E bipụtala Samba patches 4.15.2, 4.14.10, na 4.13.14, na-edozi nsogbu asatọ, nke ọtụtụ n'ime ha nwere ike ibute mmebi zuru oke nke ngalaba Active Directory. Ihe dị mkpa bụ na a rụchara otu n'ime nsogbu ndị a kemgbe 2016, na ise kemgbe 2020. Agbanyeghị, otu patch gbochiri winbindd ịgba ọsọ mgbe agbanyere ntọala "allow trusted domains = no" (ndị mmepe na-ezube ibipụta mmelite ọzọ ozugbo na ndozi ahụ). Enwere ike ịchọta mwepụta nke mmelite ngwugwu na nkesa na peeji ndị a: Debian, Ubuntu, RHEL, SUSE, Fedora, Arch, FreeBSD.
Ọdịmma emebere:
- CVE-2020-25717 - N'ihi ntụpọ dị n'echiche maka ịkepụta ndị ọrụ ngalaba na ndị ọrụ sistemụ mpaghara, onye ọrụ ngalaba Active Directory nwere ikike ịmepụta akaụntụ ọhụrụ na sistemụ ha, nke ejiri ms-DS-MachineAccountQuota jikwaa, nwere ike ịnweta mgbọrọgwụ na sistemụ ndị ọzọ dị n'ime ngalaba ahụ. ngalaba.
- CVE-2021-3738 bụ ojiji mgbe ị nweta ohere n'efu na Samba AD DC RPC ihe nkesa (dsdb), nke nwere ike ibute mmụba nke ihe ùgwù mgbe ị na-emegharị njikọ.
- CVE-2016-2124 - Njikọ ndị ahịa guzobere site na iji SMB1 protocol nwere ike gbanwee gaa na ntinye nyocha na ederede doro anya ma ọ bụ site na NTLM (dịka ọmụmaatụ, iji chọpụta nzere n'oge ọgụ MITM), ọbụlagodi na onye ọrụ ma ọ bụ ngwa nwere ntọala akọwapụtara amanyere amanyere. site na Kerberos.
- CVE-2020-25722 - Onye na-ahụ maka ngalaba Active Directory nke sitere na Samba emeghị nlele nnabata kwesịrị ekwesị na data echekwara, na-enye onye ọrụ ọ bụla ohere ịgafe nlele ikike wee mebie ngalaba ahụ kpamkpam.
- CVE-2020-25718 - Onye na-ahụ maka ngalaba Active Directory nke Samba ekewapụghị tiketi Kerberos nke RODC (onye na-ahụ maka ngalaba na-agụ naanị), nke enwere ike iji nweta tiketi nchịkwa site na RODC na-enweghị ikike ime ya.
- CVE-2020-25719 - Onye na-ahụ maka ngalaba Active Directory nke Samba anaghị eburu n'uche mgbe niile mpaghara SID na PAC na tiketi Kerberos (mgbe ị na-edobe “gensec:require_pac = eziokwu”, naanị aha a na-enyocha, yana PAC abụghị ewere n'ime akaụntụ), nke kwere ka onye ọrụ , onye nwere ikike ịmepụta akaụntụ na mpaghara mpaghara, na-eme ka onye ọrụ ọzọ na ngalaba, gụnyere onye nwere ikike.
- CVE-2020-25721 - Maka ndị ọrụ akwadoro site na iji Kerberos, anaghị enye ihe nchọpụta ọrụ pụrụ iche (objectSid) mgbe niile, nke nwere ike bute njikọ n'etiti otu onye ọrụ na onye ọzọ.
- CVE-2021-23192 - N'oge mwakpo MITM, ọ ga-ekwe omume ịsacha iberibe na nnukwu arịrịọ DCE/RPC kewara n'ọtụtụ akụkụ.
isi: opennet.ru
