{"id":186804,"date":"2022-06-06T16:47:11","date_gmt":"2022-06-06T18:47:11","guid":{"rendered":"https:\/\/teknomers.com\/fr\/defauts-critiques-non-corriges-divulgues-dans-le-chargeur-de-demarrage-u-boot-pour-les-appareils-integres\/"},"modified":"2022-06-06T16:47:12","modified_gmt":"2022-06-06T18:47:12","slug":"defauts-critiques-non-corriges-divulgues-dans-le-chargeur-de-demarrage-u-boot-pour-les-appareils-integres","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/defauts-critiques-non-corriges-divulgues-dans-le-chargeur-de-demarrage-u-boot-pour-les-appareils-integres\/","title":{"rendered":"D\u00e9fauts critiques non corrig\u00e9s divulgu\u00e9s dans le chargeur de d\u00e9marrage U-Boot pour les appareils int\u00e9gr\u00e9s"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Des chercheurs en cybers\u00e9curit\u00e9 ont r\u00e9v\u00e9l\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/research.nccgroup.com\/2022\/06\/03\/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552\/\" target=\"_blank\">deux vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 non corrig\u00e9es<\/a> dans le chargeur de d\u00e9marrage open source U-Boot.<\/p>\n<p>Les probl\u00e8mes, qui ont \u00e9t\u00e9 d\u00e9couverts dans le <a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/IP_fragmentation\" target=\"_blank\">D\u00e9fragmentation IP<\/a> impl\u00e9ment\u00e9 dans U-Boot par NCC Group, pourrait \u00eatre abus\u00e9 pour r\u00e9aliser des \u00e9critures arbitraires hors limites et des d\u00e9ni de service (DoS).<\/p>\n<p>U-Boot est un <a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Das_U-Boot\" target=\"_blank\">chargeur de d\u00e9marrage<\/a> utilis\u00e9 dans les syst\u00e8mes embarqu\u00e9s bas\u00e9s sur Linux tels que ChromeOS ainsi que dans les lecteurs de livres \u00e9lectroniques tels que Amazon Kindle et Kobo eReader.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/backup-jira\" target=\"_blank\" title=\"DevOps backup\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/05\/Nouvelle-variante-Chaos-Ransomware-Builder-quotYashmaquot-Decouvert-a-letat-sauvage.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>Les probl\u00e8mes sont r\u00e9sum\u00e9s ci-dessous &#8211;<\/p>\n<ul>\n<li><strong>CVE-2022-30790<\/strong> (Score CVSS\u00a0: 9,6) &#8211; L&#8217;\u00e9crasement du descripteur de trou dans la d\u00e9fragmentation de paquets IP U-Boot entra\u00eene une primitive d&#8217;\u00e9criture arbitraire hors limites.<\/li>\n<li><strong>CVE-2022-30552<\/strong> (Score CVSS\u00a0: 7,1) &#8211; Un d\u00e9bordement de m\u00e9moire tampon important entra\u00eene un DoS dans le code de d\u00e9fragmentation des paquets IP U-Boot<\/li>\n<\/ul>\n<p>Il convient de noter que les deux failles ne sont exploitables qu&#8217;\u00e0 partir du r\u00e9seau local.  Mais cela peut permettre \u00e0 un attaquant de rooter les appareils et de conduire \u00e0 un DoS en cr\u00e9ant un paquet malform\u00e9.<\/p>\n<p>Les d\u00e9fauts devraient \u00eatre corrig\u00e9s par les responsables de U-boot dans un prochain correctif, apr\u00e8s quoi il est recommand\u00e9 aux utilisateurs de mettre \u00e0 jour le <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/u-boot\/u-boot\" target=\"_blank\">derni\u00e8re version<\/a>.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/06\/unpatched-critical-flaws-disclosed-in-u.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Des chercheurs en cybers\u00e9curit\u00e9 ont r\u00e9v\u00e9l\u00e9 deux vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 non corrig\u00e9es dans le chargeur de d\u00e9marrage open source U-Boot. Les probl\u00e8mes, qui ont \u00e9t\u00e9 d\u00e9couverts dans le D\u00e9fragmentation IP impl\u00e9ment\u00e9 dans U-Boot par NCC Group, pourrait \u00eatre abus\u00e9 pour r\u00e9aliser des \u00e9critures arbitraires hors limites et des d\u00e9ni de service (DoS). U-Boot est un [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":186805,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[8737,38854,4168,8543,5729,4158,4165,4161,429,37939,7796,33125,17365,4157,4159,4171,4170,65,4167,4160,4163,4162,185,4172,4169,74868,4166,4164],"class_list":["post-186804","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-appareils","tag-chargeur","tag-comment-pirater","tag-corriges","tag-critiques","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dans","tag-defauts","tag-demarrage","tag-divulgues","tag-integres","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-pour","tag-securite-informatique","tag-securite-internet","tag-uboot","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/186804","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=186804"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/186804\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/186805"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=186804"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=186804"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=186804"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}