I-Samba 4.17.3, 4.16.7, kanye namapeshi angu-4.15.12 akhishiwe, kubhekwana nokuba sengozini (CVE-2022-42898) emitatsheni yolwazi ye-Kerberos engaholela ekuchichimeni okuphelele kanye nokuphuma kwemingcele lapho kucutshungulwa i-PAC (Isitifiketi Sesibaluli Esikhethekile) esithunyelwe umsebenzisi Isitifiketi Esigunyazwe Ubunikazi. Izibuyekezo zephakheji zokusabalalisa okuthile zingatholakala emakhasini alandelayo: I-Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, ne-FreeBSD.
Ngokungeziwe ku-Samba, lolu daba luphinde luthinte amaphakheji e-MIT Kerberos kanye ne-Heimdal Kerberos. Umbiko wokuba sengozini kwe-Samba awuyichazi imininingwane yosongo, kodwa umbiko we-MIT Kerberos uthi ubungozi bungase buholele ekusebenziseni ikhodi yesilawuli kude. Ukuxhashazwa kungenzeka kuphela kumasistimu we-32-bit.
Le nkinga ithinta ukucushwa nge-KDC (Key Distribution Center) noma i-kadmind. Ekucushweni ngaphandle kwe-Active Directory, ubuthakathaka bubonakala nasezinhlelweni zamafayela. amaseva I-Samba isebenzisa i-Kerberos. Inkinga ibangelwe yiphutha kumsebenzi we-krb5_parse_pac(), owabala ngokungalungile usayizi we-buffer osetshenziswe ukuhlaziya amasimu e-PAC. Kumasistimu angu-32-bit, lapho kucutshungulwa ama-PAC aklanywe ngokukhethekile, i-bug ingabangela ukuthi ibhulokhi engu-16-byte edluliselwa umhlaseli ibekwe ngale kwe-buffer eyabelwe.
Source: opennet.ru
