An bayyana raunin cikin pppd ɗin jama'a ga jama'a (CVE-2020-8597) wanda ke shafar wasu ayyukan VPN, haɗin DSL da kuma Ethernet kamar yadda kwaron da aka samo ya ba da izinin aiwatar da lambar aika aika buƙatun tantancewa na musamman don tsarin da ke amfani da PPP (Point-to-Point Protocol) ko PPPoE (PPP over Ethernet).
Kuma wannan shine kamar yadda muka ambata, yawancin masu samarwa suna amfani da waɗannan ladabi don haɗa haɗin ta hanyar Ethernet ko DSL kuma ana amfani dasu a wasu VPNs misali pptpd da openfortivpn.
Don gwada saukin tsarin ga matsalar, an shirya samfurin amfani, wanda tuni yana samuwa ga jama'a baki daya.
Game da hukuncin
Rashin lafiyar ya haifar da ambaliyar ajiya a cikin ensarin Tabbatar da Yarjejeniyar (EAP).
Arin kuskuren hankali yana haifar da aikin eap_input () don bincika idan an sasanta EAP yayin lokacin layin Lantarki na Layi (LCP).
Wannan yana bawa maharin izini mara izini izinin aika fakitin EAP koda kuwa ppp yayi watsi da tattaunawar tantancewar saboda rashin tallafin EAP ko kuma saboda rashin daidaitaccen tsarin hada-hadar da aka amince dashi a cikin tsarin LCP.
Lambar pppd mai rauni a cikin eap_input zata ci gaba da aiwatar da fakitin EAP kuma yana haifar da ambaliyar tafin ajiya.
Wannan bayanan da ba a tantance ba na girman da ba a sani ba za a iya amfani da shi don lalata ƙwaƙwalwar tsarin manufa. Pppd sau da yawa yana gudana tare da manyan dama (tsarin ko tushe) kuma yana aiki tare tare da direbobin kernel. Wannan yana ba mai yiwuwa ga mai kawo hari damar gudanar da lambar sirri ba tare da tushen tushe ba.
Tare da wannan, ana iya yin hari a cikin matakin kafin tantancewa Wucewa ta hanyar aika fakiti mai nau'in EAPT_MD5CHAP, gami da dogon sunan mai masauki wanda bai dace da abin da aka ware ba.
Saboda kwaro a cikin lambar don bincika girman filin sunan rhostname, mai kai harin zai iya sake rubuta bayanan a waje buffer a kan tari kuma cimma nasarar aiwatar da lambarka tare da gatan tushen.
Rashin lafiyar ya bayyana kansa akan sabar da gefen abokin ciniki.
Ularfafawa Hakanan yana shafar tarin lwIP, amma ba a kunna tallafi na EAP a cikin saitunan tsoho a cikin lwIP.
Sigogin da abin ya shafa
Kamar yadda aka gano wannan kuskuren yana shafar nau'ikan pppd 2.4.2 zuwa 2.4.8 hada da shi kuma an warware shi a cikin hanyar faci. Wasu daga cikinku na iya sane da cewa bayyana kwari ga jama'a na faruwa ne bayan an gano su kuma an shawo kan matsalar. Kuma, kodayake wannan yana ɗaukar ɗaukacin tsari, har yanzu akwai ɓangaren mai amfani wanda dole ne ya yi aikin sabuntawa daidai.
Za'a iya sake duba matsayin ƙudurin matsalar a cikin rahotanni na babban rarraba Linux.
Ana iya ganin wannan a cikin wadannan shafuka: Debian, Ubuntu, RHEL, fedora, SUSE, OpenWRT, Arch, NetBSD.
A RHEL, OpenWRT, da SUSE, an tattara kunshin pppd tare da haɗawar "Kariyar Sackhing Stack" ("-fati-mai kariya»A cikin gcc), wanda ke iyakance aikin kullewa.
Baya ga rarrabawa, an tabbatar da raunin cikin wasu Cisco (CallManager), TP-LINK da kayayyakin Synology (Manajan DiskStation, VisualStation VS960HD da Router Manager) ta amfani da pppd ko lwIP code.
Kamar yadda irin wannan facin ya riga ya kasance a cikin mahimman bayanai na yawancin rarraba Linux kuma wasu sun riga sun aiwatar dashi ta hanyar miƙa sabuntawar kunshin.
Idan kanaso ka kara sani game dashi game da kuskuren da aka samo, zaku iya bincika cikakkun bayanai da ƙarin bayani A cikin mahaɗin mai zuwa.