Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Samba anakonza zosatetezeka 8

Samba anakonza zosatetezeka 8

Kutulutsa koyenera kwa phukusi la Samba 4.15.2, 4.14.10 ndi 4.13.14 kwasindikizidwa ndikuchotsa ziwopsezo za 8, zambiri zomwe zingayambitse kusagwirizana kwathunthu kwa Active Directory domain. Ndizofunikira kudziwa kuti imodzi mwamavuto idakhazikitsidwa kuyambira 2016, ndipo asanu kuyambira 2020, komabe, kukonza kumodzi kunapangitsa kuti zikhale zosatheka kukhazikitsa Winbindd ndi "Lol trusted domains = no" (opangawo akufuna kufalitsa mwachangu zosintha zina ndi kukonza). Kutulutsidwa kwa zosintha zamaphukusi pamagawidwe kumatha kutsatiridwa pamasamba: Debian, Ubuntu, RHEL, SUSE, Fedora, Arch, FreeBSD.

Zowonongeka Zokhazikika:

  • CVE-2020-25717 - chifukwa cha zolakwika m'malingaliro ogwiritsira ntchito mapu kwa ogwiritsa ntchito makina am'deralo, wogwiritsa ntchito Active Directory domain yemwe amatha kupanga maakaunti atsopano pamakina ake, oyendetsedwa ndi ms-DS-MachineAccountQuota, atha kupeza mizu. kupeza machitidwe ena omwe ali mu domain.
  • CVE-2021-3738 ndi Kugwiritsa ntchito pambuyo pofikira kwaulere pakukhazikitsa kwa seva ya Samba AD DC RPC (dsdb), komwe kungayambitse kuchulukira kwamwayi pakuwongolera maulumikizidwe.
  • CVE-2016-2124 - Malumikizidwe amakasitomala omwe akhazikitsidwa pogwiritsa ntchito protocol ya SMB1 atha kusinthidwa ndikudutsa magawo otsimikizika m'mawu omveka bwino kapena kudzera pa NTLM (mwachitsanzo, kudziwa zidziwitso pakuwukiridwa kwa MITM), ngakhale wogwiritsa ntchito kapena pulogalamuyo ali ndi zosintha zomwe zafotokozedwa kuti ndizoyenera. kutsimikizika kudzera pa Kerberos.
  • CVE-2020-25722 - Woyang'anira dera la Samba-based Active Directory sanayang'ane zopezeka pa data yosungidwa, kulola wogwiritsa ntchito aliyense kudumpha cheke chaulamuliro ndikuphwanya dera lonselo.
  • CVE-2020-25718 - woyang'anira domain Active Directory yochokera ku Samba sanalekanitse bwino matikiti a Kerberos operekedwa ndi RODC (Woyang'anira wowerengera yekha), omwe angagwiritsidwe ntchito kupeza matikiti otsogolera kuchokera ku RODC popanda chilolezo.
  • CVE-2020-25719 - Woyang'anira domain Active Directory yochokera ku Samba samaganizira nthawi zonse magawo a SID ndi PAC mu matikiti a Kerberos (pokhazikitsa "gensec:require_pac = zoona", dzina lokha lidawunikidwa, ndipo PAC sinatengedwe. mu akaunti), zomwe zinalola wogwiritsa ntchito , yemwe ali ndi ufulu wopanga maakaunti pamakina akomweko, kutengera wogwiritsa ntchito wina mu domain, kuphatikiza wodalitsika.
  • CVE-2020-25721 - Kwa ogwiritsa ntchito omwe amatsimikiziridwa pogwiritsa ntchito Kerberos, chizindikiritso cha Active Directory (objectSid) sichinkaperekedwa nthawi zonse, zomwe zingayambitse mphambano pakati pa wogwiritsa ntchito wina ndi wina.
  • CVE-2021-23192 - Pachiwopsezo cha MITM, zidatheka kuwononga zidutswa muzopempha zazikulu za DCE/RPC zogawika m'magawo angapo.

Source: opennet.ru

Kuwonjezera ndemanga