Masu binciken tsaro na Qualys sun nuna yiwuwar yin amfani da shi - yanayin rauni a cikin sabar wasikun qmail, sananne tun 2005 (CVE-2005-1513), amma ba a gyara ba, tun qmail ya yi iƙirarin cewa ba shi da gaskiya don ƙirƙirar amfani da aiki wancan ana iya amfani dashi don kai farmaki tsarin a cikin tsarin daidaitawa.
Amma da alama cewa masu haɓaka qmail sun yi kuskure, tunda Qualys ya sami damar shirya wani amfani wanda ya musanta wannan zato kuma ya ba da damar aiwatar da lambar kode a kan sabar ta hanyar aika saƙo na musamman.
Matsalar ta faru ne sanadiyyar ambaliyar a cikin aikin stralloc_readyplus (), wanda zai iya faruwa yayin aiwatar da babban saƙo. Don aiki, ana buƙatar tsarin 64-bit tare da damar ƙwaƙwalwar ajiya mai kama da fiye da 4 GB.
A cikin binciken rashin lafiyar farko a cikin 2005, Daniel Bernstein yayi jayayya cewa zato a cikin lambar cewa girman jadawalin da aka ware koyaushe yana dacewa da ƙimar 32-bit ya dogara da gaskiyar cewa babu wanda ke ba da gigabytes na ƙwaƙwalwa ga kowane tsari .
A cikin shekaru 15 da suka gabata, tsarin 64-bit akan sabobin sun maye gurbin tsarin 32-bit, adadin ƙwaƙwalwar ajiyar da aka bayar da bandwidth na cibiyar sadarwa sun ƙaru sosai.
Kunshin da ke rakiyar qmail ya yi la'akari da sharhin Bernstein da lokacin da suka fara aikin qmail-smtpd, sun iyakance mahimman ƙwaƙwalwar ajiya (Misali, akan Debian 10, an saita iyaka zuwa 7MB).
Amma Injiniyoyin Qualys sun gano cewa wannan bai isa ba kuma baya ga qmail-smtpd, ana iya aiwatar da harin nesa a kan aikin qmail-na cikin gida, wanda ya kasance mara iyaka a kan dukkan fakitin da aka gwada.
A matsayin hujja, an shirya samfurin amfani, wanda ya dace don kai hari ga kunshin kayan Debian tare da qmail a cikin tsarin tsoho. Don shirya aiwatar da lambar kodewa yayin hari, uwar garken yana buƙatar 4 GB na sararin faifai kyauta da 8 GB na RAM.
Amfani yana ba da izinin aiwatar da kowane umarni harsashi tare da haƙƙin kowane mai amfani akan tsarin, banda tushen da masu amfani da tsarin waɗanda ba su da kundin adireshin kansu a cikin kundin adireshin "/ gida"
Ana aiwatar da harin ta hanyar aikawa da babban sakon email, wanda ya hada da layuka da yawa a cikin rubutun, kusan 4GB da 576MB a girma.
Lokacin aiki yace layi a qmail-local Yawan adadin lamba yana faruwa yayin ƙoƙarin isar da saƙo ga mai amfani na gida. Overaramar lamba bayan haka tana haifar da ambaliya yayin adana bayanai da ikon sake rubuta shafukan ƙwaƙwalwa tare da lambar libc.
Hakanan, yayin aiwatar da kiran qmesearch () a cikin qmail-local, ana buɗe fayil ɗin ".qmail-extension" ta hanyar aikin buɗewa (), wanda ke haifar da ƙaddamar da tsarin na ainihi (". Qmail-extension" ). Amma tunda wani ɓangare na fayil ɗin "tsawo" an ƙirƙira shi ne bisa adireshin mai karɓa (alal misali, "localuser-extension @ localdomain"), maharan na iya tsara farkon umarnin ta hanyar tantance mai amfani da "localuser-;" umarni; @localdomain »a matsayin mai karban sakon.
Binciken lambar ya nuna raunin biyu a cikin ƙarin facin duba qmail, wanda wani bangare ne na kunshin Debian.
- Rashin lafiyar farko (CVE-2020-3811) yana ba da izinin ƙetare tabbacin adiresoshin imel, kuma na biyu (CVE-2020-3812) yana haifar da ɓarkewar bayanan cikin gida.
- Za'a iya amfani da rauni na biyu don tabbatar da kasancewar fayiloli da kundayen adireshi a cikin tsarin, gami da waɗanda ake da su kawai don tushen (qmail-verify yana farawa tare da gatan tushen) ta hanyar kiran kai tsaye ga direban gida.
An shirya saitin faci don wannan kunshin, tare da kawar da tsoffin lahani daga 2005 ta ƙara iyakokin ƙwaƙwalwar ajiya mai ƙarfi zuwa lambar aiki () da sababbin matsaloli a cikin qmail.
Bugu da kari, an shirya wani sabon juzu'i na facin qmail daban. Masu haɓaka sigar notqmail ɗin sun shirya facinsu don toshe tsofaffin matsaloli sannan kuma sun fara aiki don kawar da duk yiwuwar adadin lambobi a cikin lambar.
Source: https://www.openwall.com/