ProHoster > Блог > ozi ịntanetị > Samba doziri adịghị ike 8 dị ize ndụ

Samba doziri adịghị ike 8 dị ize ndụ

Ebipụtala mwepụta mmezi nke Samba 4.15.2, 4.14.10 na 4.13.14, na-ewepụ adịghị ike 8, ọtụtụ n'ime ha nwere ike iduga nbibi zuru oke nke ngalaba ndekọ aha Active. Ọ bụ ihe kwesịrị ịrịba ama na edoziwo otu n'ime nsogbu ndị ahụ kemgbe 2016, na ise kemgbe 2020, Otú ọ dị, otu ndozi mere ka ọ ghara ikwe omume ịmalite winbindd na ntọala "ekwe ka ndị tụkwasịrị obi = mba" (ndị mmepe ahụ bu n'obi ibipụta mmelite ọzọ ngwa ngwa na a). idozi). Enwere ike nyochaa mwepụta nke mmelite ngwugwu na nkesa na ibe: Debian, Ubuntu, RHEL, SUSE, Fedora, Arch, FreeBSD.

Ọdịmma emebere:

  • CVE-2020-25717 - n'ihi ntụpọ dị n'echiche nke ndị ọrụ ngalaba maapụ na ndị ọrụ sistemụ mpaghara, onye ọrụ ngalaba Active Directory nwere ikike ịmepụta akaụntụ ọhụrụ na sistemụ ya, jisiri site na ms-DS-MachineAccountQuota, nwere ike nweta mgbọrọgwụ. ịnweta sistemụ ndị ọzọ gụnyere na ngalaba.
  • CVE-2021-3738 bụ ojiji mgbe ị nweta ohere n'efu na Samba AD DC RPC ihe nkesa (dsdb), nke nwere ike ibute mmụba nke ihe ùgwù mgbe ị na-emegharị njikọ.
  • CVE-2016-2124 - Njikọ ndị ahịa guzobere site na iji SMB1 protocol nwere ike gbanwee gaa na ntinye nyocha na ederede doro anya ma ọ bụ site na NTLM (dịka ọmụmaatụ, iji chọpụta nzere n'oge ọgụ MITM), ọbụlagodi na onye ọrụ ma ọ bụ ngwa nwere ntọala akọwapụtara amanyere amanyere. site na Kerberos.
  • CVE-2020-25722 - Onye na-ahụ maka ngalaba Active Directory nke sitere na Samba emeghị nlele nnabata kwesịrị ekwesị na data echekwara, na-enye onye ọrụ ọ bụla ohere ịgafe nlele ikike wee mebie ngalaba ahụ kpamkpam.
  • CVE-2020-25718 - Onye na-ahụ maka ngalaba Active Directory nke Samba ekewapụghị tiketi Kerberos nke RODC (onye na-ahụ maka ngalaba na-agụ naanị), nke enwere ike iji nweta tiketi nchịkwa site na RODC na-enweghị ikike ime ya.
  • CVE-2020-25719 - Onye na-ahụ maka ngalaba Active Directory nke Samba anaghị eburu n'uche mgbe niile mpaghara SID na PAC na tiketi Kerberos (mgbe ị na-edobe “gensec:require_pac = eziokwu”, naanị aha a na-enyocha, yana PAC abụghị ewere n'ime akaụntụ), nke kwere ka onye ọrụ , onye nwere ikike ịmepụta akaụntụ na mpaghara mpaghara, na-eme ka onye ọrụ ọzọ na ngalaba, gụnyere onye nwere ikike.
  • CVE-2020-25721 - Maka ndị ọrụ akwadoro site na iji Kerberos, anaghị enye ihe nchọpụta ọrụ pụrụ iche (objectSid) mgbe niile, nke nwere ike bute njikọ n'etiti otu onye ọrụ na onye ọzọ.
  • CVE-2021-23192 - N'oge mwakpo MITM, ọ ga-ekwe omume ịsacha iberibe na nnukwu arịrịọ DCE/RPC kewara n'ọtụtụ akụkụ.

isi: opennet.ru

Tinye a comment