Kwanakin baya an fitar da labarai cewa a cikin madaidaitan ɗakunan karatu na C uClibc da uClibc-ng, ana amfani da su a yawancin na'urori masu sakawa da masu ɗaukuwa, an gano wani rauni (tare da CVE ba a sanya shi ba tukuna), wanda ke ba da damar sauya bayanan ɓarna a cikin cache na DNS, waɗanda za a iya amfani da su don zubar da adireshin IP na wani yanki na sabani a cikin cache da tura buƙatun zuwa yankin zuwa sabar maharin.
Game da matsalar an ambaci cewa wannan yana shafar firmware Linux daban-daban don masu amfani da hanyoyin sadarwa, wuraren samun dama da na'urorin IoT, da kuma shigar da rarrabawar Linux kamar OpenWRT da Embedded Gentoo.
Game da rauni
Ularfafawa ya faru ne saboda amfani da masu gano ma'amala da ake iya faɗi a cikin lambar don aika tambayoyin na DNS. An zaɓi ID na tambayar DNS ta hanyar ƙara ƙima ba tare da ƙarin bazuwar lambobin tashar jiragen ruwa ba, waɗanda sanya shi yiwuwa a guba da DNS cache ta hanyar aika fakitin UDP da gangan tare da martani na bogi (za a karɓi amsa idan ya zo kafin amsa daga sabar na ainihi kuma ya haɗa da ainihin ganewa).
Ba kamar hanyar Kaminsky da aka gabatar a 2008 ba, ba lallai ba ne don kimanta ID na ma'amala, tun da farko ana iya faɗi (da farko, an saita shi zuwa 1, wanda ya karu tare da kowane buƙatun, kuma ba a zaɓi bazuwar ba).
don kare kanka a kan zato ID, ƙayyadaddun bayanai ya kara ba da shawarar yin amfani da bazuwar rarraba lambobin tashar tashar sadarwa na asali daga inda aka aika da tambayoyin DNS, wanda ke ramawa ga ƙarancin girman ID.
Lokacin da aka kunna bazuwar tashar tashar jiragen ruwa, don samar da amsa mai jujjuyawa, ban da zaɓin mai ganowa 16-bit, haka nan kuma ya wajaba a zaɓi lambar tashar tashar jiragen ruwa. A cikin uClibc da uClibc-ng, ba a kunna irin wannan bazuwar ba a sarari (lokacin da aka kira ɗaure, ba a ƙayyade tashar tashar UDP ba) kuma aiwatar da shi ya dogara da tsarin tsarin aiki.
Lokacin da aka kashe bazuwar tashar tashar jiragen ruwa, Ƙayyade wane buƙatar id don ƙarawa ana yiwa alama a matsayin ƙaramin aiki. Amma ko da a cikin yanayin bazuwar, maharin kawai yana buƙatar kimanta tashar tashar sadarwa daga kewayon 32768-60999, wanda zai iya amfani da manyan aika martani na lokaci guda akan tashoshin sadarwa daban-daban.
Matsalar an tabbatar da shi a duk nau'ikan uClibc da uClibc-ng na yanzu, gami da sabbin nau'ikan uClibc 0.9.33.2 da uClibc-ng 1.0.40.
"Yana da mahimmanci a lura cewa raunin da ya shafi daidaitaccen ɗakin karatu na C na iya zama mai rikitarwa sosai," ƙungiyar ta rubuta a cikin gidan yanar gizon wannan makon.
"Ba wai kawai za a sami ɗaruruwan ko dubunnan kira zuwa ayyuka masu rauni a wurare da yawa a cikin shirin guda ɗaya ba, amma raunin zai shafi adadi mara iyaka na sauran shirye-shiryen masu siyarwa da yawa waɗanda aka saita don amfani da wannan ɗakin karatu."
A cikin Satumba 2021, an aiko da bayani game da raunin zuwa CERT/CC don daidaita tsararrun shirye-shiryen. A cikin Janairu 2022, An raba matsalar tare da masana'antun fiye da 200 mai alaƙa da CERT/CC.
A cikin Maris, an yi ƙoƙari na tuntuɓar mai kula da aikin uClibc-ng daban, amma ya amsa cewa ba zai iya gyara raunin da kansa ba kuma ya ba da shawarar bayyana bayanan jama'a game da matsalar, yana fatan samun taimako wajen haɓaka gyara. al'umma. Daga masana'antun, NETGEAR ya sanar da sakin sabuntawa tare da cire raunin.
Yana da mahimmanci a lura cewa raunin da ya shafi daidaitaccen ɗakin karatu na C na iya zama mai rikitarwa. Ba wai kawai za a sami ɗaruruwan ko dubunnan kira zuwa ayyuka masu rauni a wurare da yawa a cikin shirin guda ɗaya ba, amma raunin zai shafi wasu shirye-shirye marasa iyaka daga masu siyarwa da yawa waɗanda aka saita don amfani da wannan ɗakin karatu.
An lura cewa raunin yana bayyana kansa a cikin na'urori daga masana'antun da yawa (alal misali, ana amfani da uClibc a cikin firmware daga Linksys, Netgear, da Axis), amma tunda raunin ya kasance a cikin uClibc da uClibc-ng, cikakken bayani game da na'urori da takamaiman na'urori. masana'antun da samfuransu ke da matsala, har sai an bayyana su.
Finalmente idan kuna sha'awar ƙarin sani game da shi, zaka iya duba bayanan A cikin mahaɗin mai zuwa.