VLC ýÌå²¥·ÅÆ÷ libmicrodns ¿â¶à¸öÎó²îΣº¦Í¨¸æ

Ðû²¼Ê±¼ä 2020-03-26

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2020-6071£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6072£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6073£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6077£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6078£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6079£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6080£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


libmicrodns¿â°æ±¾0.1.0


Îó²î¸ÅÊö


¿ËÈÕ£¬£¬£¬£¬£¬Ë¼¿ÆTalosµÄÇå¾²Ñо¿Ö°Ô±Åû¶VideolabsµÄlibmicrodns¿âÖеĶà¸öDoSºÍ´úÂëÖ´ÐÐÎó²î¡£¡£¡£ ¡£¡£¡£VideolabsÓÉVideoLAN³ÉÔ±½¨É裬£¬£¬£¬£¬ÊÇVLCÒƶ¯Ó¦ÓóÌÐòµÄÄ¿½ñ±à¼­Õߣ¬£¬£¬£¬£¬Ò²ÊÇVLCýÌå²¥·ÅÆ÷µÄÖ÷ҪТ˳Õß¡£¡£¡£ ¡£¡£¡£libmicrodnsÊÇ¿çƽ̨µÄmDNSÆÊÎöÆ÷¿â£¬£¬£¬£¬£¬ÔÚVLCýÌå²¥·ÅÆ÷ÖÐÓÃÓÚmDNSЧÀÍ·¢Ã÷¡£¡£¡£ ¡£¡£¡£Îó²î¸ÅÊöÈçÏ£º


CVE-2020-6071

Videolabs libmicrodns 0.1.0°æ±¾ÖеÄ×ÊÔ´¼Í¼ÆÊÎö¹¦Ð§±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚ³ÌÐòÔÚÆÊÎömDNSÐÂÎÅÖеÄѹËõ±êǩʱ£¬£¬£¬£¬£¬Ã»ÓоÙÐеݹé¼ì²é±ãÖ±½ÓʹÓÃѹËõÖ¸Õë¡£¡£¡£ ¡£¡£¡£¹¥»÷Õß¿ÉʹÓøÃÎó²îÔì³É¾Ü¾øЧÀÍ¡£¡£¡£ ¡£¡£¡£


CVE-2020-6072

Videolabs libmicrodns 0.1.0°æ±¾ÖеıêÇ©ÆÊÎö¹¦Ð§±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚ³ÌÐòÔÚÆÊÎömDNSÐÂÎÅÖеÄѹËõ±êǩʱ£¬£¬£¬£¬£¬²»»á¼ì²é¡®rr_decode¡¯º¯ÊýµÄ·µ»ØÖµ¡£¡£¡£ ¡£¡£¡£¹¥»÷Õß¿ÉʹÓøÃÎó²îÖ´ÐÐí§Òâ´úÂë¡£¡£¡£ ¡£¡£¡£


CVE-2020-6073

Videolabs libmicrodns 0.1.0µÄTXT¼Í¼ÆÊÎö¹¦Ð§±£´æÊäÈëÑéÖ¤¹ýʧÎó²î¡£¡£¡£ ¡£¡£¡£¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úƷδ¶ÔÊäÈëµÄÊý¾Ý¾ÙÐÐ׼ȷµÄÑéÖ¤¡£¡£¡£ ¡£¡£¡£


CVE-2020-6077

Videolabs libmicrodns 0.1.0µÄÐÂÎÅÆÊÎö¹¦Ð§Öб£´æ¿ÉʹÓõľܾøЧÀÍÎó²î¡£¡£¡£ ¡£¡£¡£¸ÃÎó²îÔ´ÓÚÆÊÎömDNSÐÂÎÅʱ£¬£¬£¬£¬£¬ÊµÏÖÎÞ·¨×¼È·¸ú×ÙÐÂÎÅÖеĿÉÓÃÊý¾Ý£¬£¬£¬£¬£¬¿ÉÄܻᵼÖÂÁè¼Ý¹æÄ£µÄ¶ÁÈ¡£¬£¬£¬£¬£¬´Ó¶øµ¼Ö¾ܾøЧÀÍ¡£¡£¡£ ¡£¡£¡£


CVE-2020-6078

Videolabs libmicrodns 0.1.0°æ±¾ÖеÄÐÂÎÅÆÊÎö¹¦Ð§±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚÔÚÆÊÎömDNSÐÂÎÅʱ£¬£¬£¬£¬£¬³ÌÐòδ¼ì²é¡®mdns_read_header¡¯º¯ÊýµÄ·µ»ØÖµ¡£¡£¡£ ¡£¡£¡£¹¥»÷Õß¿Éͨ¹ý·¢ËÍһϵÁÐÐÂÎÅʹÓøÃÎó²îµ¼ÖÂЧÀÍÍ߽⡣¡£¡£ ¡£¡£¡£


CVE-2020-6079, CVE-2020-6080

Videolabs libmicrodns 0.1.0°æ±¾ÖеÄ×ÊÔ´·ÖÅÉ´¦Öóͷ£Öб£´æ×ÊÔ´ÖÎÀí¹ýʧ¡£¡£¡£ ¡£¡£¡£¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úÆ·¶Ôϵͳ×ÊÔ´£¨ÈçÄÚ´æ¡¢´ÅÅ̿ռ䡢ÎļþµÈ£©µÄÖÎÀí²»µ±¡£¡£¡£ ¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPoC/EXP¡£¡£¡£ ¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬ÅþÁ¬£ºhttps://github.com/videolabs/libmicrodns¡£¡£¡£ ¡£¡£¡£


²Î¿¼Á´½Ó


https://blog.talosintelligence.com/2020/03/vuln-spotlight-videolabs-microdns.html