Ma Samba patches 4.15.2, 4.14.10, ndi 4.13.14 asindikizidwa, akufotokoza zovuta zisanu ndi zitatu, zomwe zambiri zingayambitse kusokonekera kwathunthu kwa domain ya Active Directory. Chodziwika bwino ndichakuti, vuto limodzi lidasinthidwa kuyambira 2016, ndipo asanu kuyambira 2020. Komabe, patch imodzi idaletsa winbindd kugwira ntchito pamene makonda a "allow trusted domains = no" adakhazikitsidwa (opanga mapulogalamu akufuna kufalitsa nthawi yomweyo zosintha zina ndi kukonza). Kutulutsidwa kwa zosintha za phukusi mu magawo kumatha kutsatiridwa patsamba lotsatirali: Debian, Ubuntu, RHEL, SUSE, Fedora, Arch, FreeBSD.
Zowonongeka Zokhazikika:
- CVE-2020-25717 - Chifukwa cha vuto la kulinganiza ogwiritsa ntchito domain kwa ogwiritsa ntchito makina am'deralo, wogwiritsa ntchito domain ya Active Directory yemwe ali ndi luso lopanga maakaunti atsopano pamakina awo, omwe amayendetsedwa kudzera mu ms-DS-MachineAccountQuota, akhoza kupeza mwayi wolowera kumakina ena mkati mwa domain. domain.
- CVE-2021-3738 - Chiwopsezo chogwiritsa ntchito pambuyo paulere pakukhazikitsa kwa seva ya Samba AD DC (dsdb) RPC kumatha kudzetsa mwayi pakuwongolera kulumikizidwa.
- CVE-2016-2124 - Malumikizidwe amakasitomala omwe akhazikitsidwa pogwiritsa ntchito protocol ya SMB1 atha kutumizidwanso ku mawu omveka bwino kapena kutsimikizika kwa NTLM (mwachitsanzo, kudziwa ziyeneretso za kuwukira kwapakati), ngakhale wogwiritsa ntchitoyo kapena pulogalamuyo itakonzedwa kuti ifunike kutsimikizika kwa Kerberos.
- CVE-2020-25722 - Woyang'anira dera la Samba-based Active Directory sanachite cheke choyenera pa data yosungidwa, kulola wogwiritsa ntchito aliyense kuti alambalale cheke cha chilolezo ndikusokoneza kwathunthu derali.
- CVE-2020-25718 - Woyang'anira domain Active Directory yochokera ku Samba sanalekanitse bwino matikiti a Kerberos operekedwa ndi Read-only domain controller (RODC), omwe angagwiritsidwe ntchito kupeza matikiti owongolera kuchokera ku RODC popanda chilolezo.
- CVE-2020-25719 - Woyang'anira domeni ya Active Directory yochokera ku Samba samaganizira nthawi zonse magawo a SID ndi PAC mu matikiti a Kerberos (pokhazikitsa "gensec:require_pac = zoona", dzina lokha ndi lomwe lidawunikidwa, ndipo PAC sinaganiziridwe), zomwe zimalola wogwiritsa ntchito kukhala ndi ufulu wopanga maakaunti pakompyuta yapamalopo kuti awononge wina.
- CVE-2020-25721 - Ogwiritsa ntchito ovomerezeka a Kerberos sanali kupatsidwa zizindikiritso zapadera za Active Directory (objectSid), zomwe zitha kupangitsa kuti ogwiritsa ntchito agwirizane.
- CVE-2021-23192 - Kuukira kwa munthu wapakati kumatha kuwononga zidutswa muzopempha zazikulu za DCE/RPC zomwe zimagawika m'magawo angapo.
Source: opennet.ru
