Mva nje ukukhutshwa kweenguqulelo ezahlukeneyo zolungiso lweSamba kwabhengezwa 4.16.4, 4.15.9 kunye 4.14.14, ukulungisa 5 ubuthathaka (I-CVE-2022-2031, I-CVE-2022-32742, I-CVE-2022-32744, I-CVE-2022-32745 y I-CVE-2022-32746).
Oko kukhankanyiwe ukuba obona buthathaka bunobungozi (CVE-2022-32744), ukususela ngoku vumela kubasebenzisi bedomeyini yoLawulo Olusebenzayo tshintsha igama lokugqithisa lakhe nawuphi na umsebenzisi, kuquka ukukwazi ukutshintsha igama eliyimfihlo lomlawuli kwaye uthathe ulawulo olupheleleyo lwe-domain. Ingxaki kukuba i KDC yamkela izicelo ezifihliweyo ze kpasswd ngalo naliphi na isitshixo esaziwayo.
Obu bungozi ingasetyenziswa xa umhlaseli onofikelelo kwidomeyini enokuthumela isicelo somgunyathi omtsha wegama lokugqitha egameni lomnye umsebenzisi, uyifihla ngesakho isitshixo, kwaye i KDC izakuqhubekeka ngaphandle kokuqinisekisa ukuba isitshixo seakhawunti siyahambelana. Oku kubandakanya ukusetyenziswa komlawuli wesizinda sokufunda kuphela (RODC) izitshixo ezingenalo igunya lokutshintsha amagama ayimfihlo ukuthumela izicelo zobuxoki.
Njengendlela yokusebenza, ungakhubaza inkxaso yeprotocol ye kpasswd ngokongeza ilayini “kpasswd port=0” kwi smb.conf.
Olunye ubungozi oko kwasonjululwa kwaze kwabekwa ingqwalasela eyodwa I-CVE-2022-32742, ekubeni le mpazamo ulwazi oluvuzayo malunga nomxholo wememori yomncedisi ngokukhohlisa nge SMB1 protocol.
Oko kukuthi, umxhasi we-SMB1 onofikelelo olubhaliweyo kugcino okwabelwana ngalo unokwenza amalungiselelo okubhala iinxalenye zememori yenkqubo yomncedisi kwifayile okanye umshicileli. Uhlaselo lwenziwa ngokuthumela isicelo esithi "bhala" ngoluhlu olungalunganga. Umba uchaphazela kuphela amasebe eSamba phambi kwe-4.11 (inkxaso ye-SMB1 ikhutshaziwe ngokungagqibekanga kwisebe le-4.11).
Kobunye ubuthathaka obuthe balungiswa ngokukhululwa kwezi nguqulelo zintsha zokulungisa, zimi ngolu hlobo lulandelayo:
- I-CVE-2022-32746: Abasebenzisi be-Active Directory, ngokuthumela i-LDAP eyenziwe ngokukodwa "yongeza" okanye "ukuguqula" izicelo, inokuqalisa ukufikelela kwimemori emva kokuyikhulula kwinkqubo yomncedisi. Ingxaki ibangelwa kukuba imodyuli yokuloga yophicotho ifikelela kwisiqulatho somyalezo we-LDAP emva kokuba imodyuli yedatabase ikhulule imemori eyabelwe umyalezo. Ukwenza uhlaselo, kuyafuneka ukuba ube namalungelo okongeza okanye ukulungisa ezinye iimpawu ezikhethekileyo, ezifana nomsebenzisiAccountControl.
- I-CVE-2022-2031-Abasebenzisi be-Active Directory banokudlula ezinye izithintelo kumlawuli wesizinda. I KDC kunye nenkonzo ye kpasswd inokuguqulela uguqulelo oluntsonkothileyo amatikiti elinye kuba babelana ngeseti efanayo yezitshixo kunye neeakhawunti. Ngenxa yoko, umsebenzisi ocele utshintsho lwephasiwedi unokusebenzisa itikiti elifunyenweyo ukufikelela kwezinye iinkonzo.
- I-CVE-2022-32745- Abasebenzisi be-Active Directory banokubangela ukuba inkqubo yeseva iphazamiseke xa ithumela i-LDAP "yongeza" okanye "ukuguqula" izicelo, okukhokelela ekufikeleleni kwidatha engabonakaliyo.
Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga neempazamo ezilungisiweyo, ungajonga iinkcukacha kwi ukulandela ikhonkco.
Ungayifaka njani okanye uphucule njani kwiSamba ku-Ubuntu kunye nezinto eziphuma kuyo?
Ewe, kwabo banomdla wokukwazi ukufaka ezi nguqulelo zintsha zokulungisa zeSamba okanye bafuna ukuhlaziya inguqulelo yabo yangaphambili kolu lutsha.Bangayenza ngokulandela amanyathelo esabelana ngawo ngezantsi.
Kuyafaneleka ukukhankanya ukuba, nangona i-samba ifakwe kwii-Ubuntu zokugcina, kufuneka wazi ukuba iipakethi azihlaziywanga xa kukhutshwa inguqulelo entsha, ngoko ke kulo mzekelo sikhetha ukusebenzisa indawo yokugcina.
Into yokuqala esiza kuyenza kukuvula i-terminal kwaye kuyo siza kuchwetheza lo myalelo ulandelayo ukongeza indawo yokugcina kwisistim:
sudo add-apt-repository ppa:linux-schools/samba-latest sudo apt-get update
Nje ukuba indawo yokugcina yongezwe, siqhubeka nokufaka i-samba kwisistim kwaye kule nto, sichwetheza lo myalelo ulandelayo:
sudo apt install samba
Ukuba sele unayo inguqulelo yangaphambili efakiweyo, iya kuhlaziywa ngokuzenzekelayo.