ProHoster > ื‘ืœื•ื’ > ื—ื“ืฉื•ืช ื‘ืื™ื ื˜ืจื ื˜ > 8 ืคื’ื™ืขื•ืช ืžืกื•ื›ื ื•ืช ืฉืชื•ืงื ื• ื‘ืกืžื‘ื”

8 ืคื’ื™ืขื•ืช ืžืกื•ื›ื ื•ืช ืฉืชื•ืงื ื• ื‘ืกืžื‘ื”

ืžื”ื“ื•ืจื•ืช ืžืชืงื ื•ืช ืฉืœ Samba 4.15.2, 4.14.10 ื•-4.13.14 ืคื•ืจืกืžื•, ื•ืžื‘ื˜ืœื•ืช 8 ื ืงื•ื“ื•ืช ืชื•ืจืคื”, ืจื•ื‘ืŸ ื™ื›ื•ืœื•ืช ืœื”ื•ื‘ื™ืœ ืœื”ืชืคืฉืจื•ืช ืžื•ื—ืœื˜ืช ืฉืœ ืชื—ื•ื Active Directory. ืจืื•ื™ ืœืฆื™ื™ืŸ ืฉืื—ืช ื”ื‘ืขื™ื•ืช ืชื•ืงื ื” ืžืื– 2016, ื•ื—ืžืฉ ืžืื– 2020, ืขื ื–ืืช, ืชื™ืงื•ืŸ ืื—ื“ ืื™ืคืฉืจ ืœื”ืคืขื™ืœ ืืช winbindd ืขื ื”ื”ื’ื“ืจื” "ืืคืฉืจ ื“ื•ืžื™ื™ื ื™ื ืžื”ื™ืžื ื™ื = ืœื" (ื”ืžืคืชื—ื™ื ืžืชื›ื•ื•ื ื™ื ืœืคืจืกื ื‘ืžื”ื™ืจื•ืช ืขื“ื›ื•ืŸ ื ื•ืกืฃ ืขื ืœืชืงืŸ). ื ื™ืชืŸ ืœืขืงื•ื‘ ืื—ืจ ืฉื—ืจื•ืจ ืขื“ื›ื•ื ื™ ื”ื—ื‘ื™ืœื•ืช ื‘ื”ืคืฆื•ืช ื‘ื“ืคื™ื: Debian, Ubuntu, RHEL, SUSE, Fedora, Arch, FreeBSD.

ืคื’ื™ืขื•ื™ื•ืช ืžืชื•ืงื ื•ืช:

