Kev kho qhov tso tawm ntawm Samba pob 4.14.2, 4.13.7 thiab 4.12.14 tau raug npaj, uas ob qhov tsis zoo raug kho:
- CVE-2020-27840 yog qhov tsis sib xws uas tshwm sim thaum ua cov npe tshwj xeeb DN (Distinguished Name) npe. Tus neeg tawm tsam tsis qhia npe tuaj yeem tsoo Samba-raws li AD DC LDAP server los ntawm kev xa daim ntawv thov tshwj xeeb khi. Txij li thaum lub sij hawm tawm tsam nws muaj peev xwm tswj tau qhov rewriting cheeb tsam, qhov tshwm sim loj dua tsis tuaj yeem txiav tawm, xws li ua tiav koj cov cai ntawm tus neeg rau zaub mov, tab sis tseem tsis tau muaj kev siv dag zog ua haujlwm. Txij li thaum DN txoj hlua parsing code uas ua rau muaj qhov tsis zoo yog raug tua nyob rau theem ua ntej kuaj xyuas qhov tsis lees paub qhov tseeb, qhov teeb meem tuaj yeem siv los ntawm tus neeg tawm tsam uas tsis muaj tus lej ntawm lub server.
- CVE-2021-20277 Ib qho kev nyeem tawm ntawm qhov tsis sib xws tshwm sim thaum AD DC LDAP server ua cov txheej txheem tshwj xeeb uas cov neeg siv tau txhais cov lim. Qhov teeb meem yuav ua rau tus neeg saib xyuas neeg rau zaub mov poob lossis xau cov ntsiab lus los ntawm cov txheej txheem nco.
Tau qhov twg los: opennet.ru