sii daayo , kuwaas oo sii waday horumarinta laanta iyada oo si buuxda loo hirgelinayo koontaroolaha domainka iyo adeeg Hagaha Firfircoon oo la jaan qaadaya hirgelinta Windows 2000 oo awood u leh inuu u adeego dhammaan noocyada macaamiisha Windows ee ay taageerto Microsoft, oo ay ku jiraan Windows 10. Samba 4 waa badeecad hodan ku ah server-ka kaas oo sidoo kale waxay bixisaa hirgelinta server-ka faylka, adeegga daabacaadda, iyo server-ka aqoonsiga (winbind).
Furaha Samba 4.13:
- Lagu daray ilaalinta nuglaanta (CVE-2020-1472) waxay u ogolaataa weeraryahanku inuu helo xuquuq maamul oo ku saabsan kantaroolaha domainka ee nidaamyada aan isticmaalin goobta "Schannel server = haa".
- Shuruudaha nooca ugu yar ee Python ayaa laga kordhiyey Python 3.5 ilaa Python 3.6. Awoodda lagu dhisayo server-ka faylalka leh Python 2 waa la sii hayaa hadda (kahor inta aanad socodsiin ./configure' iyo 'make' waa inaad dejisaa doorsoomiyaha deegaanka 'PYTHON=python2'), laakiin laanta soo socota waa laga saarayaa iyo Python 3.6 ayaa loo baahan doonaa dhismaha.
- "Xiriirka ballaaran = haa" shaqeynta, kaas oo u oggolaanaya maamulayaasha faylalka inay abuuraan xiriiriyeyaal calaamad u ah aag ka baxsan qaybta SMB/CIFS ee hadda, ayaa laga raray smbd loona guuray cutubka "vfs_widelinks" gaar ah. Waqtigan xaadirka ah, cutubkan si toos ah ayaa loo shubaa haddii "links ballaaran = haa" meertadu ay ku jirto goobaha. Mustaqbalka, waxaa la qorsheeyay in meesha laga saaro taageerada "links ballaaran = haa" arrimo ammaan dartood, isticmaalayaasha samba waxaa si xooggan loogu dhiirigelinayaa inay ka beddelaan "links ballaaran = haa" si ay u isticmaalaan "mount --bind" si ay ugu dhejiyaan qaybaha dibadda nidaamka faylka.
- Qaabka caadiga ah taageerada kontoroolka domainka waa la joojiyay. Isticmaalayaasha kontaroolayaasha domain-ka ee NT4 ('classic') waa inay u beddelaan adeegsiga Samba Active Directory kontaroolayaasha si ay awood ugu yeeshaan inay la shaqeeyaan macaamiisha casriga ah ee Windows.
- Hababka xaqiijinta ee aan sugnayn ee la xidhay oo kaliya lagu isticmaali karo borotokoolka SMBv1: "domain logons", "raw NTLMv2 auth", "macmiil cad oo auth", "macmiil NTLMv2 auth", "lanman auth macmiilka" iyo "isticmaalka macmiilka spnego".
- Taageerada ikhtiyaarka "ldap ssl xayeysiis" ayaa laga saaray smb.conf. Xulashada "Schannel server" ayaa la filayaa in laga saaro siideynta soo socota.
Source: opennet.ru