{"id":5970,"date":"2024-01-20T16:24:09","date_gmt":"2024-01-20T15:24:09","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=5970"},"modified":"2024-01-20T16:24:09","modified_gmt":"2024-01-20T15:24:09","slug":"pixiefail-uefi-ranjivost","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2024\/01\/20\/pixiefail-uefi-ranjivost\/","title":{"rendered":"PixieFail, UEFI ranjivost"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>PixieFail<\/em>, <em>UEFI<\/em> ranjivost <a href=\"https:\/\/blog.quarkslab.com\/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html\" target=\"_blank\" rel=\"noopener\">otkrivena od strane francuske sigurnosne kompanije <em>Quarkslab<\/em><\/a>, je skup ranjivosti u <em>TianoCore EDK II<\/em>, implementacija <em>UEFI<\/em> specifikacije otvorenog k\u00f4da. Ove ranjivosti predstavljaju zna\u010dajna rizik od napada daljinskog izvr\u0161avanja k\u00f4da.<\/span><\/p>\n<div id=\"attachment_5971\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5971\" class=\"size-full wp-image-5971\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/PixieFail-UEFI-ranjivost.jpg\" alt=\"PixieFail\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/PixieFail-UEFI-ranjivost.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/PixieFail-UEFI-ranjivost-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/PixieFail-UEFI-ranjivost-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/PixieFail-UEFI-ranjivost-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/PixieFail-UEFI-ranjivost-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/PixieFail-UEFI-ranjivost-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/PixieFail-UEFI-ranjivost-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-5971\" class=\"wp-caption-text\"><em>PixieFail, UEFI ranjivost; Source: Bing Image Creator<\/em><\/p><\/div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2024\/01\/20\/pixiefail-uefi-ranjivost\/#PIXIEFAIL_UEFI_RANJIVOST\">PIXIEFAIL, UEFI RANJIVOST<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2024\/01\/20\/pixiefail-uefi-ranjivost\/#RANJIVOSTI\">RANJIVOSTI<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sajberinfo.com\/en\/2024\/01\/20\/pixiefail-uefi-ranjivost\/#ZAKLJUCAK\">ZAKLJU\u010cAK<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sajberinfo.com\/en\/2024\/01\/20\/pixiefail-uefi-ranjivost\/#ZASTITA\">ZA\u0160TITA<\/a><\/li><\/ul><\/nav><\/div>\n\n<h2><span class=\"ez-toc-section\" id=\"PIXIEFAIL_UEFI_RANJIVOST\"><\/span><span style=\"font-size: 14pt;\"><strong><em>PIXIEFAIL<\/em>, <em>UEFI<\/em> RANJIVOST<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Vi\u0161estruku bezbjednosni propusti su otkriveni u steku <em>TCP\/IP<\/em> mre\u017enih protokola referentne implementacije otvorenog k\u00f4da specifikacije <em>Unified Extensible Firmware Interface \u2013 UEFI<\/em> koja se \u0161iroko koristi u savremenim ra\u010dunarima. Kolektivno nazvane <em>PixieFail<\/em> od srane sigurnosnih istra\u017eiva\u010da, njih ukupno devet ranjivosti se nalazi u <em>TianoCore EFI Development Kit II<\/em> &#8211; <em>EDK II<\/em>\u00a0 implementaciji <em>UEFI<\/em> specifikacije otvorenog k\u00f4da i mogu se iskoristiti za daljinsko izvr\u0161avanje k\u00f4da, uskra\u0107ivanje usluge (<em>DoS<\/em>),\u00a0 trovanje <em>DNS<\/em> ke\u0161a i curenje osjetljivih podataka.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>UEFI<\/em> upravlja\u010dki softver koji je odgovoran pokretanje operativnog sistema kod <em>AMI<\/em>, <em>Intel<\/em>, <em>Insyde<\/em>, i <em>Phoenix<\/em> <em>Technologies<\/em> je pogo\u0111en ovim ranjivostima. <em>EDK II<\/em> uklju\u010duje sopstveni <em>TCP\/IP <\/em>stek pod nazivom <em>NetworkPkg<\/em> kako bi omogu\u0107io mre\u017ene funkcionalnosti dostupne u <em>Preboot eXecution Environment \u2013 PXE<\/em> fazi koja omogu\u0107ava upravljanje u odsustvu operativnog sistema.