  • CVE-2020-25717 - ืขืงื‘ ืคื’ื ื‘ืœื•ื’ื™ืงื” ืฉืœ ืžื™ืคื•ื™ ืžืฉืชืžืฉื™ ื“ื•ืžื™ื™ืŸ ืœืžืฉืชืžืฉื™ ืžืขืจื›ืช ืžืงื•ืžื™ื™ื, ืžืฉืชืžืฉ ื“ื•ืžื™ื™ืŸ Active Directory ืฉื™ืฉ ืœื• ืืช ื”ื™ื›ื•ืœืช ืœื™ืฆื•ืจ ื—ืฉื‘ื•ื ื•ืช ื—ื“ืฉื™ื ื‘ืžืขืจื›ืช ืฉืœื•, ื”ืžื ื•ื”ืœื™ื ื‘ืืžืฆืขื•ืช ms-DS-MachineAccountQuota, ื™ื›ื•ืœ ืœืงื‘ืœ ืฉื•ืจืฉ ื’ื™ืฉื” ืœืžืขืจื›ื•ืช ืื—ืจื•ืช ื”ื›ืœื•ืœื•ืช ื‘ื“ื•ืžื™ื™ืŸ.
  • CVE-2021-3738 ื”ื•ื ืฉื™ืžื•ืฉ ืœืื—ืจ ื’ื™ืฉื” ื—ื•ืคืฉื™ืช ื‘ื™ื™ืฉื•ื ืฉืจืช Samba AD DC RPC (dsdb), ืฉืขืœื•ืœ ืœื”ื•ื‘ื™ืœ ืœื”ืกืœืžื” ืฉืœ ื”ืจืฉืื•ืช ื‘ืขืช ืžื ื™ืคื•ืœืฆื™ื” ืฉืœ ื—ื™ื‘ื•ืจื™ื.
  • CVE-2016-2124 - ื—ื™ื‘ื•ืจื™ ืœืงื•ื— ืฉื ื•ืฆืจื• ื‘ืืžืฆืขื•ืช ืคืจื•ื˜ื•ืงื•ืœ SMB1 ื™ื›ื•ืœื™ื ืœืขื‘ื•ืจ ืœื”ืขื‘ืจืช ืคืจืžื˜ืจื™ ืื™ืžื•ืช ื‘ื˜ืงืกื˜ ื‘ืจื•ืจ ืื• ื‘ืืžืฆืขื•ืช NTLM (ืœื“ื•ื’ืžื”, ื›ื“ื™ ืœืงื‘ื•ืข ืื™ืฉื•ืจื™ื ื‘ืžื”ืœืš ื”ืชืงืคื•ืช MITM), ื’ื ืื ืœืžืฉืชืžืฉ ืื• ืœืืคืœื™ืงืฆื™ื” ื™ืฉ ืืช ื”ื”ื’ื“ืจื•ืช ืฉืฆื•ื™ื ื• ืื™ืžื•ืช ื—ื•ื‘ื” ื“ืจืš Kerberos.
  • CVE-2020-25722 โ€“ ื‘ืงืจ ืชื—ื•ื Active Directory ืžื‘ื•ืกืก Samba ืœื ื‘ื™ืฆืข ื‘ื“ื™ืงื•ืช ื’ื™ืฉื” ื ืื•ืชื•ืช ืœื ืชื•ื ื™ื ืžืื•ื—ืกื ื™ื, ืžื” ืฉืืคืฉืจ ืœื›ืœ ืžืฉืชืžืฉ ืœืขืงื•ืฃ ื‘ื“ื™ืงื•ืช ืกืžื›ื•ืช ื•ืœืกื›ืŸ ืœื—ืœื•ื˜ื™ืŸ ืืช ื”ืชื—ื•ื.
  • CVE-2020-25718 โ€“ ื‘ืงืจ ื”ืชื—ื•ื ืฉืœ Active Directory ืžื‘ื•ืกืก Samba ืœื ื‘ื•ื“ื“ ื›ืจืื•ื™ ื›ืจื˜ื™ืกื™ Kerberos ืฉื”ื•ื ืคืงื• ืขืœ ื™ื“ื™ RODC (ื‘ืงืจ ืชื—ื•ื ืœืงืจื™ืื” ื‘ืœื‘ื“), ืืฉืจ ื ื™ืชืŸ ืœื”ืฉืชืžืฉ ื‘ื”ื ื›ื“ื™ ืœื”ืฉื™ื’ ื›ืจื˜ื™ืกื™ื ืฉืœ ืžื ื”ืœ ืžืขืจื›ืช ืžื”-RODC ืœืœื ื”ืจืฉืื” ืœืขืฉื•ืช ื–ืืช.
  • CVE-2020-25719 โ€“ ื‘ืงืจ ื”ืชื—ื•ื Active Directory ืžื‘ื•ืกืก Samba ืœื ืชืžื™ื“ ืœืงื— ื‘ื—ืฉื‘ื•ืŸ ืืช ืฉื“ื•ืช SID ื•-PAC ื‘ื›ืจื˜ื™ืกื™ Kerberos (ื›ืืฉืจ ื”ื’ื“ืจืช "gensec:require_pac = true", ืจืง ื”ืฉื ื ื‘ื“ืง, ื•ื”-PAC ืœื ื”ื™ื” ื ืœืงื— ื‘ื—ืฉื‘ื•ืŸ), ืžื” ืฉืืคืฉืจ ืœืžืฉืชืžืฉ, ื‘ืขืœ ื”ื–ื›ื•ืช ืœื™ืฆื•ืจ ื—ืฉื‘ื•ื ื•ืช ื‘ืžืขืจื›ืช ื”ืžืงื•ืžื™ืช, ืœื”ืชื—ื–ื•ืช ืœืžืฉืชืžืฉ ืื—ืจ ื‘ื“ื•ืžื™ื™ืŸ, ื›ื•ืœืœ ืžื™ื•ื—ืก.
  • CVE-2020-25721 โ€“ ืขื‘ื•ืจ ืžืฉืชืžืฉื™ื ืฉืื•ืžืชื• ื‘ืืžืฆืขื•ืช Kerberos, ืœื ืชืžื™ื“ ื”ื•ื ืคืง ืžื–ื”ื” Active Directory ื™ื™ื—ื•ื“ื™ (objectSid), ืžื” ืฉืขืœื•ืœ ืœื”ื•ื‘ื™ืœ ืœืฆืžืชื™ื ื‘ื™ืŸ ืžืฉืชืžืฉ ืื—ื“ ืœืžืฉื ื”ื•.
  • CVE-2021-23192 - ื‘ืžื”ืœืš ืžืชืงืคืช MITM, ื ื™ืชืŸ ื”ื™ื” ืœื–ื™ื™ืฃ ืงื˜ืขื™ื ื‘ื‘ืงืฉื•ืช DCE/RPC ื’ื“ื•ืœื•ืช ืžืคื•ืฆืœื•ืช ืœืžืกืคืจ ื—ืœืงื™ื.

ืžืงื•ืจ: OpenNet.ru

ื”ื•ืกืคืช ืชื’ื•ื‘ื”