Litokollo tse lokisoang tsa Samba 4.16.4, 4.15.9 le 4.14.14 li phatlalalitsoe, ho felisa bofokoli bo 5. Ho lokolloa ha lintlafatso tsa sephutheloana kabong ho ka lateloa maqepheng: Debian, Ubuntu, RHEL, SUSE, Arch, FreeBSD.
Kotsi e kotsi ka ho fetisisa (CVE-2022-32744) e lumella basebelisi ba sebaka sa Active Directory ho fetola phasewete ea mosebelisi ofe kapa ofe, ho kenyelletsa le bokhoni ba ho fetola phasewete ea motsamaisi le ho fumana taolo e felletseng holim'a domain. Bothata bo bakoa ke hore KDC e amohela likopo tsa kpasswd tse patiloeng ka senotlolo leha e le sefe se tsebahalang.
Mohlaseli ea nang le phihlello ea marang-rang a ka romella kopo ea bohata ea ho beha phasewete e ncha molemong oa mosebelisi e mong, a e ngolla ka senotlolo sa hae, 'me KDC e tla e sebetsa ntle le ho hlahloba hore senotlolo se lumellana le ak'haonte. Linotlolo tsa balaoli ba li-domain tse baloang feela (RODCs) tse se nang matla a ho fetola li-password le tsona li ka sebelisoa ho romella likopo tsa bohata. E le mokhoa oa ho lokisa, o ka tima ts'ehetso ea kpasswd protocol ka ho kenya mohala "kpasswd port = 0" ho smb.conf.
Bofokoli bo bong:
- CVE-2022-32746 - Basebelisi ba Active Directory, ka ho romella LDAP "eketsa" kapa "fetola" likopo tse entsoeng ka mokhoa o ikhethileng, ba ka tsosa phihlello ea memori ea ts'ebeliso ea mahala ts'ebetsong ea seva. Bothata bo bakoa ke taba ea hore mojule oa ho rema lifate o fihlella litaba tsa molaetsa oa LDAP ka mor'a hore mojule oa database o lokolle memori e abetsoeng molaetsa. Ho etsa tlhaselo, o tlameha ho ba le litokelo tsa ho eketsa kapa ho fetola litšobotsi tse khethehileng, joalo ka userAccountControl.
- Basebelisi ba CVE-2022-2031 Active Directory ba ka tlola lithibelo tse itseng ho molaoli oa sebaka. KDC le ts'ebeletso ea kpasswd li na le bokhoni ba ho hlakola litekete tsa e mong, kaha li arolelana linotlolo le liakhaonto tse tšoanang. Ka hona, mosebelisi ea kopileng ho fetoloa ha password a ka sebelisa tekete e amoheloang ho fumana lits'ebeletso tse ling.
- Basebelisi ba CVE-2022-32745 Active Directory ba ka etsa hore ts'ebetso ea seva e senyehe ka ho romella likopo tsa LDAP "eketsa" kapa "fetola" tse ka fihlelang data e sa lebelloang.
- CVE-2022-32742 - Litaba li lutla mabapi le litaba tsa memori ea seva ka ho qhekella ha protocol ea SMB1. Moreki oa SMB1 ea nang le phihlello ea ho ngola polokelong e arolelanoang a ka theha maemo a ho ngola likarolo tsa mohopolo oa tšebetso ea seva faeleng kapa ho e romela ho printa. Tlhaselo e etsoa ka ho romela kopo ea "ngola" e bontšang sebaka se fosahetseng. Bothata bo ama feela makala a Samba pele ho 4.11 (lekaleng la 4.11, tšehetso ea SMB1 e holofetse ka ho sa feleng).
Source: opennet.ru