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Jednostavno re\u010deno, to je okru\u017eenje klijent-server za pokretanje ure\u0111aja sa njegove mre\u017ene kartice (<em>NIC<\/em>) i omogu\u0107ava da mre\u017eni ra\u010dunari koji jo\u0161 nisu u\u010ditani operativnim sistemom budu konfigurisani i pokrenuti na daljinu od strane administratora. K\u00f4d za <em>PXE<\/em> je satvani dio <em>UEFI<\/em> upravlja\u010dkog softvera na mati\u010dnoj plo\u010di ili u memoriji samo za \u010ditanje (<em>ROM<\/em>) <em>NIC<\/em> upravlja\u010dkog softvera.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Problem nastaje u okviru <em>EDK II<\/em> steka\u00a0 pod nazivom <em>NetworkPkg<\/em> kojeg obuhvataju gre\u0161ke prekora\u010denja, \u010ditanje van granica, beskona\u010dne petlje i upotrebu slabog generatora pseudoslu\u010dajnih brojeva (eng. <em>pseudorandom number generator \u2013 PRNG<\/em>) koje omogu\u0107avaju napade\u00a0 trovanje <em>DNS<\/em> ke\u0161a i <em>DHCP<\/em>-a, curenja informacija, uskra\u0107ivanja usluga i napade ubacivanja podataka na <em>IPv4<\/em> i <em>IPv6<\/em> sloju.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"RANJIVOSTI\"><\/span><span style=\"font-size: 14pt;\"><strong>RANJIVOSTI<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">U nastavku slijedi lista devet ranjivosti:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45229\" target=\"_blank\" rel=\"noopener\">CVE-2023-45229<\/a> (<em>CVSS<\/em> ocjena: 6.5) \u2013 Nedostatak cijelog broja prilikom obrade <em>IA_NA\/IA_TA<\/em> opcija u <em>DHCPv6 Advertise<\/em> poruci,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45230\" target=\"_blank\" rel=\"noopener\">CVE-2023-45230<\/a> (<em>CVSS<\/em> ocjena: 8.3) \u2013 Prelivanje bafera u <em>DHCPv6<\/em> klijentu preko opcije duga\u010dkog <em>ID<\/em> servera,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45231\" target=\"_blank\" rel=\"noopener\">CVE-2023-45231<\/a> (<em>CVSS<\/em> ocjena: 6.5) \u2013 \u010citanje van granica pri rukovanju porukom <em>ND Redirect<\/em> sa skra\u0107enim opcijama,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45232\" target=\"_blank\" rel=\"noopener\">CVE-2023-45232<\/a> (<em>CVSS<\/em> ocjena: 7.5) \u2013 Beskona\u010dna petlja prilikom ra\u0161\u010dlanjavanja nepoznatih opcija u zaglavlju <em>Destination Options<\/em>,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45233\" target=\"_blank\" rel=\"noopener\">CVE-2023-45233<\/a> (<em>CVSS<\/em> ocjena: 7.5) \u2013 Beskona\u010dna petlja pri ra\u0161\u010dlanjavanja opcije <em>PadN<\/em> u zaglavlju <em>Destination Options<\/em>,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45234\" target=\"_blank\" rel=\"noopener\">CVE-2023-45234<\/a> (<em>CVSS<\/em> ocjena: 8.3) \u2013 Prelivanje bafera pri obradi opcije <em>DNS<\/em> servera u <em>DHCPv6 Advertise<\/em> poruci,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45235\" target=\"_blank\" rel=\"noopener\">CVE-2023-45235<\/a> (<em>CVSS<\/em> ocjena: 8.3) \u2013 Prelivanje bafera pri rukovanju opcijom <em>ID<\/em> servera sa <em>DHCPv6 proxy Advertise<\/em> poruka<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45236\" target=\"_blank\" rel=\"noopener\">CVE-2023-45236<\/a> (<em>CVSS<\/em> ocjena: 5.8) \u2013 Predvidljivi <em>TCP<\/em> po\u010detni brojevi sekvence,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45237\" target=\"_blank\" rel=\"noopener\">CVE-2023-45237<\/a> (<em>CVSS<\/em> ocjena: 5.3) \u2013 Upotreba slabog generatora pseudoslu\u010dajnih brojeva.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<blockquote><p><span style=\"font-size: 14pt;\"><em>\u201cUticaj i mogu\u0107nost iskori\u0161tavanja ovih ranjivosti zavise od specifi\u010dne verzije upravlja\u010dkog softvera i podrazumijevane PXE konfiguracije pokretanja. Napada\u010d unutar lokalne mre\u017ee (i, u odre\u0111enim scenarijima na daljinu) bi mogao da iskoristi ove slabosti da izvr\u0161i daljinski k\u00f4d, pokrene DoS napade, sprovede trovanje DNS ke\u0161a ili izvu\u010de osjetljive informacije.