Kutulutsa koyenera kwa Samba 4.17.3, 4.16.7 ndi 4.15.12 kwasindikizidwa ndikuchotsa chiwopsezo (CVE-2022-42898) m'ma library a Kerberos omwe amatsogolera pakusefukira ndikulemba zambiri popanda malire pokonza PAC. (Privileged Attribute Certificate) zotumizidwa ndi munthu wovomerezeka. Kusindikizidwa kwa zosintha zamaphukusi pamagawidwe kumatha kutsatiridwa pamasamba: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD.
Kuphatikiza pa Samba, vutoli likuwonekeranso pamaphukusi omwe ali ndi MIT Kerberos ndi Heimdal Kerberos. Lipoti lachiwopsezo lochokera ku polojekiti ya Samba silinena mwatsatanetsatane zowopsezazo, koma lipoti la MIT Kerberos likuti kusatetezeka kungayambitse kuphedwa kwa ma code akutali. Kugwiritsa ntchito pachiwopsezo kumatheka pamakina a 32-bit.
Nkhaniyi imakhudza masanjidwe ndi KDC (Key Distribution Centeror) kapena kadmind. M'makonzedwe opanda Active Directory, chiwopsezocho chimawonekeranso pa ma seva a Samba pogwiritsa ntchito Kerberos. Vutoli limadza chifukwa cha cholakwika mu ntchito ya krb5_parse_pac(), chifukwa chake kukula kwa buffer komwe kumagwiritsidwa ntchito pophatikiza minda ya PAC sikunawerengedwe molakwika. Pa makina a 32-bit, pokonza ma PAC opangidwa mwapadera, cholakwika chingayambitse kuyika kwa chipika cha 16-byte chotumizidwa ndi wowukira kunja kwa buffer yomwe yaperekedwa.
Source: opennet.ru