Samba wuxuu go'aamiyay 8 dayacan oo halis ah

Samba patches 4.15.2, 4.14.10, iyo 4.13.14 ayaa la daabacay, iyadoo wax laga qabanayo siddeed nugul, kuwaas oo intooda badan horseedi kara tanaasul dhammaystiran oo ku yimaada domain Active Directory ah. Waxaa xusid mudan, mid ka mid ah arrimaha ayaa la hagaajiyay tan iyo 2016, iyo shan tan iyo 2020. Si kastaba ha ahaatee, hal patch ayaa ka hor istaagay winbindd inuu shaqeeyo markii dejinta "allow domains trusted = no" la hawlgeliyay (horumariyayaashu waxay damacsan yihiin inay si degdeg ah u daabacaan cusbooneysiin kale oo leh hagaajinta). Siideynta cusbooneysiinta xirmooyinka ee qaybinta waxaa lagu raadraaci karaa bogagga soo socda: Debian, Ubuntu, RHEL, SUSE, Fedora, Arch, FreeBSD.

Nuglaanta go'an:

  • CVE-2020-25717 - Sababo la xiriira cillad ku jirta macquulka khariidaynta isticmaalayaasha domainka ee isticmaalayaasha nidaamka maxalliga ah, isticmaalaha domainka Active Directory oo leh awood uu ku abuuro akoonno cusub nidaamkooda, oo lagu maamulo ms-DS-MachineAccountQuota, wuxuu heli karaa marin xidid nidaamyada kale ee ku jira domainka. domain.
  • CVE-2021-3738 - Nuglaanta isticmaalka-ka-dib-free-la'aanta ah ee Samba AD DC (dsdb) hirgelinta server-ka RPC waxay u horseedi kartaa mudnaanta sare u qaadida marka la adeegsanayo habaynta isku xirka.
  • CVE-2016-2124 - Xidhiidhada macmiilka ee la sameeyay iyadoo la adeegsanayo hab-maamuuska SMB1 waxa loo weecin karaa qoraal cad ama xaqiijinta NTLM (tusaale, si loo go'aamiyo aqoonsiga weerarrada dhex-dhexaadka ah), xataa haddii isticmaaluhu ama arjiga loo habeeyey inuu u baahan yahay aqoonsiga Kerberos.
  • CVE-2020-25722 - Samba-ku-salaysan Hagaha Active Directory ma samayn hubin sax ah oo ku saabsan xogta la kaydiyay, taasoo u oggolaanaysa isticmaale kasta inuu dhaafo jeegaga oggolaanshaha oo uu gabi ahaanba wax u dhimo bogga.
  • CVE-2020-25718 - Samba-ku-salaysan Active Directory kantaroole si sax ah uma kala saarin tigidhada Kerberos ee uu bixiyay maamulaha domain-ka-akhris (RODC), kaas oo loo isticmaali karo in lagu helo tigidhada maamulka RODC ogolaansho la'aan.
  • CVE-2020-25719 - Samba-ku-salaysan Active Directory kantarooluhu had iyo jeer ma tixgalin SID iyo PAC ee tigidhada Kerberos (marka la dejiyo "gensec:require_pac = run", kaliya magaca waa la hubiyay, PACna lama tixgalin), taas oo u ogolaatay isticmaale xaq u leh inuu sameeyo xisaabaadka nidaamka maxalliga ah, oo uu ku jiro isticmaale kale oo ku jira domainka.
  • CVE-2020-25721 - Isticmaalayaasha la xaqiijiyay ee Kerberos mar walba lama soo saarin aqoonsiyada Hagaha Firfircoon ee gaarka ah (objectSid), kaas oo u horseedi kara istimaal-iyo-isticmaale.
  • CVE-2021-23192 - Weerarka dhexe ee nin-ku-gudbigu waxa uu kala jajabin karaa codsiyo waaweyn oo DCE/RPC ah kuwaas oo u kala qaybsan qaybo badan.

Source: opennet.ru

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers πŸ”₯ Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster