VLC ýÌå²¥·ÅÆ÷ libmicrodns ¿â¶à¸ö·ì϶·çÏÕ¹«¸æ

°ä²¼¹¦·ò 2020-03-26

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2020-6071£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6072£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6073£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6077£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6078£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6079£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-6080£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


libmicrodns¿â°æ±¾0.1.0


·ì϶¸ÅÊö


½üÈÕ£¬£¬£¬£¬£¬Ë¼¿ÆTalosµÄ°²È«×êÑÐÈËÔ±Åû¶VideolabsµÄlibmicrodns¿âÖеĶà¸öDoSºÍ´úÂëÖ´Ðзì϶¡£¡£¡£¡£¡£VideolabsÓÉVideoLAN³ÉÔ±µÞÔ죬£¬£¬£¬£¬ÊÇVLCÒƶ¯ÀûÓ÷¨Ê½È·µ±Ç°±à×ëÕߣ¬£¬£¬£¬£¬Ò²ÊÇVLCýÌå²¥·ÅÆ÷µÄ³ÁÒª¹±Ï×Õß¡£¡£¡£¡£¡£libmicrodnsÊÇ¿çƽ̨µÄmDNS½âÎöÆ÷¿â£¬£¬£¬£¬£¬ÔÚVLCýÌå²¥·ÅÆ÷ÖÐÓÃÓÚmDNS·þÎñ·¢ÏÖ¡£¡£¡£¡£¡£·ì϶¸ÅÊöÈçÏ£º


CVE-2020-6071

Videolabs libmicrodns 0.1.0°æ±¾ÖеÄ×ÊÔ´¼Í¼½âÎöÖ°ÄÜ´æÔÚ°²È«·ì϶£¬£¬£¬£¬£¬¸Ã·ì϶ԴÓÚ·¨Ê½ÔÚ½âÎömDNSÐÂÎÅÖеÄѹËõ±êǩʱ£¬£¬£¬£¬£¬Ã»ÓнøÐеݹé²é³­±ãÖ±½ÓʹÓÃѹËõÖ¸Õë¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÀûÓø÷ì϶Ôì³É»Ø¾ø·þÎñ¡£¡£¡£¡£¡£


CVE-2020-6072

Videolabs libmicrodns 0.1.0°æ±¾ÖеıêÇ©½âÎöÖ°ÄÜ´æÔÚ°²È«·ì϶£¬£¬£¬£¬£¬¸Ã·ì϶ԴÓÚ·¨Ê½ÔÚ½âÎömDNSÐÂÎÅÖеÄѹËõ±êǩʱ£¬£¬£¬£¬£¬²»»á²é³­¡®rr_decode¡¯º¯ÊýµÄ·µ»ØÖµ¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÀûÓø÷ì϶ִÐÐËÁÒâ´úÂë¡£¡£¡£¡£¡£


CVE-2020-6073

Videolabs libmicrodns 0.1.0µÄTXT¼Í¼½âÎöÖ°ÄÜ´æÔÚÊäÈëÑéÖ¤ÃýÎó·ì϶¡£¡£¡£¡£¡£¸Ã·ì϶ԴÓÚÍøÂçϵͳ»ò²úƷδ¶ÔÊäÈëµÄÊý¾Ý½øÐÐÕýÈ·µÄÑéÖ¤¡£¡£¡£¡£¡£


CVE-2020-6077

Videolabs libmicrodns 0.1.0µÄÐÂÎŽâÎöÖ°ÄÜÖдæÔÚ¿ÉÀûÓõĻؾø·þÎñ·ì϶¡£¡£¡£¡£¡£¸Ã·ì϶ԴÓÚ½âÎömDNSÐÂÎÅʱ£¬£¬£¬£¬£¬ÊµÏÖÎÞ·¨ÕýÈ·¸ú×ÙÐÂÎÅÖеĿÉÓÃÊý¾Ý£¬£¬£¬£¬£¬¿ÉÄܻᵼÖ³¬³öÁìÓòµÄ¶ÁÈ¡£¡£¡£¡£¡£¬£¬£¬£¬£¬´Ó¶øµ¼Ö»ؾø·þÎñ¡£¡£¡£¡£¡£


CVE-2020-6078

Videolabs libmicrodns 0.1.0°æ±¾ÖеÄÐÂÎŽâÎöÖ°ÄÜ´æÔÚ°²È«·ì϶£¬£¬£¬£¬£¬¸Ã·ì϶ԴÓÚÔÚ½âÎömDNSÐÂÎÅʱ£¬£¬£¬£¬£¬·¨Ê½Î´²é³­¡®mdns_read_header¡¯º¯ÊýµÄ·µ»ØÖµ¡£¡£¡£¡£¡£¹¥»÷Õß¿Éͨ¹ý·¢ËÍһϵÁÐÐÂÎÅÀûÓø÷ì϶µ¼Ö·þÎñ±ÀÀ£¡£¡£¡£¡£¡£


CVE-2020-6079, CVE-2020-6080

Videolabs libmicrodns 0.1.0°æ±¾ÖеÄ×ÊÔ´·ÖÅä´¦ÖÃÖдæÔÚ×ÊÔ´ÖÎÀíÃýÎ󡣡£¡£¡£¡£¸Ã·ì϶ԴÓÚÍøÂçϵͳ»ò²úÆ·¶Ôϵͳ×ÊÔ´£¨ÈçÄÚ´æ¡¢´ÅÅ̿ռ䡢ÎļþµÈ£©µÄÖÎÀí²»µ±¡£¡£¡£¡£¡£


·ì϶ÑéÖ¤


ÔÝÎÞPoC/EXP¡£¡£¡£¡£¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬£¬£¬£¬£¬Ïνӣºhttps://github.com/videolabs/libmicrodns¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://blog.talosintelligence.com/2020/03/vuln-spotlight-videolabs-microdns.html