Kwanan nan fito da labarai kan gano wasu lahani masu yawa a cikin Linux TCP da FreeBSD cewa yana bawa maharin damar fara ɓarnatar da kwaya ko haifar da amfani mai yawa ta hanyar sarrafa fakitin TCP na musamman (fakitin mutuwa).
Matsalolin suna faruwa ne ta hanyar kurakurai a cikin iyakokin girman girman abin toshe bayanan a cikin fakitin TCP (MSS, Matsakaicin sashi) da kuma aikin don sanin haɗin haɗi (SACK, Zaɓin TCP na Zaɓi).
Mene ne sanannun zaɓi?
Zaɓin TCP na Zabi (SACK) hanya ce wacce mai karɓar bayanai zai iya sanar da mai aikawa game da duk sassan da aka karɓa cikin nasara.
Wannan Yana bawa mai aika damar sake watsa sassan rafin da ya ɓace daga sanannen saitin sa. Lokacin da aka kashe TCP SACK, ana buƙatar saiti mafi yawa don sake aikawa gaba ɗaya.
A cikin kwayar Linux, an daidaita matsalolin a cikin sifofi 4.4.182, 4.9.182, 4.14.127, 4.19.52 da 5.1.11. Maganin FreeBSD yana samuwa azaman faci.
An sake sabunta abubuwan kunshin Kernel don Debian, RHEL, SUSE / openSUSE, ALT, Ubuntu, Fedora, da Arch Linux.
CVE-2019-11477 (SACK Firgici)
Matsalar yana nuna kanta a cikin kernels na Linux kamar na 2.6.29 kuma yana ba ku damar ɓarke kwayar (firgita) yayin aika jerin fakiti na SACK saboda yawan adadin da aka samu a cikin mai sarrafawa.
Don kai hari, ya isa saita saita ƙimar MSS zuwa baiti 48 don haɗin TCP da kuma aika jerin tsararrun fakiti a wata hanya.
Jigon matsalar shine tsarin tcp_skb_cb (Socket Buffer) an tsara shi don adana gutsutsuttsu 17 ("Ineayyade MAX_SKB_FRAGS (65536 / PAGE_SIZE + 1) => 17").
A yayin aika fakiti, ana sanya shi a cikin layin aikawa kuma tcp_skb_cb yana adana bayanai game da fakitin, kamar lambar jerin, tutoci, da filayen "tcp_gso_segs" da "tcp_gso_size", wadanda ake amfani da su wajen aikawa Bayanin yanki zuwa mai kulawa (TSO, Download Segment Segment Download) don aiwatar da sassan a gefen katin hanyar sadarwa.
Ana adana unan sanda lokacin da fakiti ya ɓace ko kuma buƙatar sake dawo da fakiti mai gudana, idan an kunna SACK kuma direban yana tallafawa TSO.
A matsayin hanyar aiki don kariya, zaka iya kashe aikin SACK ko toshe hanyoyin haɗi tare da ƙaramin MSS (yana aiki ne kawai lokacin da ka saita sysctl net.ipv4.tcp_mtu_probing zuwa 0 kuma yana iya karya wasu al'amuran da ƙananan MSS).
CVE-2019-11478 (SACK Sannu a hankali)
Wannan gazawar yana haifar da katsewar tsarin SACK (lokacin amfani da kwayar Linux a cikin 4.15) ko yawan amfani da kayan aiki.
Matsalar tana faruwa yayin sarrafa fakitoci na SACK na musamman waɗanda za a iya amfani da su don rarraba layin sake dawowa (TCP sake turawa). Hanyoyin kariya suna kama da raunin da ya gabata
CVE-2019-5599 (SACK Sannu a hankali)
Yana ba da damar haifar da ɓarkewar taswirar fakiti da aka aiko yayin aiwatar da tsarin SACK a cikin haɗin TCP guda ɗaya kuma yana haifar da aiki neman cikakken jerin abubuwa don gudana.
Matsalar ta bayyana kanta a cikin FreeBSD 12 tare da hanyar gano asarar fakiti. A matsayin aiki, zaka iya kashe tsarin RACK (ba a ɗora ta tsoho ba, an kashe ta ta hanyar tantance sysctl net.inet.tcp.functions_default = freebsd)
CVE-2019-11479
Kuskuren yana ba maharin damar yin martani na raba kwaya a cikin sassan TCP da yawa, kowane ɗayan yana ƙunshe da baiti 8 na bayanai kawai, wanda zai iya haifar da gagarumar ƙaruwa a cikin zirga-zirga, ƙara ƙwanan CPU, da kuma hanyar sadarwa mai toshewa.
Bugu da kari, tana cin karin kayan aiki (ikon sarrafawa da katin hanyar sadarwa).
Wannan harin yana buƙatar ci gaba da ƙoƙari daga ɓangaren maharin kuma yaƙin zai ƙare jim kaɗan bayan maharin ya daina tura zirga-zirga.
Duk da yake ana ci gaba da wannan harin, tsarin zai yi aiki a rage karfinsa, ya haifar da kin karban sabis ga wasu masu amfani.
Mai amfani da nesa zai iya jawo wannan matsala ta saita matsakaicin girman yanki (MSS) na haɗin TCP a mafi ƙarancin iyakarsa (bytes 48) da aika jerin jerin fakiti na SACK na musamman.
Matsayin aiki, ana ba da shawarar toshe haɗi tare da ƙananan MSS.