Wadanda suka kirkiro aikin Samba sun bayyana kwanan nan ta hanyar sanarwa ga masu amfani game da gano wani rauni na «ZeroLogin» akan Windows (CVE-2020-1472) kuma hakan mae bayyana a cikin aiwatarwa daga mai kula da yanki dangane da Samba.
Ularfafawa yana haifar da glitches a cikin yarjejeniyar MS-NRPC da algorithm na AES-CFB8 crypto, kuma idan aka yi amfani dasu cikin nasara, yana bawa maharin damar samun haƙƙin mai gudanarwa akan mai kula da yanki.
Jigon yanayin rauni shine MS-NRPC (Netlogon Remote Protocol) Yana bada damar musayar bayanan bayanai koma zuwa amfani da haɗin RPC babu boye-boye.
Wani mai kawo hari zai iya yin amfani da aibi a cikin AES-CFB8 algorithm zuwa spoof (spoof) hanyar shiga mai nasara. Kusan ana buƙatar ƙoƙarin ɓoye 256 shiga tare da haƙƙin mai gudanarwa a matsakaici.
Harin ba ya buƙatar asusun aiki a kan mai kula da yankin; Ana iya ƙoƙarin ɓoyewa ta hanyar kalmar sirri da ba daidai ba.
NTLM na tabbatar da tabbatarwa za a miƙa shi zuwa mai kula da yankin, wanda zai mayar da damar da aka hana, amma maharin na iya yin amfani da wannan amsa kuma tsarin da aka kai hari zai yi la'akari da shigarwar cikin nasara.
Anaukaka raunin rauni akwai lokacin da mai kai hari ya kafa hanyar sadarwa mai tsaro ta Netlogon mai kula da yankin, ta amfani da Netlogon Remote Protocol (MS-NRPC). Wani maƙiyin da ya sami nasarar amfani da raunin zai iya gudanar da aikace-aikacen da aka ƙera ta musamman akan na'urar hanyar sadarwa.
Don amfanuwa da yanayin rauni, za a buƙaci mai harin da ba a tantance ba don amfani da MS-NRPC don haɗawa da mai kula da yanki don samun damar mai gudanarwa na yankin.
A Samba, yanayin rauni ya bayyana ne kawai a kan tsarin da ba ya amfani da saitin "server schannel = eh", wanda shine tsoho tunda Samba 4.8.
Musamman tsarin tare da saitunan "uwar garken schannel = babu" da "uwar garken schannel = auto" za a iya daidaitawa, wanda ke ba Samba damar yin amfani da lahani iri ɗaya a cikin AES-CFB8 algorithm kamar na Windows.
Lokacin amfani da Windows-shirye amfani da samfurin tunani, kawai ServerAuthenticate3 kira gobara a Samba da ServerPasswordSet2 aiki kasa (amfani yana bukatar karbuwa ga Samba).
Wannan shine dalilin da ya sa masu haɓaka Samba suka gayyaci masu amfani waɗanda suka yi canjin zuwa sabawa uwar garke = eh to "no" ko "auto", komawa zuwa tsoho saitin "eh" kuma game da shi kauce wa matsalar yanayin rauni.
Babu wani abu da aka ba da rahoto game da aikin madadin abubuwan cin nasara, kodayake ƙoƙarin kai hari ga tsarin ana iya bin diddigin kasancewar shigarwar tare da ambaton ServerAuthenticate3 da ServerPasswordSet a cikin rajistar rajistar Samba.
Microsoft yana magance matsalar rashin daidaito a cikin aiki mai tsari biyu. Wadannan sabuntawa suna magance matsalar rauni ta hanyar gyara hanyar da Netlogon ke kula da amfani da ingantattun hanyoyin Netlogon.
Lokacin da aka samo kashi na biyu na ɗaukaka Windows a cikin Q2021 XNUMX, za a sanar da abokan ciniki ta hanyar facin wannan matsalar tsaro.
Aƙarshe, ga waɗanda suke amfani da nau'ikan samba na baya, aiwatar da ingantaccen sabuntawa zuwa sabon fasalin samba ko zaɓi amfani da facin da ya dace don magance wannan matsalar.
Samba tana da kariya ga wannan matsalar saboda tunda Samba 4.8 muna da darajar tsoho ta 'uwar garken schannel = eh'.
Ana gargadin masu amfani da suka canza wannan tsoho cewa Samba yana aiwatar da yarjejeniyar AES ta netlogon da aminci kuma saboda haka ya faɗi daidai da kuskuren ƙirar ƙirar cryptosystem.
Masu ba da sabis da ke tallafawa Samba 4.7 da kuma sifofin da suka gabata dole ne su facfa kayan aikinsu da fakitin su don canza wannan tsoho.
BA su da aminci kuma muna fata za su iya haifar da cikakken sulhuntawa na yanki, musamman don yankuna AD.
A ƙarshe, idan kuna sha'awar ƙarin sani game da shi game da wannan yanayin rashin lafiyar zaka iya bincika sanarwar da samba team yayi (a cikin wannan haɗin) ko kuma ta Microsoft (wannan link).