\u201d<\/em><\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\"><em>&#8211; <\/em><a href=\"https:\/\/www.kb.cert.org\/vuls\/id\/132380\" target=\"_blank\" rel=\"noopener\"><em>CERT Coordination Center (CERT\/CC)<\/em><\/a><em> &#8211;<\/em><\/span><\/p>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZAKLJUCAK\"><\/span><span style=\"font-size: 14pt;\"><strong>ZAKLJU\u010cAK<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><em>PixieFail<\/em> nije ne\u0161to o \u010demu bi obi\u010dni korisnici trebalo da brinu. Ranjivosti su, me\u0111utim, definitivno ne\u0161to o \u010demu bi okru\u017eenja u oblaku i centri podataka trebalo da brinu. Na kraju krajeva, ranjivosti omogu\u0107avaju nekome sa ograni\u010denim pristupom mre\u017ei da iznenada zatvori bilo koji server u mre\u017ei sljede\u0107i put kada se ponovo pokrene. Tokom nekoliko nedjelja, to bi moglo dovesti do ogromnog broja zara\u017eenih ma\u0161ina.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ipak, po\u0161tuju\u0107i dobre prakse sajber bezbjednosti, svi krajnji korisnici bi tako\u0111e trebalo da a\u017euriraju ranjivosti, ali je hitnost u ovom slu\u010daju nije nagla\u0161ena. Korisnici bi generalno treba da tra\u017ee a\u017euriranje kod proizvo\u0111a\u010da svojih ure\u0111aja ili mati\u010dne plo\u010de.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZASTITA\"><\/span><span style=\"font-size: 14pt;\"><strong>ZA\u0160TITA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Kako bi se za\u0161titi, korisnicima se preporu\u010duje da primjene posljednju dostupnu verziju <em>UEFI<\/em> upravlja\u010dkog softvera koja sadr\u017ei ispravke za navedene ranjivosti. Korisnici treba da prate preporuke i savjete proizvo\u0111a\u010da kao dio mehanizma za\u0161tite. Dalji korisnici <em>Tianocore EDK II<\/em> koji podrazumijeva <em>NetworkPkg<\/em> trebalo bi da primjene najnoviju dostupnu verziju <em>Tianocore<\/em> projekta.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">U operativnim okru\u017eenjima, korisnicima se preporu\u010duju sljede\u0107a rije\u0161enja:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\">Onemogu\u0107iti <em>PXE<\/em> pokretanje ako se ne koristi\u00a0 ili ne podr\u017eava u operativnom ra\u010dunarskom okru\u017eenju,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Primijeniti izolaciju mre\u017ee tako da <em>UEFI<\/em> <em>Preboot<\/em> okru\u017eenje bude dostupno odre\u0111enoj mre\u017ei koja je za\u0161ti\u0107ena od neovla\u0161tenog pristupa,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Postavite za\u0161titu u ra\u010dunarsko okru\u017eenje od la\u017enih <em>DHCP<\/em> usluga koriste\u0107i mogu\u0107nosti kao \u0161to su dinami\u010dka <em>ARP<\/em> inspekcija i <em>DHCP<\/em> nju\u0161kanje.<\/span><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>PixieFail, UEFI ranjivost otkrivena od strane francuske sigurnosne kompanije Quarkslab, je skup ranjivosti u TianoCore EDK II, implementacija UEFI specifikacije otvorenog k\u00f4da. Ove ranjivosti predstavljaju zna\u010dajna rizik od napada daljinskog izvr\u0161avanja k\u00f4da. PIXIEFAIL, UEFI&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":5971,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[695,194,284,690,697,696,692,698,688,694,693,699,689,278,691],"class_list":["post-5970","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-ami","tag-dns","tag-dos","tag-edk-ii","tag-insyde","tag-intel","tag-networkpkg","tag-phoenix-technologies","tag-pixiefail","tag-preboot-execution-environment","tag-pxe","tag-tcp-ip","tag-tianocore","tag-uefi","tag-unified-extensible-firmware-interface"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5970","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=5970"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5970\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/5971"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=5970"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=5970"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=5970"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}