Abathuthukisi bephrojekthi yeSamba bethulwe muva nje ngesimemezelo kubasebenzisi mayelana ukutholakala kobungozi be- «ZeroLogin» ku-Windows (CVE-2020-1472) futhi lokho futhie kubonakala ekusebenzeni kusuka kusilawuli sesizinda ngokususelwa kuSamba.
Ukuba sengozini kubangelwa ama-glitches kuphrothokholi ye-MS-NRPC kanye ne-AES-CFB8 crypto algorithm, futhi uma ixhashazwa ngempumelelo, ivumela umhlaseli ukuthi athole amalungelo okuphatha kusilawuli sesizinda.
Ingqikithi yokuba sengozini ukuthi i-MS-NRPC (Netlogon Remote Protocol) ivumela ukushintshaniswa kwedatha yokufakazela ubuqiniso sebenzisa ukusebenzisa uxhumano lwe-RPC akukho ukubethela.
Umhlaseli angabe esesebenzisa iphutha ku-AES-CFB8 algorithm ukuze spoof (spoof) ukungena ngempumelelo. Cishe yimizamo engama-256 yokuphamba iyadingeka ukungena ngemvume ngamalungelo okuphatha ngokwesilinganiso.
Ukuhlasela akudingi i-akhawunti esebenzayo kusilawuli sesizinda; Imizamo yokuzenza ongeyena ingenziwa nge-password engalungile.
Isicelo sokufakazela ubuqiniso se-NTLM sizoqondiswa kabusha kwisilawuli sesizinda, esizobuyisa ukufinyelela kunqatshiwe, kepha umhlaseli angayichitha le mpendulo futhi uhlelo oluhlaselwe luzocabanga ukuthi ukungena ngemvume kuphumelele.
Ukuphakama kwelungelo lokuba sengozini kutholakala lapho umhlaseli eqala ukuxhumana okuvikelekile kwesiteshi seNetlogon kwisilawuli sesizinda, esebenzisa i-Netlogon Remote Protocol (MS-NRPC). Umhlaseli osebenzise ngempumelelo ukuba sengozini angaqalisa uhlelo lokusebenza olwakhiwe ngokukhethekile kudivayisi yenethiwekhi.
Ukuxhaphaza ubungozi, umhlaseli ongagunyaziwe kuzodingeka ukuthi asebenzise i-MS-NRPC ukuxhuma kusilawuli sesizinda ukuthola ukufinyelela komlawuli wesizinda.
KuSamba, ukuba sengozini kuvela kuphela kumasistimu angasebenzisi izilungiselelo ze- "server schannel = yebo", okungokwakhona okuzenzakalelayo kusukela kwaSamba 4.8.
Ikakhulu amasistimu ane- "server schannel = no" kanye ne- "server schannel = auto" angahle abe sengozini, evumela iSamba ukuthi isebenzise amaphutha afanayo ku-algorithm ye-AES-CFB8 njengaku-Windows.
Uma usebenzisa i-Windows-ready exploit prototype prototype, imililo yocingo kuphela ye-ServerAuthenticate3 e-Samba ne-ServerPasswordSet2 ehluleka (ukuxhaphaza kudinga ukulungiswa kwe-Samba).
Kungakho onjiniyela beSamba bemema abasebenzisi abenze ushintsho ku- iseva schannel = yebo ukuze uye "cha" noma "ngokuzenzakalela", buyela kuzilungiselelo ezizenzakalelayo "yebo" bese ngaleyo ndlela ugweme inkinga yokuba sengozini.
Akukho lutho olwabikwa ngokusebenza kwezinye izindlela, yize imizamo yokuhlasela amasistimu ingalandelelwa ngokuhlaziya ubukhona bokungenile kukhulunywa nge-ServerAuthenticate3 ne-ServerPasswordSet kuzingodo zokucwaninga amabhuku zeSamba.
IMicrosoft ibhekene nobungozi ekusetshenzisweni kwezigaba ezimbili. Lezi zibuyekezo zibhekana nobungozi ngokuguqula indlela iNetlogon ephatha ngayo ukusetshenziswa kweziteshi eziphephile zeNetlogon.
Lapho isigaba sesibili se-Windows updates sitholakala ku-Q2021 XNUMX, amakhasimende azokwaziswa ngesiqephu salokhu kuba sengozini kwezokuphepha.
Ekugcineni, kulabo abangabasebenzisi bezinguqulo zangaphambilini ze-samba, yenza isibuyekezo esifanelekile enguqulweni yakamuva ezinzile ye-samba noma ukhethe ukusebenzisa ama-patches ahambisanayo ukuxazulula lobu bucayi.
ISamba inokuvikela okuthile kule nkinga ngoba selokhu iSamba 4.8 sinenani elizenzakalelayo le-'search schannel = yebo '.
Abasebenzisi abaguqule lokhu okuzenzakalelayo bayelulekwa ukuthi iSamba isebenzise ngokwethembeka umthetho olandelwayo we-netlogon AES futhi ngenxa yalokho iwele kusici esifanayo sokuklanywa kwe-cryptosystem.
Abahlinzeki abasekela i-Samba 4.7 nezinguqulo zangaphambilini kumele babambe ukufakwa kwabo namaphakeji ukushintsha lokhu okuzenzakalelayo.
AZIPHEPHILE futhi siyethemba ukuthi zingadala ukuxegiselwa kwesizinda okugcwele, ikakhulukazi kwizizinda ze-AD.
Ekugcineni, uma unentshisekelo yokwazi kabanzi ngakho ngalokhu kusengozini ungabheka izimemezelo ezenziwe yithimba le-samba (kulesi sixhumanisi) noma futhi yiMicrosoft (kulesi sixhumanisi).