ProHoster > Блог > labaran intanet > 8 haɗari masu haɗari da aka gyara a Samba

8 haɗari masu haɗari da aka gyara a Samba

An buga gyaran gyara na Samba 4.15.2, 4.14.10 da 4.13.14, yana kawar da lahani 8, mafi yawansu na iya haifar da cikakkiyar daidaituwa ga yankin Active Directory. Abin lura ne cewa ɗayan matsalolin an daidaita su tun daga 2016, kuma biyar tun daga 2020, duk da haka, gyara ɗaya ya sa ba shi yiwuwa a ƙaddamar da winbindd tare da saitin "ba da izini amintattun yankuna = a'a" (masu haɓaka suna da niyyar buga wani sabuntawa da sauri tare da gyara). Ana iya bin diddigin sabunta fakitin a cikin rabawa akan shafuka: Debian, Ubuntu, RHEL, SUSE, Fedora, Arch, FreeBSD.

Kafaffen lahani:

  • CVE-2020-25717 - saboda aibi a cikin dabaru na masu amfani da yankin taswira ga masu amfani da tsarin gida, mai amfani da yankin Active Directory wanda ke da ikon ƙirƙirar sabbin asusu akan tsarin sa, wanda aka sarrafa ta hanyar ms-DS-MachineAccountQuota, na iya samun tushe. samun dama ga wasu tsarin da aka haɗa a cikin yankin.
  • CVE-2021-3738 Amfani ne bayan samun damar kyauta a cikin Samba AD DC RPC aiwatar da uwar garken (dsdb), wanda zai iya haifar da haɓaka gata yayin sarrafa haɗin gwiwa.
  • CVE-2016-2124 - Haɗin abokin ciniki da aka kafa ta amfani da ka'idar SMB1 za a iya canza su zuwa wucewar sigogin tantancewa a cikin madaidaicin rubutu ko ta NTLM (misali, don tantance takaddun shaida yayin harin MITM), koda mai amfani ko aikace-aikacen yana da saitunan da aka ƙayyadaddun tantancewar dole. via Kerberos.
  • CVE-2020-25722 - Mai kula da yankin Active Directory na tushen Samba bai yi daidaitaccen bincike kan bayanan da aka adana ba, yana barin kowane mai amfani ya ketare binciken hukuma kuma ya lalata yankin gaba ɗaya.
  • CVE-2020-25718 - Samba mai tushen Active Directory yanki mai kula da yankin bai ware daidai tikitin Kerberos da RODC (Mai kula da yanki na karanta kawai), wanda za'a iya amfani dashi don samun tikitin gudanarwa daga RODC ba tare da samun izinin yin hakan ba.
  • CVE-2020-25719 - Samba mai kula da yankin Active Directory ba koyaushe yana la'akari da filayen SID da PAC a cikin tikitin Kerberos (lokacin saita "gensec:require_pac = gaskiya", sunan kawai aka duba, kuma ba a ɗauki PAC ba. cikin asusun), wanda ya ba da damar mai amfani , wanda ke da hakkin ƙirƙirar asusun a kan tsarin gida, ya kwaikwayi wani mai amfani a cikin yankin, gami da mai gata.
  • CVE-2020-25721 - Ga masu amfani da aka inganta ta amfani da Kerberos, ba koyaushe ake fitar da mai ganowa na Active Directory (objectSid) ba, wanda zai iya haifar da tsaka-tsaki tsakanin mai amfani da wani.
  • CVE-2021-23192 - A yayin harin MITM, yana yiwuwa a zubar da gutsuttsura a cikin manyan buƙatun DCE/RPC zuwa kashi da yawa.

source: budenet.ru

Add a comment