{"id":105611,"date":"2022-11-17T15:36:54","date_gmt":"2022-11-17T13:36:54","guid":{"rendered":"https:\/\/prohoster.info\/blog\/novosti-interneta\/uyazvimost-v-samba-i-mit-heimdal-kerberos-privodyashhaya-k-perepolneniyu-bufera"},"modified":"2022-11-17T15:36:54","modified_gmt":"2022-11-17T13:36:54","slug":"uyazvimost-v-samba-i-mit-heimdal-kerberos-privodyashhaya-k-perepolneniyu-bufera","status":"publish","type":"post","link":"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/uyazvimost-v-samba-i-mit-heimdal-kerberos-privodyashhaya-k-perepolneniyu-bufera","title":{"rendered":"Eine Schwachstelle in Samba und MIT\/Heimdal Kerberos f\u00fchrt zu einem Puffer\u00fcberlauf.","gt_translate_keys":[{"key":"rendered","format":"text"}]},"content":{"rendered":"<p>Es wurden Korrekturversionen des Samba-Pakets 4.17.3, 4.16.7 und 4.15.12 ver\u00f6ffentlicht, die eine Schwachstelle (CVE-2022-42898) in den Kerberos-Bibliotheken beheben. Diese Schwachstelle kann zu einem Puffer\u00fcberlauf und Datenverlust f\u00fchren, wenn PAC (Privileged Attribute Certificate)-Parameter verarbeitet werden, die von einem authentifizierten Benutzer gesendet werden. Die Ver\u00f6ffentlichung der Paketupdates in den Distributionen kann auf den Seiten von: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD verfolgt werden.       <\/p>\n<p>Neben Samba tritt das Problem auch in den Paketen von MIT Kerberos und Heimdal Kerberos auf. Im Sicherheitsbericht des Samba-Projekts wird die Bedrohung nicht im Detail erl\u00e4utert, jedoch gibt der Bericht von MIT Kerberos an, dass die Schwachstelle zu einer Remote-Code-Ausf\u00fchrung f\u00fchren kann. Die Ausnutzung der Schwachstelle ist nur auf 32-Bit-Systemen m\u00f6glich.     <\/p>\n<p>Das Problem betrifft Konfigurationen mit KDC (Key Distribution Center) oder kadmind. In Konfigurationen ohne Active Directory tritt die Schwachstelle ebenfalls bei Dateiservern auf. <a class=\"wpil_keyword_link\" href=\"https:\/\/prohoster.info\/de\/server\/dts-gdansk\/\"   title=\"Servern\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"4547\">Servern<\/a> Samba, die Kerberos verwenden. Das Problem wurde durch einen Fehler in der Funktion krb5_parse_pac() verursacht, der zu einer falschen Berechnung der Gr\u00f6\u00dfe des Puffers f\u00fchrte, der beim Parsen der PAC-Felder verwendet wird. Bei 32-Bit-Systemen konnte dieser Fehler bei der Verarbeitung speziell gestalteter PACs dazu f\u00fchren, dass ein 16-Byte-Datenblock, der vom Angreifer \u00fcbergeben wurde, au\u00dferhalb des zugewiesenen Puffers abgelegt wurde.<br \/>\n<br \/>Quelle: <a content=\"nofollow\" rel=\"nofollow\" href=\"https:\/\/www.opennet.ru\/opennews\/art.shtml?num=58135\">opennet.ru<\/a> <\/p>","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"excerpt":{"rendered":"<p>\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 \u043f\u0430\u043a\u0435\u0442\u0430 Samba 4.17.3, 4.16.7 \u0438 4.15.12 \u0441 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2022-42898) \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430\u0445 Kerberos, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0439 \u043a \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0438 \u0437\u0430\u043f\u0438\u0441\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 PAC (Privileged Attribute Certificate), \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \u041f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u0432 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445 \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u0441\u043b\u0435\u0434\u0438\u0442\u044c \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0445: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD. \u041a\u0440\u043e\u043c\u0435 Samba [&hellip;]<\/p>\n","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[702],"tags":[],"class_list":["post-105611","post","type-post","status-publish","format-standard","hentry","category-novosti-interneta"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.10 - aioseo.com -->\n\t<meta name=\"description\" content=\"\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 \u043f\u0430\u043a\u0435\u0442\u0430 Samba 4.17.3, 4.16.7 \u0438 4.15.12 \u0441 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2022-42898) \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430\u0445 Kerberos, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0439 \u043a \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0438 \u0437\u0430\u043f\u0438\u0441\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 PAC (Privileged Attribute Certificate), \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \u041f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u0432 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445 \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u0441\u043b\u0435\u0434\u0438\u0442\u044c \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0445: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD. \u041a\u0440\u043e\u043c\u0435 Samba\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Yuri Gagarin\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/uyazvimost-v-samba-i-mit-heimdal-kerberos-privodyashhaya-k-perepolneniyu-bufera\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.10\" \/>\n\t\t<meta property=\"og:locale\" content=\"de_DE\" \/>\n\t\t<meta property=\"og:site_name\" content=\"ProHoster | \u041a\u0443\u043f\u0438\u0442\u044c \u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0439 \u0445\u043e\u0441\u0442\u0438\u043d\u0433 \u0434\u043b\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u0441 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043e\u0442 DDoS, VPS VDS \u0441\u0435\u0440\u0432\u0435\u0440\u044b\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"\ud83e\udd47\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Samba \u0438 MIT\/Heimdal Kerberos, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0431\u0443\u0444\u0435\u0440\u0430 | ProHoster\" \/>\n\t\t<meta property=\"og:description\" content=\"\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 \u043f\u0430\u043a\u0435\u0442\u0430 Samba 4.17.3, 4.16.7 \u0438 4.15.12 \u0441 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2022-42898) \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430\u0445 Kerberos, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0439 \u043a \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0438 \u0437\u0430\u043f\u0438\u0441\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 PAC (Privileged Attribute Certificate), \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \u041f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u0432 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445 \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u0441\u043b\u0435\u0434\u0438\u0442\u044c \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0445: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD. \u041a\u0440\u043e\u043c\u0435 Samba\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/uyazvimost-v-samba-i-mit-heimdal-kerberos-privodyashhaya-k-perepolneniyu-bufera\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg\" \/>\n\t\t<meta property=\"og:image:width\" content=\"350\" \/>\n\t\t<meta property=\"og:image:height\" content=\"350\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2022-11-17T13:36:54+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2022-11-17T13:36:54+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/prohoster\" \/>\n\t\t<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/prohoster\" \/>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"\ud83e\udd47Sicherheitsanf\u00e4lligkeit in Samba und MIT\/Heimdal Kerberos, die zu einem Puffer\u00fcberlauf f\u00fchrt | ProHoster","description":"Es wurden korrigierte Versionen des Samba-Pakets 4.17.3, 4.16.7 und 4.15.12 ver\u00f6ffentlicht, die eine Sicherheitsanf\u00e4lligkeit (CVE-2022-42898) in den Kerberos-Bibliotheken beheben. Diese f\u00fchrte zu einem ganzzahligen \u00dcberlauf und dem Schreiben von Daten au\u00dferhalb des zugewiesenen Puffers bei der Verarbeitung von PAC (Privileged Attribute Certificate) -Parametern, die von einem authentifizierten Benutzer gesendet wurden. Die Ver\u00f6ffentlichung der Paket-Updates in verschiedenen Distributionen kann auf den Seiten verfolgt werden: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD. Zus\u00e4tzlich zu Samba","canonical_url":"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/uyazvimost-v-samba-i-mit-heimdal-kerberos-privodyashhaya-k-perepolneniyu-bufera","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":null,"og:locale":"de_DE","og:site_name":"ProHoster | \u041a\u0443\u043f\u0438\u0442\u044c \u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0439 \u0445\u043e\u0441\u0442\u0438\u043d\u0433 \u0434\u043b\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u0441 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043e\u0442 DDoS, VPS VDS \u0441\u0435\u0440\u0432\u0435\u0440\u044b","og:type":"article","og:title":"\ud83e\udd47\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Samba \u0438 MIT\/Heimdal Kerberos, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0431\u0443\u0444\u0435\u0440\u0430 | ProHoster","og:description":"\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 \u043f\u0430\u043a\u0435\u0442\u0430 Samba 4.17.3, 4.16.7 \u0438 4.15.12 \u0441 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2022-42898) \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430\u0445 Kerberos, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0439 \u043a \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0438 \u0437\u0430\u043f\u0438\u0441\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 PAC (Privileged Attribute Certificate), \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \u041f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u0432 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445 \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u0441\u043b\u0435\u0434\u0438\u0442\u044c \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0445: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD. \u041a\u0440\u043e\u043c\u0435 Samba","og:url":"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/uyazvimost-v-samba-i-mit-heimdal-kerberos-privodyashhaya-k-perepolneniyu-bufera","og:image":"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg","og:image:secure_url":"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg","og:image:width":350,"og:image:height":350,"article:published_time":"2022-11-17T13:36:54+00:00","article:modified_time":"2022-11-17T13:36:54+00:00","article:publisher":"https:\/\/www.facebook.com\/prohoster","article:author":"https:\/\/www.facebook.com\/prohoster"},"aioseo_meta_data":[],"gt_translate_keys":[{"key":"link","format":"url"}],"_links":{"self":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/posts\/105611","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/comments?post=105611"}],"version-history":[{"count":1,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/posts\/105611\/revisions"}],"predecessor-version":[{"id":164425,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/posts\/105611\/revisions\/164425"}],"wp:attachment":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/media?parent=105611"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/categories?post=105611"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/tags?post=105611"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}