8 qhov teeb meem txaus ntshai tau kho hauv Samba

Cov kev kho Samba 4.15.2, 4.14.10, thiab 4.13.14 tau muab tso tawm lawm, daws yim qhov tsis muaj zog, feem ntau ntawm cov no yuav ua rau muaj kev cuam tshuam tag nrho ntawm Active Directory domain. Qhov tseem ceeb, ib qho ntawm cov teeb meem tau kho txij li xyoo 2016, thiab tsib txij li xyoo 2020. Txawm li cas los xij, ib qho kev kho tau tiv thaiv winbindd kom tsis txhob khiav thaum qhov chaw "tso cai rau cov domains ntseeg siab = tsis muaj" tau qhib (cov neeg tsim khoom npaj siab yuav tshaj tawm lwm qhov hloov tshiab nrog qhov kho). Kev tso tawm ntawm cov kev hloov tshiab pob khoom hauv kev faib tawm tuaj yeem taug qab ntawm cov nplooj ntawv hauv qab no: Debian, Ubuntu, RHEL, SUSE, Fedora, Arch, FreeBSD.

Fixed vulnerabilities:

  • CVE-2020-25717 - Vim muaj qhov tsis zoo hauv kev sib txuas cov neeg siv hauv domain mus rau cov neeg siv hauv zos, tus neeg siv Active Directory domain uas muaj peev xwm tsim cov nyiaj tshiab ntawm lawv lub system, tswj hwm los ntawm ms-DS-MachineAccountQuota, tuaj yeem nkag mus rau lwm lub system hauv domain. sau.
  • CVE-2021-3738 yog Kev Siv tom qab kev siv dawb hauv Samba AD DC RPC server siv (dsdb), uas tuaj yeem ua rau muaj kev nce ntxiv ntawm cov cai thaum tswj kev sib txuas.
  • CVE-2016-2124 - Cov neeg siv khoom sib txuas tau tsim los siv SMB1 raws tu qauv tuaj yeem hloov mus rau qhov kev lees paub qhov tseeb hauv cov ntawv ntshiab lossis ntawm NTLM (piv txwv li, txhawm rau txiav txim siab cov ntaub ntawv pov thawj thaum MITM tawm tsam), txawm tias tus neeg siv lossis daim ntawv thov muaj cov chaw teev tseg rau yuav tsum tau ua. authentication ntawm Kerberos.
  • CVE-2020-25722 - Samba-based Active Directory domain controller tsis ua qhov kev kuaj xyuas kom zoo ntawm cov ntaub ntawv khaws cia, tso cai rau txhua tus neeg siv los hla cov cai tswj xyuas thiab ua rau muaj kev cuam tshuam tag nrho.
  • CVE-2020-25718 - Samba-based Active Directory domain controller tsis raug cais Kerberos daim pib tawm los ntawm RODC (Nyeem nkaus xwb domain controller), uas tuaj yeem siv kom tau txais daim pib thawj coj los ntawm RODC yam tsis muaj kev tso cai ua li ntawd.
  • CVE-2020-25719 - Samba-based Active Directory domain controller tsis tas yuav suav nrog SID thiab PAC teb hauv Kerberos daim pib (thaum teeb tsa "gensec:require_pac = tseeb", tsuas yog kuaj lub npe, thiab PAC tsis raug coj los siv. mus rau hauv tus account), uas tso cai rau tus neeg siv , leej twg muaj txoj cai los tsim cov nyiaj hauv cheeb tsam hauv zos, ua rau lwm tus neeg siv hauv lub npe, suav nrog ib qho muaj cai.
  • CVE-2020-25721 - Rau cov neeg siv kev lees paub siv Kerberos, tus cim Active Directory cim (objectSid) tsis yog ib txwm muab, uas tuaj yeem ua rau muaj kev sib tshuam ntawm ib tus neeg siv thiab lwm tus.
  • CVE-2021-23192 - Thaum lub sij hawm MITM tawm tsam, nws muaj peev xwm ua rau cov khoom seem hauv DCE / RPC loj thov faib ua ob peb ntu.

Tau qhov twg los: opennet.ru

Yuav txhim khu kev qha hosting rau cov chaw nrog DDoS tiv thaiv, VPS VDS servers πŸ”₯ Yuav lub vev xaib hosting txhim khu kev qha nrog kev tiv thaiv DDoS, VPS VDS servers | ProHoster