Isitshixo
- Ukhuseleko olongeziweyo lokuba sesichengeni
Zerologon (CVE-2020-1472) ivumela umhlaseli ukuba afumane amalungelo olawulo kumlawuli wesizinda kwiinkqubo ezingasebenzisi "isiteshi somncedisi = ewe" ukusetha. - Ubuncinci bemfuno yenguqulo yePython yonyusiwe ukusuka kwiPython 3.5 ukuya kwiPython 3.6. Ubuchule bokwakha iseva yefayile ngePython 2 bugcinwe okwangoku (phambi kokusebenza ./configure' kwaye 'wenze' kufuneka usete imo yendalo esingqongileyo 'PYTHON=python2'), kodwa kwisebe elilandelayo iya kususwa kunye nePython. 3.6 iya kufuneka xa kusakhiwa.
- Umsebenzi othi "wide links = ewe", ovumela abalawuli beseva yefayile ukuba benze izixhumanisi zesimboli kwindawo engaphandle kwesahlulelo se-SMB / CIFS sangoku, isuswe kwi-smbd ukuya kwimodyuli eyahlukileyo "vfs_widelinks". Okwangoku, le modyuli ilayishwa ngokuzenzekelayo ukuba "iikhonkco ezibanzi = ewe" ipharamitha ikhona kwizicwangciso. Kwixesha elizayo, kucetywa ukuba kususwe inkxaso ye "wide links = ewe" ngenxa yemicimbi yokhuseleko, kwaye abasebenzisi be-samba bakhuthazwa kakhulu ukuba batshintshe ukusuka kwi "wide links = ewe" ekusebenziseni "mount --bind" ukukhupha iindawo zangaphandle indlela yefayile.
- Inkxaso yolawulo lwedomeyini yemo yodidi iye yarhoxiswa. Abasebenzisi bedomeyini efana ne-NT4 ('classic') kufuneka batshintshele ekusebenziseni i-Samba Active Directory domain controller ukuze bakwazi ukusebenza nabaxumi bale mihla beWindows.
- Iindlela zokuqinisekisa ezingakhuselekanga eziyehliweyo ezinokusetyenziswa kuphela ngeSMBv1 protocol: "domain logons", "raw NTLMv2 auth", "client plaintext auth", "client NTLMv2 auth", "client lanman auth" kunye "neclient use spnego".
- Inkxaso yokhetho lwe "ldap ssl ads" isusiwe kwi smb.conf. "Isiteshi somncedisi" kulindeleke ukuba sisuswe kukhupho olulandelayo.
umthombo: opennet.ru