MaSamba 4.16.4, 4.15.9, uye 4.14.14 akaburitswa, achigadzirisa matambudziko mashanu. Unogona kutevera kuburitswa kwekuvandudzwa kwemapakeji mukuparadzira uku pamapeji anotevera: Debian, Ubuntu, RHEL, SUSE, Arch, FreeBSD.
Iyo yakanyanya njodzi njodzi (CVE-2022-32744) inobvumira Active Directory domain vashandisi kuti vachinje password yechero mushandisi, kusanganisira kugona kushandura password yemutungamiriri uye kuwana kutonga kwakazara pamusoro peiyo dura. Dambudziko rinokonzerwa neKDC inotambira kpasswd zvikumbiro zvakavharidzirwa nechero kiyi inozivikanwa.
Murwisi ane mukana wekuwana dhomeini, inogona kutumira chikumbiro chekugadzirisa password chenhema panzvimbo yemumwe mushandisi, ichichivharira nekiyi yavo. KDC ichachigadzirisa isina kusimbisa kuti kiyi yacho inoenderana neakaundi. Makiyi anobva kuvatongi vedomain vanoverenga chete (RODCs), vasina mvumo yekugadzirisa password, anogonawo kushandiswa kutumira zvikumbiro zvenhema. Sekugadzirisa, unogona kudzima rutsigiro rwe kpasswd protocol nekuwedzera mutsetse wekuti "kpasswd port = 0" ku smb.conf.
Zvimwe zvinokanganisa:
- CVE-2022-32746 - Active Directory vashandisi, nekutumira yakanyatsogadzirwa LDAP "wedzera" kana "shandura" zvikumbiro, inogona kukonzeresa yekushandiswa-mushure-yemahara ndangariro kupinda mukuita server. Dambudziko rinokonzerwa nenyaya yekuti iyo yekuongorora matanda module inowana zviri mukati meiyo LDAP meseji mushure mekunge dhatabhesi module yasunungura ndangariro yakagoverwa meseji. Kuti uite kurwisa, unofanirwa kuve nekodzero yekuwedzera kana kugadzirisa mamwe hunhu hwakasarudzika, senge userAccountControl.
- CVE-2022-2031 Active Directory vashandisi vanogona kupfuura zvimwe zvirambidzo mudura rekutonga. KDC uye kpasswd sevhisi vane kugona kudhipfenyura matikiti emumwe nemumwe, sezvo vachigovana zvakafanana seti yemakiyi uye maakaundi. Nekudaro, mushandisi akakumbira shanduko yepassword anogona kushandisa tikiti rakagamuchirwa kuwana mamwe masevhisi.
- Vashandisi veCVE-2022-32745 Active Directory vanogona kukonzera kuti server process iparare nekutumira LDAP "wedzera" kana "gadzirisa" zvikumbiro zvinowana data risingazivikanwe.
- CVE-2022-32742 - Ruzivo rwezviri mukati mendangariro runoburitswa server Nekushandisa nzira yeSMB1. Mutengi weSMB1 ane mukana wekunyora panzvimbo yekuchengetera yakagovaniswa anogona kugadzira mamiriro ekunyora zvikamu zvendangariro yeserver kufaira kana kuitumira kuprinta. Kurwiswa uku kunoitwa nekutumira chikumbiro che "kunyora" chine range isina kunaka. Dambudziko iri rinongokanganisa Samba versions dzisati dzasvika 4.11 (rutsigiro rweSMB1 runodzimwa ne default mu 4.11).
Source: opennet.ru
