ProHoster > Blog > internet nhau > 8 njodzi ine njodzi yakagadziriswa muSamba

8 njodzi ine njodzi yakagadziriswa muSamba

Kururamisa kuburitswa kweSamba package 4.15.2, 4.14.10 uye 4.13.14 zvakaburitswa nekubviswa kwe8 hutsungiriro, mazhinji ayo anogona kutungamirira kuzere kukanganisa kweActive Directory domain. Zvinokosha kuziva kuti rimwe rematambudziko rakagadziriswa kubvira 2016, uye mashanu kubva 2020, zvisinei, imwe gadziriso yakaita kuti zvisaite kuvhura winbindd ne "bvumira akavimbika domains = kwete" kuseta (vagadziri vanotarisira kukurumidza kuburitsa imwe update ine gadzirisa). Kuburitswa kwepakeji yekuvandudza mukugovera kunogona kuteverwa pamapeji: Debian, Ubuntu, RHEL, SUSE, Fedora, Arch, FreeBSD.

Fixed vulnerabilities:

  • CVE-2020-25717 - nekuda kwekukanganisika mukufunga kwemepu vashandisi vedomasi kune vashandisi venzvimbo, mushandisi weActive Directory domain ane kugona kugadzira maakaundi matsva pane yake system, inotungamirwa kuburikidza nems-DS-MachineAccountQuota, inogona kuwana midzi. kuwana kune mamwe masisitimu anosanganisirwa mudura.
  • CVE-2021-3738 Kushandiswa mushure mekuwana mahara muSamba AD DC RPC server kusevenzeswa (dsdb), izvo zvinogona kutungamira mukukwidziridzwa kweropafadzo kana uchinyengedza zvinongedzo.
  • CVE-2016-2124 - Mutengi kubatana kwakatangwa uchishandisa SMB1 protocol inogona kuchinjirwa kune inopfuudza echokwadi paramita mumavara akajeka kana kuburikidza neNTLM (semuenzaniso, kuona humbowo panguva yekurwiswa kweMITM), kunyangwe mushandisi kana chishandiso chine marongero akatsanangurwa kuti anosungirwa. kuvimbiswa kuburikidza neKerberos.
  • CVE-2020-25722 - Samba-yakavakirwa Active Directory domain controller haina kuita chaiyo yekuwana cheki pane yakachengetwa data, ichibvumira chero mushandisi kudarika chiremera chekutarisa uye kukanganisa zvachose dura.
  • CVE-2020-25718 - Samba-based Active Directory domain controller haina kunyatsoparadzanisa matikiti eKerberos akabudiswa neRODC (Read-only domain controller), iyo inogona kushandiswa kuwana matikiti emutungamiri kubva kuRODC pasina mvumo yekuita saizvozvo.
  • CVE-2020-25719 - Samba-based Active Directory domain controller haana kugara achifunga nezveSID nePAC minda mumatikiti eKerberos (pakuseta "gensec:require_pac = chokwadi", zita chete ndiro rakaongororwa, uye PAC haina kutorwa. muaccount), izvo zvakabvumira mushandisi , ane kodzero yekugadzira maakaundi pane yemuno system, kutevedzera mumwe mushandisi mudura, kusanganisira ane rombo rakanaka.
  • CVE-2020-25721 - Kune vashandisi vakatenderwa vachishandisa Kerberos, yakasarudzika Active Directory identifier (objectSid) yaisagaro pihwa, izvo zvinogona kutungamira kune mharadzano pakati pemushandisi nemumwe.
  • CVE-2021-23192 - Munguva yekurwiswa kweMITM, zvaigoneka kubira zvimedu muhombe DCE/RPC zvikumbiro zvakakamurwa kuita zvikamu zvakati wandei.

Source: opennet.ru

Voeg