ProHoster > I-blog > izindaba ze-inthanethi > I-Samba ilungise ukukhubazeka okuyingozi okungu-8

I-Samba ilungise ukukhubazeka okuyingozi okungu-8

Ama-patches e-Samba angu-4.15.2, 4.14.10, kanye no-4.13.14 ashicilelwe, ekhuluma ngobuthakathaka obuyisishiyagalombili, iningi labo elingaholela ekwehlisweni okuphelele kwesizinda se-Active Directory. Okuphawulekayo ukuthi enye yezinkinga ilungisiwe kusukela ngo-2016, kanti amahlanu kusukela ngo-2020. Kodwa-ke, i-patch eyodwa ivimbele i-winbindd ukuthi isebenze lapho kusethwa isilungiselelo esithi "vumela ama-domain athembekile = cha" (abathuthukisi bahlose ukushicilela ngokushesha esinye isibuyekezo ngokulungiswa). Ukukhishwa kwezibuyekezo zephakheji ekusabalalisweni kungalandelelwa emakhasini alandelayo: Debian, Ubuntu, RHEL, SUSE, Fedora, Arch, FreeBSD.

Ubungozi obulungisiwe:

  • I-CVE-2020-25717 - Ngenxa yephutha ekuqondeni kokuhlela abasebenzisi besizinda kubasebenzisi besistimu yendawo, umsebenzisi wesizinda se-Active Directory onekhono lokudala ama-akhawunti amasha ohlelweni lwakhe, aphethwe nge-ms-DS-MachineAccountQuota, angathola ukufinyelela kwezimpande kwezinye izinhlelo ngaphakathi kwesizinda. isizinda.
  • I-CVE-2021-3738 - Ukuba sengozini yokusebenzisa ngemva kwamahhala ekusetshenzisweni kweseva ye-Samba AD DC (dsdb) RPC kungase kuholele ekukhuphukeni kwelungelo lapho ukhohlisa ukusethwa kokuxhumeka.
  • I-CVE-2016-2124 - Uxhumo lweklayenti olusungulwe kusetshenziswa iphrothokholi ye-SMB1 lungaqondiswa kabusha kumbhalo ocacile noma ukuqinisekiswa kwe-NTLM (isb., ukuze kunqunywe izifakazelo zokuhlasela komuntu ophakathi nendawo), ngisho noma umsebenzisi noma uhlelo lokusebenza lulungiselelwe ukuthi ludinge ukuqinisekiswa kwe-Kerberos.
  • I-CVE-2020-25722 — Isilawuli sesizinda se-Active Directory esisekelwe ku-Samba asizange senze ukuhlola kokufinyelela okufanele kudatha egciniwe, sivumela noma yimuphi umsebenzisi ukuthi adlule ukuhlolwa kwemvume futhi afake engozini ngokuphelele isizinda.
  • I-CVE-2020-25718 — Isilawuli sesizinda se-Active Directory esisekelwe ku-Samba asiwahlukanisanga kahle amathikithi e-Kerberos akhishwe isilawuli sesizinda sokufunda kuphela (RODC), esingasetshenziswa ukuthola amathikithi omlawuli ku-RODC ngaphandle kokugunyazwa.
  • CVE-2020-25719 — Isilawuli sesizinda se-Active Directory esisekelwe ku-Samba asizange sihlale sicabangela izinkambu ze-SID ne-PAC kumathikithi e-Kerberos (uma kusetha okuthi "gensec:require_pac = true", igama kuphela elihloliwe, futhi i-PAC ayizange icatshangelwe), okwavumela umsebenzisi onelungelo lokudala ama-akhawunti ohlelweni lwendawo ukuze enze ongeyena, okuhlanganisa omunye umsebenzisi esizindeni.
  • I-CVE-2020-25721 - Abasebenzisi abagunyazwe yi-Kerberos bebengakhishelwa njalo izihlonzi ezihlukile zohlu lwemibhalo esebenzayo (i-objectSid), ezingaholela ekunqwabelaneni komsebenzisi nomsebenzisi.
  • I-CVE-2021-23192 - Ukuhlasela komuntu ophakathi nendawo kungadla izingcezwana ezicelweni ezinkulu ze-DCE/RPC ezihlukaniswe izingxenye eziningi.

Source: opennet.ru

Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster