ProHoster > Блог > ozi ịntanetị > Adịghị ike na Samba nke na-enye onye ọrụ ọ bụla ohere ịgbanwe paswọọdụ ha

Adịghị ike na Samba nke na-enye onye ọrụ ọ bụla ohere ịgbanwe paswọọdụ ha

Mwepụta mmezi nke Samba 4.16.4, 4.15.9 na 4.14.14 ka ebipụtara, na-ewepụ adịghị ike 5. Enwere ike nyochaa mwepụta mmelite ngwugwu na nkesa na ibe: Debian, Ubuntu, RHEL, SUSE, Arch, FreeBSD.

Ihe ọghọm kachasị dị ize ndụ (CVE-2022-32744) na-enye ndị ọrụ ngalaba Active Directory ohere ịgbanwe paswọọdụ onye ọrụ ọ bụla, gụnyere ikike ịgbanwe paswọọdụ nchịkwa wee nweta njikwa zuru oke na ngalaba ahụ. Ihe kpatara nsogbu a bụ KDC na-anabata arịrịọ kpasswd ejiri igodo amara ama ezoro ezo.

Onye na-awakpo nwere ohere ngalaba nwere ike izipu arịrịọ ụgha ka ịtọọ paswọọdụ ọhụrụ n'aha onye ọrụ ọzọ, jiri igodo nke ya zoo ya, na KDC ga-ahazi ya na-enyochaghị na igodo ahụ dabara na akaụntụ ahụ. Igodo nke ndị njikwa ngalaba na-agụ naanị (RODCs) nke na-enweghị ikike ịgbanwe okwuntughe nwekwara ike iji zipu arịrịọ ụgha. Dị ka ihe na-arụ ọrụ, ị nwere ike gbanyụọ nkwado maka protocol kpasswd site na ịgbakwunye ahịrị "kpasswd port = 0" na smb.conf.

Ihe ọghọm ndị ọzọ:

  • CVE-2022-32746 - Ndị ọrụ ndekọ aha na-arụsi ọrụ ike, site na izipu LDAP emebere nke ọma “gbakwunye” ma ọ bụ “gbanwee” arịrịọ, nwere ike ịkpalite ohere nchekwa na-enweghị n'efu na usoro ihe nkesa. Ihe kpatara nsogbu a bụ na modul ndekọ ndekọ nyocha na-enweta ọdịnaya nke ozi LDAP mgbe modul nchekwa data tọhapụrụ ebe nchekwa ekenyere maka ozi ahụ. Iji mee mbuso agha, ị ga-enwerịrị ikike ịgbakwunye ma ọ bụ gbanwee ụfọdụ njirimara dị mkpa, dị ka userAccountControl.
  • Ndị ọrụ ndekọ aha na-arụ ọrụ CVE-2022-2031 nwere ike gafere ụfọdụ mmachi na ngalaba njikwa. KDC na ọrụ kpasswd nwere ike imebi tiketi ibe ha, ebe ha na-ekerịta otu igodo na akaụntụ. N'ihi ya, onye ọrụ rịọrọ mgbanwe paswọọdụ nwere ike iji tiketi enwetara iji nweta ọrụ ndị ọzọ.
  • Ndị ọrụ CVE-2022-32745 Active Directory nwere ike ime ka usoro ihe nkesa daa site na izipu arịrịọ LDAP "gbakwunye" ma ọ bụ "gbanwee" iji nweta data na-amaghị.
  • CVE-2022-32742 - Mwepu ozi gbasara ọdịnaya nke ebe nchekwa ihe nkesa site na iji usoro SMB1. Onye ahịa SMB1 nwere ike ide ohere nchekwa nkekọrịta nwere ike ịmepụta ọnọdụ maka ide akụkụ nke usoro ihe nkesa nke ọdịnaya ebe nchekwa na faịlụ ma ọ bụ zipu ya na ngwa nbipute. A na-eme mwakpo ahụ site na izipu arịrịọ “dee” na-egosi oke ezighi ezi. Nsogbu a na-emetụta naanị alaka Samba tupu 4.11 (na ngalaba 4.11, nkwado SMB1 nwere nkwarụ na ndabara).

isi: opennet.ru

Tinye a comment