GRUB2 uye Yakachengeteka Boot: hutsva hutsva hunonzi BootHole hunowanikwa

GRUB2 BootHole logo

Hapana chinoshamisa, zero zero ... Asi imwe yakawanikwa kunetseka, CVE-2020-10713, iyo inokanganisa iyo GRUB2 bootloader uye Yakachengeteka Boot. Chinyorwa cheEclypsium timu yekutsvagisa ndiyo yanga iri kumashure kwekuwana uku uye kwavakabhabhatidza seBootHole. Kunyangwe Microsoft yakaburitsa mukova pane yayo yekuchengetedza portal yambiro nezvayo uye ichiti pane mhinduro yakaoma panguva ino.

BhootHole Icho buffer yekufashukira kusagadzikana kunokanganisa mabhiriyoni emidziyo ine GRUB2 uye kunyangwe vamwe vasina GRUB2 vanoshandisa Yakachengeteka Boot senge Windows. MuCVSS system classification yakapihwa zvibodzwa se8.2 kunze kwegumi, zvinoreva kuti iri njodzi huru. Uye ndezvekuti anorwisa anogona kutora mukana weizvi kuti akwanise kuita kodhi yekumanikidza (kusanganisira malware) yakaunzwa panguva yekuita bhuti, kunyangwe paine Yakachengeteka Boot inogoneswa.

Tanto zvishandiso network, maseva, nzvimbo dzekushandira, desktops nemalaptop, pamwe nezvimwe zvishandiso zvakaita seSBCs, zvimwe nhare mbozha, zvishandiso zveIoT, nezvimwe.

Sei ndatanga nemadhirama zero? Zvakareruka, idzi nhau dzinozivisa vashandisi, asi haufanire kunetseka zvakanyanya. Munyika "chaiye", kunetseka uku hakusi nyore kushandisa. Izvo hazvitenderi kure kodhi kuitisa, zvikasadaro zvingave zvakakosha uye kwete zvakakomba. Iwe unofanirwa kuve wakadzikama nekuti kuitira kuti kodhi yakaipa iurayiwe, anorwisa anofanira kunge aine mukana wekupinda mukomputa yakakanganiswa uyezve ave neropafadzo.

Uyezve, maererano neEclypsium, ichave iri zvakaoma kudzikisira uye zvinotora nguva kutsvaga mhinduro. Zvinoda kuongororwa kwakadzama kwebhootloaders uye vatengesi vanofanirwa kuburitsa vhezheni nyowani dzeabootloader dzakasainwa neEFI CA. Zvinotora kuyedza kwakabatana pakati pevagadziri muMicrosoft yakavhurwa sosi uye nharaunda inobatana pamwe nevamwe varidzi vehurongwa hwakakonzera kuunza pasi BootHole.

Muchokwadi, ivo vakaita iyo list list kukwanisa kugadzirisa BootHole muGRUB2 uye unoda:

  • Patch yekugadzirisa GRUB2 uye kubvisa kusagadzikana.
  • Kuti vagadziri veLinux vanogovera uye vamwe vatengesi vanoburitsa zvidzoreso zvevashandisi vavo. Vaviri padanho reGRUB2, vanoisa uye shims.
  • Iyo shims nyowani inofanirwa kusainwa neMicrosoft UEFI CA yechitatu mapato.
  • Ma Administrator eanoshanda masystem anofanira kunge achifanira kugadzirisa. Asi inofanirwa kusanganisira zvese zvakaiswa system, inoisa mifananidzo uyezve yekudzosa kana bootable midhiya yavakagadzira.
  • Iyo UEFI Revocation Rondedzero (dbx) inodawo kuvandudzwa mu firmware yeumwe neumwe maitiro akanganisa kudzivirira kodhi kuitisa panguva yebhoti.

Chinhu chakaipisisa ndechekuti kana zvasvika kune iyo firmware, iwe unofanirwa kungwarira kuti usaguma uine matambudziko uye kuti makomputa agare mune zvidhinha modhi.

Panguva ino, makambani akadai seRed Hat, HP, Debian, SUSE, Canonical, Oracle, Microsoft, VMWare, Citrix, UEFI Security Response Team uye maOEMs, pamwe nevapi ve software, ivo vari kutoshanda kuti vazvigadzirise. Nekudaro, isu tichafanirwa kumirira kuti tione zvigamba zvekutanga.

UPDATE

Asi kurerutsa kushanda kwevagadziri nenharaunda kungave kupusa. Kare kune akati wandei chigamba kuidzikamisa iri kuuya kubva kumakambani akaita seRed Hat, Canonical, nezvimwe. Vakamaka iyi nyaya sekutanga kukoshesa uye iri kubhadhara.

Dambudziko? Dambudziko nderekuti zvigamba izvi zviri kukonzera mamwe matambudziko. Zvinondiyeuchidza nezve zvakaitika neMetldown uye Specter zvigamba, kuti dzimwe nguva mushonga unenge wakanyanya kukunda chirwere ...


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako