Samba patches 4.15.2, 4.14.10, uye 4.13.14 dzakaburitswa, dzichitarisa matambudziko masere, mazhinji acho anogona kukonzera kukanganiswa kweActive Directory domain. Zvinonyanya kukosha, imwe yematambudziko yakagadziriswa kubva muna 2016, uye mashanu kubva muna 2020. Zvisinei, patch imwe chete yakadzivirira winbindd kuti isashande kana "allow trusted domains = no" setting yabvumidzwa (vagadziri vanoda kukurumidza kuburitsa imwe update ine kugadzirisa). Kuburitswa kwepakeji updates mukugoverwa kunogona kuteverwa pamapeji anotevera: Debian, Ubuntu, RHEL, SUSE, Fedora, Arch, FreeBSD.
Fixed vulnerabilities:
- CVE-2020-25717 - Nekuda kwekusarongeka kwekufunga kwekushandisa ma domain kune vashandisi vesystem yemunharaunda, mushandisi we domain yeActive Directory ane kugona kugadzira maakaundi matsva pasystem yavo, inotungamirwa kuburikidza ne ms-DS-MachineAccountQuota, anogona kuwana mukana wekupinda kune mamwe masisitimu ari mukati me domain. domain.
- CVE-2021-3738 Kushandiswa mushure mekuwana mahara muSamba AD DC RPC server kusevenzeswa (dsdb), izvo zvinogona kutungamira mukukwidziridzwa kweropafadzo kana uchinyengedza zvinongedzo.
- CVE-2016-2124 - Mutengi kubatana kwakatangwa uchishandisa SMB1 protocol inogona kuchinjirwa kune inopfuudza echokwadi paramita mumavara akajeka kana kuburikidza neNTLM (semuenzaniso, kuona humbowo panguva yekurwiswa kweMITM), kunyangwe mushandisi kana chishandiso chine marongero akatsanangurwa kuti anosungirwa. kuvimbiswa kuburikidza neKerberos.
- CVE-2020-25722 - Samba-yakavakirwa Active Directory domain controller haina kuita chaiyo yekuwana cheki pane yakachengetwa data, ichibvumira chero mushandisi kudarika chiremera chekutarisa uye kukanganisa zvachose dura.
- CVE-2020-25718 - Samba-based Active Directory domain controller haina kunyatsoparadzanisa matikiti eKerberos akabudiswa neRODC (Read-only domain controller), iyo inogona kushandiswa kuwana matikiti emutungamiri kubva kuRODC pasina mvumo yekuita saizvozvo.
- CVE-2020-25719 - Samba-based Active Directory domain controller haana kugara achifunga nezveSID nePAC minda mumatikiti eKerberos (pakuseta "gensec:require_pac = chokwadi", zita chete ndiro rakaongororwa, uye PAC haina kutorwa. muaccount), izvo zvakabvumira mushandisi , ane kodzero yekugadzira maakaundi pane yemuno system, kutevedzera mumwe mushandisi mudura, kusanganisira ane rombo rakanaka.
- CVE-2020-25721 - Kune vashandisi vakatenderwa vachishandisa Kerberos, yakasarudzika Active Directory identifier (objectSid) yaisagaro pihwa, izvo zvinogona kutungamira kune mharadzano pakati pemushandisi nemumwe.
- CVE-2021-23192 - Munguva yekurwiswa kweMITM, zvaigoneka kubira zvimedu muhombe DCE/RPC zvikumbiro zvakakamurwa kuita zvikamu zvakati wandei.
Source: opennet.ru
