Kwanan nan an sanar da sakin nau'ikan gyara daban-daban na Samba 4.16.4, 4.15.9 da 4.14.14, gyara 5 rauni (CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745 y CVE-2022-32746).
Daga ciki an ambaci cewa Mafi hatsarin rauni shine (CVE-2022-32744), tun damar zuwa masu amfani da yanki na Active Directory canza kalmar sirrin kowane mai amfani, gami da ikon canza kalmar sirrin mai gudanarwa da kuma ɗaukar cikakken iko na yankin. Matsalar ita ce saboda KDC na karɓar buƙatun kpasswd da aka ɓoye tare da kowane sanannen maɓalli.
Wannan yanayin rauni za a iya yin amfani da shi lokacin da maharin da ke da damar shiga yankin zai iya aika sabuwar buƙatar kalmar sirri ta karya a madadin wani mai amfani, ɓoye shi da maɓallin ku, kuma KDC za ta sarrafa shi ba tare da tabbatar da cewa maɓallin asusun ya yi daidai ba. Wannan ya haɗa da amfani da maɓallan mai sarrafa yanki kawai (RODC) waɗanda ba su da ikon canza kalmomin shiga don aika buƙatun bogi.
A matsayin madaidaicin aiki, zaku iya kashe goyan bayan yarjejeniya ta kpasswd ta ƙara layin "kpasswd port=0" zuwa smb.conf.
Wani rauni wanda aka warware kuma a cikinsa aka sanya kulawa ta musamman CVE-2022-32742, tun da wannan laifin leked bayanai game da abun ciki na ƙwaƙwalwar ajiya na uwar garken ta hanyar magudi tare da ka'idar SMB1.
Wato, abokin ciniki na SMB1 wanda ke da damar yin rubutu zuwa ma'ajiyar da aka raba zai iya yin tanadi don rubuta sassan ƙwaƙwalwar tsarin uwar garken zuwa fayil ko firinta. Ana yin harin ta hanyar aika buƙatun "rubuta" tare da kewayon da ba daidai ba. Batun yana shafar rassan Samba ne kawai kafin 4.11 (An kashe tallafin SMB1 ta tsohuwa a cikin reshen 4.11).
Na sauran raunin da aka gyara tare da fitar da wadannan sabbin sigogin gyara, sune kamar haka:
- BAKU-2022-32746: Masu amfani da Directory Active, ta hanyar aika buƙatun "ƙara" ko "gyara" LDAP na musamman, na iya fara samun damar ƙwaƙwalwar ajiya bayan yantar da shi a cikin tsarin sabar. Matsalar ta kasance saboda gaskiyar cewa tsarin rajistar rajista yana samun damar shiga abun cikin saƙon LDAP bayan tsarin bayanai ya 'yantar da ƙwaƙwalwar ajiyar da aka ware don saƙon. Don aiwatar da hari, wajibi ne a sami haƙƙoƙin ƙara ko canza wasu halaye masu gata, kamar mai amfaniAccountControl.
- CVE-2022-2031- Masu amfani da Directory Active na iya ketare wasu hani akan mai sarrafa yanki. KDC da sabis na kpasswd na iya ɓata tikitin juna saboda suna raba saitin maɓalli da asusu ɗaya. Saboda haka, mai amfani da ya nemi canjin kalmar sirri zai iya amfani da tikitin da aka karɓa don samun damar wasu ayyuka.
- CVE-2022-32745- Masu amfani da Directory Active na iya haifar da tsarin uwar garke yayin aika buƙatun "ƙara" ko "gyara" LDAP, yana haifar da samun damar yin amfani da bayanan da ba a fara ba.
Finalmente idan kuna sha'awar ƙarin sani game da shi game da tsayayyen kwari, zaku iya bincika cikakkun bayanai a cikin bin hanyar haɗi.
Yadda ake girka ko haɓakawa zuwa Samba akan Ubuntu da abubuwan haɓakawa?
To, ga masu sha'awar samun damar shigar da waɗannan sabbin sigogin gyara na Samba ko kuma suna son sabunta sigar su ta baya zuwa wannan sabon.Zasu iya yin hakan ta bin matakan da muka raba a ƙasa.
Yana da kyau a faɗi cewa, kodayake samba yana cikin ma'ajin Ubuntu, ya kamata ku sani cewa fakitin ba a sabunta su ba lokacin da aka fitar da sabon sigar, don haka a wannan yanayin mun fi son amfani da ma'ajiyar.
Abu na farko da za mu yi shi ne bude tasha kuma a ciki za mu buga wannan umarni don ƙara ma'ajiyar bayanai a cikin tsarin:
sudo add-apt-repository ppa:linux-schools/samba-latest sudo apt-get update
Da zarar an ƙara ma'ajiyar, za mu ci gaba da shigar da samba akan tsarin kuma don wannan, kawai mu rubuta umarni mai zuwa:
sudo apt install samba
Idan kun riga an shigar da sigar baya, za a sabunta ta ta atomatik.