An buga gyaran gyara na Samba 4.17.3, 4.16.7 da 4.15.12 tare da kawar da rauni (CVE-2022-42898) a cikin ɗakunan karatu na Kerberos wanda ke haifar da cikar lamba da rubuta bayanai daga kan iyaka lokacin sarrafa PAC (Privileged Attribute Certificate) sigogi. wanda ingantaccen mai amfani ya aiko. Ana iya bin diddigin buguwar sabunta fakitin a cikin rabawa akan shafuka: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD.
Baya ga Samba, matsalar kuma tana bayyana a cikin fakiti tare da MIT Kerberos da Heimdal Kerberos. Rahoton rauni daga aikin Samba bai yi cikakken bayani game da barazanar ba, amma rahoton MIT Kerberos ya bayyana cewa raunin na iya haifar da aiwatar da kisa mai nisa. Yin amfani da raunin rauni yana yiwuwa ne kawai akan tsarin 32-bit.
Matsalar tana shafar saiti tare da KDC (Cibiyar Rarraba Maɓalli) ko kadmind. A cikin saiti ba tare da Active Directory ba, raunin kuma yana bayyana akan sabar fayil ɗin Samba ta amfani da Kerberos. Matsalar tana faruwa ne ta hanyar kwaro a cikin aikin krb5_parse_pac(), saboda wanda girman ma'ajin da aka yi amfani da shi lokacin da aka ƙididdige filayen PAC ba daidai ba. A kan tsarin 32-bit, lokacin da ake sarrafa PACs na musamman, kuskure zai iya haifar da jeri toshe 16-byte wanda maharin ya aika a wajen ajiyar da aka keɓe.
source: budenet.ru