Munguva pfupi yapfuura kuburitswa kweshanduro dzakasiyana dzeSamba dzakaziviswa 4.16.4, 4.15.9 uye 4.14.14, kugadzirisa 5 kusasimba (CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745 y CVE-2022-32746).
Of which inotaurwa kuti njodzi yakanyanya kukuvadzwa ndeye (CVE-2022-32744), kubvira inobvumira kune Active Directory domain vashandisi shandura password yechero mushandisi, kusanganisira kugona kushandura password yemutungamiriri uye kutora kutonga kwakazara kwedomasi. Dambudziko nderekuti iyo KDC inogamuchira encrypted kpasswd zvikumbiro nechero inozivikanwa kiyi.
Uku kunetseka inogona kushandiswa kana munhu anorwisa anokwanisa kuwana iyo domain anogona kutumira yekunyepa nyowani password chikumbiro pachinzvimbo chemumwe mushandisi, kuinyorera nekiyi yako, uye KDC inoigadzirisa isina kuona kuti kiyi yeakaunti inowirirana. Izvi zvinosanganisira kushandiswa kwekuverenga-chete domain controller (RODC) makiyi asina mvumo yekushandura passwords kutumira zvikumbiro zvenhema.
Sekugadzirisa, unogona kudzima kpasswd protocol rutsigiro nekuwedzera mutsara "kpasswd port=0" ku smb.conf.
Imwe njodzi iyo yakagadziriswa uye umo kutarisisa kwakaiswa kwakaiswawo mukati CVE-2022-32742, sezvo mhosva iyi ruzivo rwakaburitswa nezvemukati mendangariro yeSevha nekunyengedza neiyo SMB1 protocol.
Ndokunge, mutengi weSMB1 ane mukana wekunyora wekuchengetedza yakagovaniswa anogona kuita zvigadziro zvekunyora zvikamu zvememory process server kune faira kana printer. Kurwiswa kunoitwa nekutumira chikumbiro che "nyora" chine huwandu husina kunaka. Nyaya iyi inongobata matavi eSamba pamberi pe4.11 (SMB1 rutsigiro rwakaremara nekusarudzika mubazi re4.11).
Zvezvimwe zvisizvo zvakagadziriswa nekuburitswa kweidzi shanduro itsva dzekugadzirisa, ndedzinotevera:
- CVE-2022-32746: Vashandisi veActive Directory, nekutumira zvakanyatsogadzirwa LDAP "wedzera" kana "shandura" zvikumbiro, vanogona kutanga kuwana ndangariro mushure mekuisunungura mune server process. Dambudziko riripo nekuda kwekuti iyo yekuongorora matanda module inowana iyo LDAP meseji yemukati mushure mekunge dhatabhesi module yasunungura ndangariro yakagoverwa meseji. Kuti uite kurwisa, zvinodikanwa kuve nekodzero yekuwedzera kana kugadzirisa zvimwe zvakasarudzika, senge userAccountControl.
- CVE-2022-2031- Active Directory vashandisi vanogona kupfuura zvimwe zvinorambidzwa pane domain controller. Iyo KDC uye sevhisi yekpasswd inogona kudzima matikiti emumwe nemumwe nekuti vanogovana seti imwechete yemakiyi nemaakaundi. Nekuda kweizvozvo, mushandisi akakumbira shanduko yepassword anogona kushandisa tikiti rakagamuchirwa kuwana mamwe masevhisi.
- CVE-2022-32745-Vashandisi veActive Directory vanogona kukonzera kuti server process iparare kana ichitumira LDAP "wedzera" kana "shandura" zvikumbiro, zvichikonzera kuwana kune uninitialized data.
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo nezve yakagadziriswa tsikidzi, unogona kutarisa ruzivo mu inotevera chinongedzo.
Maitiro ekuisa kana kusimudzira kuSamba paUbuntu uye zvinobva?
Zvakanaka, kune avo vanofarira kukwanisa kuisa aya matsva ekugadzirisa mavhezheni eSamba kana kuda kugadzirisa yavo yapfuura vhezheni kune iyi nyowani.Vanogona kuzviita nekutevera nhanho dzatinogovana pazasi.
Zvakakodzera kutaura kuti, kunyangwe samba inosanganisirwa muUbuntu repositories, iwe unofanirwa kuziva kuti mapakeji haana kuvandudzwa kana shanduro itsva yaburitswa, saka mune ino kesi tinosarudza kushandisa repository.
Chinhu chekutanga chatichaita kuvhura terminal uye mairi tichanyora murairo unotevera wekuwedzera repository kune system:
sudo add-apt-repository ppa:linux-schools/samba-latest sudo apt-get update
Kana repository yawedzerwa, tinoenderera mberi nekuisa samba muhurongwa uye nokuda kweizvi, tinongonyora murairo unotevera:
sudo apt install samba
Kana iwe uchitova neyakare vhezheni yakaiswa, ichagadziridzwa otomatiki.