I-Samba 4.13 ifika nesisombululo kumngcipheko weZeroLogon

I-linux-samba

Inkqubo ye- ukukhutshwa kwenguqulelo entsha yeSamba 4.13, uguqulelo apho isisombululo sokuba sesichengeni songezwa eyafunyanwa kwiintsuku ezimbalwa ezidlulileyo Zerologon (CVE-2020-1472), ukongeza kwinto yokuba kule nguqulo intsha iimfuno zePython sele zitshintshile kwinguqulelo 3.6 kunye nolunye utshintsho.

Kulabo abangaqhelekanga ngeSamba, kuya kufuneka uyazi ukuba le yiprojekthi eqhubeka nokuphuhliswa kwesebe leSamba 4.x ngomiliselo olupheleleyo lomlawuli wedomeyini kunye nenkonzo ye-Active Directory, ehambelana nokuphunyezwa kweWindows 2000 kwaye inakho ukukhonza zonke iinguqulelo. Abaxhasi beWindows abaxhaswa nguMicrosoft, kubandakanya Windows 10.

USamba 4, ngu imveliso yeserver yemisebenzi emininzi, ekwabonelela ngokuphunyezwa kweseva yefayile, inkonzo yokuprinta kunye neseva yokuqinisekisa (winbind).

Iimpawu ezintsha zeSamba 4.13

Kule nguqulo intsha yomgaqo Ukulungiswa komngcipheko weZeroLogon kongezwa (CVE-2020-1472), enokuvumela umhlaseli ukuba afumane amalungelo olawulo kumlawuli wedomeyini kwiinkqubo ezingasebenzisi useto lwe "server schannel = ewe" (Ukuba ufuna ukwazi ngakumbi ngayoUngajonga upapasho esabelana ngalo malunga nalo apha kwibhlog. Ikhonkco yile)

Olunye utshintsho olwenziwe kule nguqulo intsha yeSamba kukuba i Ubuncinci beemfuno zePython ziphakanyisiwe ukusuka kwiPython 3.5 ukuya kwiPython 3.6. Ngelixa amandla okwakha iseva yefayile ngePython 2 isagcinekile (ngaphambi kokuba isebenze ./configure 'kunye' nokwenza ', kuya kufuneka usete imeko eyahlukileyo' PYTHON = python2 '), kodwa kwisebe elilandelayo liyakususwa kwaye IPython 3.6 iya kufuneka ngokudityaniswa.

Kwelinye icala ukusebenza "Amakhonkco ebanzi = ewe", evumela abalawuli beeseva ukuba benze amakhonkco okomfuziselo ukuya kwindawo engaphandle kwesahlulelo sangoku se-SMB / CIFS, sisuswe kwi-smbd saya kwimodyuli eyahlukileyo "vfs_widelinks".

Okwangoku, le modyuli ilayishwe ngokuzenzekelayo ukuba kukho iparameter "ebanzi = ewe" kuqwalaselo.

Inkxaso "yamakhonkco abanzi = ewe" icwangciselwe ukuba isuswe kwixesha elizayo ngenxa yenkxalabo yezokhuseleko, kwaye nabasebenzisi beSamba bacetyiswa ngamandla ukuba basebenzise "mount -bind" ukunyusa iindawo zangaphandle zenkqubo yefayile endaweni ye "wide links = yes".

Qaphela ukuba abaphuhlisi be-Samba bacebisa ukuba batshintshe naluphi na ufakelo olusebenzisa ngoku "ububanzi '= ewe" ukuze basebenzise ikhonkco ngokukhawuleza, njengoko "ii-link ezibanzi = ewe" zizinto ezingakhuselekanga ngokwemvelo esingathanda ukuzisusa kwiSamba. Ukuhambisa inqaku kwimodyuli ye-VFS kuvumela oku ukuba kwenziwe ngendlela ecocekileyo kwixa elizayo.

Inkxaso kumlawuli wedomeyini kwimo yakudala iye yehliswa. Abasebenzisi bohlobo lwe-NT4 ('classic') abalawuli besizinda kufuneka bafudukele kwi-Samba Active Directory domain controllers ukuze basebenze nabaxhasi beWindows bale mihla.

Iindlela zokungakhuseleki ezinokusetyenziswa kuphela ne-SMBv1 ziyekisiwe: "i-domain logins", "ukungqinisisa okuluhlaza kwe-NTLMv2", "ukuqinisekiswa kokuchazwa kwabathengi", "ukungqinisisa umxhasi we-NTLMv2", "umxhasi we-lanman client" kunye "nokusetyenziswa kwabaxhasi be-spnego".

Kwakhona, inkxaso ye "ldap ssl ads" ukhetho kwi smb.conf isusiwe. Inguqulelo elandelayo kulindeleke ukuba isuse "umjelo weserver" ukhetho.

Olunye utshintsho olubonakalayo lukhona ukupheliswa:

  •   Ldap ssl iintengiso zisusiwe
  •   I-smb2 ikhubaza ukuqinisekiswa kokutshixa ngokulandelelana
  •   smb2 khubaza ukuvula ikhefu lokuvula kwakhona
  •   Ukungena kwesizinda
  •   ungqinisiso lwe-NTLMv2 eluhlaza
  •   ungqinisiso lomthengi oluchanekileyo
  •   Umthengi we-NTLMv2
  •   Umxhasi we-lanman auth
  •   Sebenzisa umxhasi we-spnego
  •   Ijelo elivela kwiseva liya kususwa kuhlobo 4.13.0
  • Ukhetho lwe smb.conf oluhlisiweyo "ldap ssl ads" lususiwe.
  • Ukwehliswa "kweseva schannel" smb.conf ukhetho olunokwenzeka lususwe kuhlobo lokugqibela 4.13.0.

Gqibela ukuba ufuna ukwazi ngakumbi ngayo malunga notshintsho kule nguqulo intsha yeSamba, ungabazi Kule khonkco ilandelayo.


Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.