Muva nje uPavel Cheremushkin dI-Kaspersky Lab ihlaziye ukusetshenziswa okuhlukahlukene kohlelo lokufinyelela kude lwe-VNC (I-Virtual Network Computing) futhi ikhombe ukuba sengozini okungama-37 kubangelwa izinkinga zememori.
Kutholwe ubungozi kusetshenziswa i-VNC server ingaxhashazwa kuphela ngumsebenzisi oqinisekisiwe nokuhlaselwa kokukhubazeka kwikhodi yeklayenti kungenzeka lapho umsebenzisi exhuma kwiseva elawulwa ngumhlaseli.
Kubhulogi leKaspersky, bakuphawula lokhoLezi zingcuphe zingaxhashazwa ngale ndlela elandelayo:
Izicelo ze-VNC zinezingxenye ezimbili: iseva efakwe kukhompyutha umqashwa wakho ayixhuma ikude, kanye neklayenti elisebenza kudivayisi abaxhuma kuyo. Ukukhubazeka akuvamile kakhulu ohlangothini lweseva, okuhlala kulula kancane ngakho-ke kunezimbungulu ezimbalwa. Kodwa-ke, ochwepheshe bethu be-CERT bathole amaphutha kuzo zombili izingxenye zezicelo eziphenywayo, yize ezimweni eziningi ukuhlaselwa kwiseva kungenzeka kungenzeki ngaphandle kwemvume.
Mayelana nokuba sengozini
Ubuthakathaka obuningi butholakele kuphakheji ye-UltraVNC, itholakala kuphela kungxenyekazi ye-Windows. Ngokuphelele, ku-UltraVNC Kukhonjwe ubungozi buka-22. Ukuba sengozini okungu-13 kungaholela ekusetshenzisweni kwamakhodi kusistimu, i-5 ingavuza okuqukethwe ezindaweni zememori, futhi i-4 ingaholela ekwenqabelweni kwensizakalo.
Konke lokhu kuba sengozini kulungiswe enguqulweni 1.2.3.0.
Ngenkathi kulabhulali yeLibVNC evulekile (LibVNCServer neLibVNCClient), esetshenziswa kuVirtualBox, Kukhonjwe ubungozi buka-10. Ukukhubazeka okungu-5 (i-CVE-2018-20020, i-CVE-2018-20019, i-CVE-2018-15127, i-CVE-2018-15126, i-CVE-2018-6307) kubangelwe ukugcwala kwe-buffer futhi kungaholela ekusetshenzisweni kwamakhodi. Ukuba sengozini okungu-3 kungaholela ekuvuzeni kolwazi; 2 ukwenqaba ukusebenza.
Onjiniyela sebevele bazilungisile zonke izinkinga- Ukulungiswa okuningi kufakiwe ekukhishweni kweLibVNCServer 0.9.12, kepha kuze kube manje konke ukulungiswa kukhonjiswa kuphela egatsheni eliyinhloko kanye nokuvuselelwa okwabiwe okwenziwe.
KuTightVNC 1.3 (igatsha lefa le-cross-platform lihlolwe), njengoba inguqulo yamanje 2.x ikhishelwe iWindows kuphela), Kutholakale ubuthakathaka obungu-4. Izingqinamba ezintathu (i-CVE-2019-15679, i-CVE-2019-15678, i-CVE-2019-8287) zibangelwa ukugcwala kwebhafa emisebenzini ye-InitialiseRFBConnection, i-rfbServerCutText, ne-HandleCoRREBBP futhi kungaholela ekusebenzeni kwekhodi.
Inkinga (I-CVE-2019-15680) kuholela ekwenqabeni insizakalo. Ngaphandle kokuthi abathuthukisi beTightVNC bazisiwe ngezingqinamba ngonyaka odlule, ukuba sengozini kuhlala kungalungiswa.
Kwiphakeji le-cross-platform I-TurboVNC (imfoloko yeTightVNC 1.3, esebenzisa umtapo wezincwadi we-libjpeg-turbo), kutholakale ubungozi obubodwa kuphela (CVE-2019-15683), kepha kuyingozi futhi uma kukhona ukutholakala okuqinisekisiwe kwiseva kwenza kube lula ukuhlela ukwenziwa kwekhodi yakho, ukuze kuthi lapho kuchichima ibhafa kube nokwenzeka ukulawula indlela ebuyayo. Inkinga yalungiswa ngo-Agasti 23 futhi ayiveli enguqulweni yamanje 2.2.3.
Uma ufuna ukwazi kabanzi ngayo ungabheka imininingwane kokuthunyelwe kwangempela. Isixhumanisi yilokhu.
Ngokuqondene nokuvuselelwa kwamaphakeji kungenziwa ngale ndlela elandelayo.
umagazine
Ikhodi yelabhulali bangayilanda endaweni yabo yokugcina ku-GitHub (isixhumanisi yilesi). Ukulanda inguqulo yamanje kakhulu ngalesi sikhathi ungavula i-terminal bese uthayipha okulandelayo kuyo:
wget https://github.com/LibVNC/libvncserver/archive/LibVNCServer-0.9.12.zip
Vula nge:
unzip libvncserver-LibVNCServer-0.9.12
Ufaka umkhombandlela nge:
cd libvncserver-LibVNCServer-0.9.12
Futhi wakha iphakethe nge:
mkdir build cd build cmake .. cmake --build .
I-TurboVNC
Ukuvuselelwa kule nguqulo entsha, vele ulande iphakheji yenguqulo yakamuva ezinzile, engatholakala ku- isixhumanisi esilandelayo.
Kwenziwe ukulanda kwephakeji, manje ungamane uyifake ngokuchofoza kabili kuyo futhi ube nesikhungo sesoftware sinakekele ukufakwa noma bangakwenza ngemenenja yephakheji abayithandayo noma kusuka ku-terminal.
Benza lokhu kokugcina ngokuzibeka lapho iphakethe elilandiwe liku-terminal yabo futhi kulo kufanele bathayiphe kuphela:
sudo dpkg -i turbovnc_2.2.3_amd64.deb