VLC ýÌå²¥·ÅÆ÷ libmicrodns ¿â¶à¸öÎó²îΣº¦Í¨¸æ

Ðû²¼Ê±¼ä 2020-03-26

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2020-6071£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6072£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6073£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6077£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6078£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6079£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6080£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


libmicrodns¿â°æ±¾0.1.0


Îó²î¸ÅÊö


¿ËÈÕ£¬£¬£¬£¬£¬£¬£¬Ë¼¿ÆTalosµÄÇå¾²Ñо¿Ö°Ô±Åû¶VideolabsµÄlibmicrodns¿âÖеĶà¸öDoSºÍ´úÂëÖ´ÐÐÎó²î ¡£¡£¡£¡£¡£VideolabsÓÉVideoLAN³ÉÔ±½¨É裬£¬£¬£¬£¬£¬£¬ÊÇVLCÒƶ¯Ó¦ÓóÌÐòµÄÄ¿½ñ±à¼­Õߣ¬£¬£¬£¬£¬£¬£¬Ò²ÊÇVLCýÌå²¥·ÅÆ÷µÄÖ÷ҪТ˳Õß ¡£¡£¡£¡£¡£libmicrodnsÊÇ¿çƽ̨µÄmDNSÆÊÎöÆ÷¿â£¬£¬£¬£¬£¬£¬£¬ÔÚVLCýÌå²¥·ÅÆ÷ÖÐÓÃÓÚmDNSЧÀÍ·¢Ã÷ ¡£¡£¡£¡£¡£Îó²î¸ÅÊöÈçÏ£º


CVE-2020-6071

Videolabs libmicrodns 0.1.0°æ±¾ÖеÄ×ÊÔ´¼Í¼ÆÊÎö¹¦Ð§±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚ³ÌÐòÔÚÆÊÎömDNSÐÂÎÅÖеÄѹËõ±êǩʱ£¬£¬£¬£¬£¬£¬£¬Ã»ÓоÙÐеݹé¼ì²é±ãÖ±½ÓʹÓÃѹËõÖ¸Õë ¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉʹÓøÃÎó²îÔì³É¾Ü¾øЧÀÍ ¡£¡£¡£¡£¡£


CVE-2020-6072

Videolabs libmicrodns 0.1.0°æ±¾ÖеıêÇ©ÆÊÎö¹¦Ð§±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚ³ÌÐòÔÚÆÊÎömDNSÐÂÎÅÖеÄѹËõ±êǩʱ£¬£¬£¬£¬£¬£¬£¬²»»á¼ì²é¡®rr_decode¡¯º¯ÊýµÄ·µ»ØÖµ ¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉʹÓøÃÎó²îÖ´ÐÐí§Òâ´úÂë ¡£¡£¡£¡£¡£


CVE-2020-6073

Videolabs libmicrodns 0.1.0µÄTXT¼Í¼ÆÊÎö¹¦Ð§±£´æÊäÈëÑéÖ¤¹ýʧÎó²î ¡£¡£¡£¡£¡£¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úƷδ¶ÔÊäÈëµÄÊý¾Ý¾ÙÐÐ׼ȷµÄÑéÖ¤ ¡£¡£¡£¡£¡£


CVE-2020-6077

Videolabs libmicrodns 0.1.0µÄÐÂÎÅÆÊÎö¹¦Ð§Öб£´æ¿ÉʹÓõľܾøЧÀÍÎó²î ¡£¡£¡£¡£¡£¸ÃÎó²îÔ´ÓÚÆÊÎömDNSÐÂÎÅʱ£¬£¬£¬£¬£¬£¬£¬ÊµÏÖÎÞ·¨×¼È·¸ú×ÙÐÂÎÅÖеĿÉÓÃÊý¾Ý£¬£¬£¬£¬£¬£¬£¬¿ÉÄܻᵼÖÂÁè¼Ý¹æÄ£µÄ¶ÁÈ ¡£¡£¡£¡£¡£¬£¬£¬£¬£¬£¬£¬´Ó¶øµ¼Ö¾ܾøЧÀÍ ¡£¡£¡£¡£¡£


CVE-2020-6078

Videolabs libmicrodns 0.1.0°æ±¾ÖеÄÐÂÎÅÆÊÎö¹¦Ð§±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚÔÚÆÊÎömDNSÐÂÎÅʱ£¬£¬£¬£¬£¬£¬£¬³ÌÐòδ¼ì²é¡®mdns_read_header¡¯º¯ÊýµÄ·µ»ØÖµ ¡£¡£¡£¡£¡£¹¥»÷Õß¿Éͨ¹ý·¢ËÍһϵÁÐÐÂÎÅʹÓøÃÎó²îµ¼ÖÂЧÀÍÍ߽⠡£¡£¡£¡£¡£


CVE-2020-6079, CVE-2020-6080

Videolabs libmicrodns 0.1.0°æ±¾ÖеÄ×ÊÔ´·ÖÅÉ´¦Öóͷ£Öб£´æ×ÊÔ´ÖÎÀí¹ýʧ ¡£¡£¡£¡£¡£¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úÆ·¶Ôϵͳ×ÊÔ´£¨ÈçÄÚ´æ¡¢´ÅÅ̿ռ䡢ÎļþµÈ£©µÄÖÎÀí²»µ± ¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPoC/EXP ¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬£¬£¬ÅþÁ¬£ºhttps://github.com/videolabs/libmicrodns ¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://blog.talosintelligence.com/2020/03/vuln-spotlight-videolabs-microdns.html