ProHoster > Ibhulogi > iindaba ze-intanethi > I-Samba ilungise ubuthathaka obu-8 obuyingozi

I-Samba ilungise ubuthathaka obu-8 obuyingozi

Ukukhutshwa okuLungileyo kwe-Samba 4.15.2, 4.14.10 kunye ne-4.13.14 ipakethe iye yapapashwa kunye nokupheliswa kobuthathaka be-8, uninzi lwalo olunokukhokelela ekuthotyweni okupheleleyo kwesizinda se-Active Directory. Kuyaphawuleka ukuba enye yeengxaki iye yalungiswa ukususela ngo-2016, kwaye ezintlanu ukususela ngo-2020, nangona kunjalo, ukulungiswa okunye kubangele ukungakwazi ukuqalisa i-winbindd kunye "nokuvumela iindawo ezithembekileyo = akukho" (abaphuhlisi banenjongo yokupapasha ngokukhawuleza olunye uhlaziyo kunye ukulungisa). Ukukhutshwa kohlaziyo lwephakheji kwizabelo kunokulandelwa kumaphepha: Debian, Ubuntu, RHEL, SUSE, Fedora, Arch, FreeBSD.

Ubuthathaka obuzinzileyo:

  • I-CVE-2020-25717-Ngenxa ye-bug kwingqiqo yabasebenzisi be-domain yemephu kubasebenzisi benkqubo yendawo, umsebenzisi wesizinda se-Active Directory okwazile ukwenza ii-akhawunti ezintsha kwinkqubo yabo elawulwa nge-ms-DS-MachineAccountQuota unokufumana ukufikelela kweengcambu kwabanye. iinkqubo zommandla.
  • I-CVE-2021-3738 - Ukufikelela kwindawo esele ikhululiwe yememori (Sebenzisa emva kwesimahla) ekuphunyezweni kweseva ye-Samba AD DC RPC (dsdb), enokuthi ikhokelele ekunyukeni kwamalungelo xa kusenziwa uqhagamshelo.
  • I-CVE-2016-2124 - Uqhagamshelwano lwabathengi olusekwe kusetyenziswa i-SMB1 protocol inokutshintshwa ukuba idlulise iiparameters zokuqinisekisa kwisicatshulwa esicacileyo okanye nge-NTLM (umzekelo, ukugqiba iziqinisekiso xa wenza uhlaselo lwe-MITM), nokuba umsebenzisi okanye isicelo sinesiqinisekiso esisinyanzelo nge-Kerberos. .
  • I-CVE-2020-25722 - Umlawuli wesizinda se-Active Directory esekwe kwi-Samba wayengenzi iitshekhi ezifanelekileyo zokufikelela kwidatha egciniweyo, evumela nawuphi na umsebenzisi ukuba adlulele kwiitshekhi zokugunyazisa kwaye athobe ngokupheleleyo i-domain.
  • I-CVE-2020-25718 - Amathikithi e-Kerberos akhutshwe yi-RODCs (abalawuli besizinda sokufunda kuphela) babengabodwa ngokuchanekileyo kwi-Samba-based Active Directory domain controller, engasetyenziselwa ukufumana amathikithi omlawuli kwi-RODC ngaphandle kwemvume yokwenza njalo.
  • I-CVE-2020-25719 - Umlawuli wesizinda se-Active Directory esekwe kwi-Samba akasoloko ethathela ingqalelo imimandla ye-SID kunye ne-PAC kumatikiti e-Kerberos ekudibaneni (xa kumiselwa "gensec:require_pac = true", kuphela igama eliye lakhangelwa, kwaye iPAC yabanjwa. ayithathelwa ngqalelo), eyavumela umsebenzisi , onelungelo lokudala ii-akhawunti kwinkqubo yendawo, azenze omnye umsebenzisi kwi-domain, kuquka abanelungelo.
  • I-CVE-2020-25721 - Abasebenzisi abaqinisekisiweyo kusetyenziswa i-Kerberos bebengasoloko benikwa izichongi ezizodwa ze-Active Directory (objectSid), ezinokukhokelela ekugqityweni komsebenzisi omnye nomnye.
  • I-CVE-2021-23192 - Ngexesha lokuhlaselwa kwe-MITM, kwakunokwenzeka ukuphanga iziqwenga kwizicelo ezinkulu ze-DCE / RPC eziye zahlulwa zibe ngamacandelo amaninzi.

umthombo: opennet.ru

Yongeza izimvo