Ko nga putanga whakatika o te kete Samba 4.14.2, 4.13.7 me 4.12.14 kua whakaritea, e rua nga whakaraerae kua whakatikahia:
- Ko te CVE-2020-27840 he ngoikoretanga putunga arai e puta ana i te tukatuka i ngā Ingoa Motuhake (DN) kua hangaia mō te hunga motuhake. Ka taea e te kaiwhakaeke ingoakore te pakaru i tētahi tūmau AD DC LDAP e hangai ana ki a Samba mā te tuku i tētahi tono here kua hangaia mō te hunga motuhake. Nā te mea ka taea e te whakaeke te whakahaere i te whānuitanga tuhi anō, kāore e taea te whakakore i ngā hua kino ake, pērā i te whakahaere waehere. tūmau, engari kāore anō kia whakamahia he whakamahinga e mahi ana. Nā te mea kua whakahaerehia te waehere e meinga ai te ngoikoretanga ki te wetewete i te aho DN i mua i te tirotiro i ngā tawhā manatoko, ka taea te whakamahi i te raruraru e te kaiwhakaeke kāore he pūkete i runga. tūmau.
- CVE-2021-20277 Ka puta te panui parepare ki waho i te wa e tukatuka ana te tūmau AD DC LDAP i tetahi tātari kua tautuhia e te kaiwhakamahi. Ko te raruraru pea ka pakaru te kaihautu tūmau, ka turuturu ranei nga ihirangi mai i te mahara tukanga.
Source: opennet.ru
