuFebhruwari ukuze kuvunyelwe abasebenzisi ukuthi babuyekeze amasistimu abo. Inkinga ibikhona ku-codebase kusukela ngoDisemba 2015, kodwa ukuxhashazwa ngaphambi kokukhishwa kwekhodi ngamalungelo ezimpande kwenzeke kusukela ngoMeyi 2018. Abacwaningi balungiselele i-prototype esebenzayo yokuxhashazwa, ehlolwe ngempumelelo ku-OpenSMTPD yakhela i-OpenBSD 6.6, i-OpenBSD 5.9, i-Debian 10, i-Debian 11 (ukuhlola) ne-Fedora 31.
Ku-OpenSMTPD futhi Okunye ukuba sengozini (CVE-2020-8793) okuvumela umsebenzisi wasendaweni ukuthi afunde umugqa wokuqala wanoma yiliphi ifayela kusistimu. Isibonelo, ungafunda umugqa wokuqala we-/etc/master.passwd, oqukethe i-hashi yephasiwedi yomsebenzisi oyimpande. Ukuba sengozini futhi kukuvumela ukuthi ufunde konke okuqukethwe kwefayela lomunye umsebenzisi uma leli fayela likusistimu yefayela efanayo ne-/var/spool/smtpd/ directory. Inkinga ayisebenziseki ekusabalaliseni okuningi kwe-Linux lapho inani le-/proc/sys/fs/protected_hardlinks lisethelwe ku-1.
Inkinga iwumphumela wokuqedwa okungaphelele , eyavezwa ngesikhathi socwaningomabhuku olwenziwa yi-Qualys ngo-2015. Umhlaseli angakwazi ukufeza ukusetshenziswa kwekhodi yakhe ngamalungelo eqembu elithi “_smtpq” ngokusetha okuguquguqukayo kokuthi “PATH=.”. nokubeka iskripthi esibizwa ngokuthi i-make kuhla lwemibhalo lwamanje (usizo lwe-smtpctl lusebenzisa i-map ngaphandle kokucacisa ngokusobala indlela). Ngokuthola ukufinyelela eqenjini elithi "_smtpq", umhlaseli angakwazi ukubangela isimo somjaho (adale ifayela elikhulu ohlwini lwemibhalo olungaxhunyiwe ku-inthanethi futhi athumele isignali ye-SIGSTOP) futhi, ngaphambi kokuthi ukucubungula kuqedwe, shintsha ifayela ohlwini lwemibhalo olungaxhunyiwe ku-inthanethi ngomshini oqinile. i-symlink ekhomba ifayela eliqondiwe okumele lifundwe okuqukethwe kwalo .
Kuyaphawuleka ukuthi ku-Fedora 31 ukuba sengozini kukuvumela ukuthi uthole ngokushesha amalungelo eqembu lempande, njengoba inqubo ye-smtpctl ifakwe ifulegi lempande ye-setgid, esikhundleni sefulegi le-setgid smtpq. Ngokufinyelela eqenjini lempande, ungabhala phezu kokuqukethwe kwe/var/lib/sss/mc/passwd futhi uthole ukufinyelela okugcwele kwempande ohlelweni.
Source: opennet.ru