Ghostcat, nuglaanta Tomcat ee beddeli karta koodhka

Darkcrizt

Daqiiqado 4

bisad rooxaan ah

Baarayaasha Chaitin Tech, Shiinaha ayaa la siidaayay macluumaad ku saabsan helitaan cusub, sida ay aqoonsadeen u nuglaanta weelka adeegga ee caanka ah (Java Servlet, JavaServer Pages, Java Expression Language iyo Java WebSocket) Apache tomcat (horeyba loogu qoray CVE-2020-1938).

Jilicsanaantaas waxaa loo qoondeeyey magaca lambarka "Ghostcat" iyo heerka darnaanta daran (9.8 CVSS). Dhibaatada waxay u oggolaaneysaa qaabeynta caadiga ah inay soo dirto codsi iyada oo loo marayo dekedda shabakadda 8009 in la akhriyo nuxurka fayl kasta oo ku jira galka arjiga shabakadda, oo ay ku jiraan furayaasha ilaha dalabka iyo feylasha qaabeynta.

Jilicsanaanta ayaa sidoo kale u oggolaaneysa faylasha kale in lagu soo geliyo lambarka dalabka, taas oo u oggolaanaysa abaabul koodhka fulinta serverka hadii arjigu ogolaado in faylasha lagu soo dhejiyo serverka.

Tusaale ahaan, haddii codsiga websaydhku u oggolaado dadka isticmaala inay soo rogaan faylasha, weerar ayaa qaadi kara marka hore feyl ka kooban JSP code code xaasidnimo ku leh serverka (faylka la soo galiyay laftiisa wuxuu noqon karaa nooc kasta oo feylal ah, sida sawirro, faylal qoraal cad, iwm) ka dibna ku dar faylka la soo rogay adoo ka faa'iideysanaya nuglaanta laga bilaabo Ghostcat, taas oo ugu dambayntii keeni karta in koodh lagu fuliyo meel fog.

Waxaa sidoo kale la xusay in weerar la qaadi karo haddii ay suurtagal tahay in codsi loo diro dekedda shabakadda oo leh darawal AJP ah. Sida ku cad xogta hordhaca ah, shabakadii la helay in kabadan 1.2 milyan oo marti-geliyeyaal ah oo aqbalaya codsiyada adeegsanaya borotokoolka AJP.

Jilicsanaanta ayaa ku jirta borotokoolka AJP mana keento qalad fulineed.

Marka lagu daro aqbalida isku xirka HTTP (dekedda 8080) ee Apache Tomcat, ugu talagal ahaan waa suurtagal in la galo codsiga webka adoo adeegsanaya borotokoolka AJP (Apache Jserv Protocol, port 8009), oo ah analog isbarbar dhiga HTTP oo loogu talagalay waxqabadka sare, guud ahaan waxaa loo isticmaalaa marka la abuurayo koox ka socota serverka Tomcat ama si loo dedejiyo isdhexgalka Tomcat ee wakiilka gadaal ama miisaanka culeyska.

AJP waxay bixisaa hawl caadi ah oo lagu galayo faylasha serverka, taas oo loo isticmaali karo, oo ay ku jirto helitaanka feylasha aan la soo bandhigi karin.

Waxaa la fahansan yahay marin u helka AJP waxay u furantahay kaliya addoomada lagu kalsoon yahaylaakiin xaqiiqda, qaabeynta qaabdhismeedka Tomcat, darawalka waxaa lagu bilaabay dhammaan shabakadaha isku xirka iyo codsiyada waa la aqbalay iyada oo aan la xaqiijin.

Helitaanka ayaa suuragal u ah feyl kasta oo ku jira arjiga shabakadda, oo ay ku jiraan waxyaabaha ku jira WEB-INF, META-INF, iyo buugag kale oo kasta oo lagu soo celiyo adeegga 'ServletContext.getResourceAsStream (). AJP sidoo kale waxay kuu ogolaaneysaa inaad u isticmaasho feyl kasta oo ku jira tusaha diyaarka u ah arjiga shabakada sida qoraalka JSP

Dhibaatadu way muuqatay tan iyo markii la sii daayay laanta Tomcat 6.x 13 sano ka hor. Marka lagu daro Tomcat naftiisa, dhibaatadu sidoo kale waxay saamaysaa alaabada isticmaasha, sida Red Hat JBoss Web Server (JWS), JBoss Enterprise Application Platform (EAP), iyo sidoo kale codsiyada websaydhka keligood isticmaala Boot Guga.

Sidoo kale baylah la mid ah ayaa la helay (CVE-2020-1745) on the adeegaha webka Undertow loo adeegsaday server-ka arjiga Wildfly. Waqtigaan la joogo, kooxo kala duwan ayaa diyaariyey in ka badan dersin tusaalooyin shaqo oo ka faa'iideysasho ah.

Apache Tomcat ayaa si rasmi ah u sii daayay noocyada 9.0.31, 8.5.51 iyo 7.0.100 si loo saxo u nuglaantaas. Si sax ah loogu saxo u nuglaantaas, waa inaad marka hore go'aamisaa haddii adeegga isku xira Tomcat AJP loo adeegsado deegaankaaga server:

  • Haddii aan la isticmaalin koox-kooxeed ama wakiil gadaal ah, asal ahaan waad go'aansan kartaa in AJP aan la isticmaalin.
  •  Haddii kale, waxaad u baahan tahay inaad ogaato haddii kutlada ama server-ka dambe uu la xiriiro adeegga Tomcat AJP Connect service

Waxaa kale oo lagu sheegay cusbooneysiinta ayaa hadda laga heli karaa noocyada kala duwan ee Linux sida: Debian, Ubuntu, RHEL, Fedora, SUSE.

Xilliga la shaqeynayo, waad joojin kartaa adeegga isku xidhka 'Tomcat AJP Connector' (ku xir saldhigga dhageysiga ee localhost ama ka faallee xariiqda isku xirka dekedda = »8009 ″), haddii aan loo baahnayn, ama aad qaabeyn karto marin sax ah.

Haddii aad rabto inaad wax badan ka ogaato waad la tashan kartaa xiriirka soo socda. 


Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Masuul ka ah xogta: Miguel Ángel Gatón
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.