I-ProHoster > Блог > izindaba ze-inthanethi > I-Samba ilungise ukukhubazeka okuyingozi okungu-8

I-Samba ilungise ukukhubazeka okuyingozi okungu-8

Ukukhishwa okulungile kwephakheji ye-Samba engu-4.15.2, 4.14.10 kanye no-4.13.14 kushicilelwe ngokususa ubungozi obungu-8, okuningi kwakho okungaholela ekulimaleni okuphelele kwesizinda se-Active Directory. Kuyaphawuleka ukuthi enye yezinkinga isilungisiwe kusukela ngo-2016, futhi ezinhlanu kusukela ngo-2020, nokho, ukulungiswa okukodwa kwenze kwaba nzima ukwethula i-winbindd ngokusetha "vumela izizinda ezithembekile = cha" (abathuthukisi bahlose ukushicilela ngokushesha esinye isibuyekezo nge- lungisa). Ukukhishwa kwezibuyekezo zephakheji ekusabalaliseni kungalandelelwa emakhasini: Debian, Ubuntu, RHEL, SUSE, Fedora, Arch, FreeBSD.

Ubungozi obulungisiwe:

  • I-CVE-2020-25717 - ngenxa yephutha kumqondo wokwenza imephu kwabasebenzisi besizinda kubasebenzisi besistimu yendawo, umsebenzisi wesizinda se-Active Directory onekhono lokudala ama-akhawunti amasha kusistimu yakhe, ephethwe nge-ms-DS-MachineAccountQuota, angathola izimpande. ukufinyelela kwamanye amasistimu afakwe esizindeni.
  • I-CVE-2021-3738 iwukusetshenziswa ngemva kokufinyelela kwamahhala ekusetshenzisweni kweseva ye-Samba AD DC RPC (dsdb), okungase kuholele ekwenyukeni kwamalungelo lapho kushintshwa uxhumo.
  • I-CVE-2016-2124 - Ukuxhumeka kweklayenti okusungulwe kusetshenziswa iphrothokholi ye-SMB1 kungashintshelwa kumingcele yokuqinisekisa edlulayo embhalweni ocacile noma nge-NTLM (isibonelo, ukuze kunqunywe iziqinisekiso ngesikhathi sokuhlasela kwe-MITM), ngisho noma umsebenzisi noma uhlelo lokusebenza lunezilungiselelo ezishiwo njengesibopho. ukufakazela ubuqiniso nge-Kerberos.
  • I-CVE-2020-25722 - Isilawuli sesizinda se-Active Directory esisekelwe ku-Samba asizange senze ukuhlola kokufinyelela okufanele kudatha egciniwe, sivumela noma yimuphi umsebenzisi ukuthi adlule ukuhlolwa kwegunya futhi afake esimeni esibucayi ngokuphelele isizinda.
  • I-CVE-2020-25718 - isilawuli sesizinda se-Active Directory esisekelwe ku-Samba asizange sihlukanise ngendlela efanele amathikithi e-Kerberos akhishwe yi-RODC (Funda kuphela isilawuli sesizinda), esingasetshenziswa ukuthola amathikithi omlawuli ku-RODC ngaphandle kwemvume yokwenza kanjalo.
  • CVE-2020-25719 - Isilawuli sesizinda se-Active Directory esisekelwe ku-Samba asizange ngaso sonke isikhathi sicabangele izinkambu ze-SID ne-PAC kumathikithi e-Kerberos (uma kusetha okuthi “gensec:require_pac = true”, igama kuphela elihloliwe, futhi i-PAC ayizange ithathwe. ku-akhawunti), okuvumele umsebenzisi , onelungelo lokudala ama-akhawunti kusistimu yendawo, ukuzenza omunye umsebenzisi esizindeni, okuhlanganisa onelungelo.
  • I-CVE-2020-25721 - Kubasebenzisi abagunyazwe kusetshenziswa i-Kerberos, isihlonzi esihlukile se-Active Directory (objectSid) besihlala sikhishwa, okungaholela ekuhlanganeni phakathi komsebenzisi oyedwa nomunye.
  • I-CVE-2021-23192 - Ngesikhathi sokuhlasela kwe-MITM, bekungenzeka ukuthi kukhishwe izingcezwana ezicelweni ezinkulu ze-DCE/RPC ezihlukaniswe izingxenye ezimbalwa.

Source: opennet.ru

Engeza amazwana