Muva nje ukukhululwa kwezinguqulo ezahlukene zokulungisa ze-Samba zimenyezelwe 4.16.4, 4.15.9 kanye 4.14.14, ukulungisa ubungozi obungu-5 (I-CVE-2022-2031, I-CVE-2022-32742, I-CVE-2022-32744, I-CVE-2022-32745 y I-CVE-2022-32746).
Okukhulunywa ngakho lokho ubungozi obuyingozi kakhulu yi-(CVE-2022-32744), kusukela vumela kubasebenzisi besizinda se-Active Directory shintsha iphasiwedi yanoma yimuphi umsebenzisi, okuhlanganisa ikhono lokushintsha iphasiwedi yomlawuli futhi ulawule ngokugcwele isizinda. Inkinga ingoba i-KDC yamukela izicelo ze-kpasswd ezibethelwe nganoma yimuphi ukhiye owaziwayo.
Lokhu kuba sengozini ingase isetshenziswe lapho umhlaseli okwazi ukufinyelela isizinda ekwazi ukuthumela isicelo sephasiwedi esingumgunyathi esisha egameni lomunye umsebenzisi, ibhala ngemfihlo ngokhiye wakho, futhi i-KDC izocubungula ngaphandle kokuqinisekisa ukuthi ukhiye we-akhawunti uyahambelana. Lokhu kufaka phakathi ukusetshenziswa kokhiye besizinda sokufunda kuphela (RODC) abangenalo igunya lokushintsha amagama ayimfihlo ukuze kuthunyelwe izicelo mbumbulu.
Njengendlela yokusebenza, ungakhubaza ukwesekwa kwephrothokholi ye-kpasswd ngokungeza umugqa “kpasswd port=0” ku-smb.conf.
Okunye ukuba sengozini lokho kwaxazululwa futhi lapho ukunakwa okukhethekile kwafakwa khona I-CVE-2022-32742, kusukela leli phutha ulwazi oluputshuziwe mayelana nokuqukethwe kwememori yeseva ngokukhohlisa ngephrothokholi ye-SMB1.
Okusho ukuthi, iklayenti le-SMB1 elinokufinyelela kokubhala kusitoreji esabiwe lingenza amalungiselelo okubhala izingxenye zememori yenqubo yeseva kufayela noma iphrinta. Ukuhlasela kwenziwa ngokuthumela isicelo "sokubhala" ngebanga elingalungile. Inkinga ithinta kuphela amagatsha e-Samba ngaphambi kuka-4.11 (usekelo lwe-SMB1 lukhutshazwe ngokuzenzakalela egatsheni le-4.11).
Kobunye ubungozi obulungisiwe ngokukhishwa kwalezi zinguqulo ezintsha zokulungisa, zimi kanje:
- I-CVE-2022-32746: Abasebenzisi be-Active Directory, ngokuthumela izicelo eziklanywe ngokukhethekile ze-LDAP "engeza" noma "guqula", bangakwazi ukuqalisa ukufinyelela kwimemori ngemva kokuyikhulula ohlelweni lweseva. Inkinga ingenxa yokuthi imojuli yokungena yokuhlolwa ifinyelela okuqukethwe komlayezo we-LDAP ngemva kokuthi imojula yedathabhesi ikhulule inkumbulo eyabelwe umlayezo. Ukuze wenze ukuhlasela, kuyadingeka ukuba ube namalungelo wokwengeza noma ukuguqula ezinye izibaluli ezinelungelo, njenge-userAccountControl.
- I-CVE-2022-2031- Abasebenzisi be-Active Directory bangadlula imikhawulo ethile kusilawuli sesizinda. I-KDC kanye nesevisi ye-kpasswd ingakwazi ukususa ukubhala ngekhodi amathikithi elinye nelinye ngoba abelana ngesethi efanayo yokhiye nama-akhawunti. Ngenxa yalokho, umsebenzisi ocele ukushintshwa kwephasiwedi angasebenzisa ithikithi elitholiwe ukuze afinyelele ezinye izinsiza.
- I-CVE-2022-32745- Abasebenzisi be-Active Directory bangabangela inqubo yeseva ukuthi iphahlazeke lapho ithumela izicelo ze-LDAP "engeza" noma "guqula", okuholela ekufinyeleleni kudatha engaqaliswanga.
Okokugcina uma unentshisekelo yokwazi kabanzi ngakho mayelana nezimbungulu ezilungisiwe, ungabheka imininingwane ku isixhumanisi esilandelayo.
Ungayifaka kanjani noma uthuthukele kanjani ku-Samba ku-Ubuntu nokuphuma kokunye?
Yebo, kulabo abanentshisekelo yokukwazi ukufaka lezi zinguqulo ezintsha zokulungisa ze-Samba noma abafuna ukubuyekeza inguqulo yabo yangaphambilini kule nguqulo entsha.Bangakwenza ngokulandela izinyathelo esabelana ngazo ngezansi.
Kuhle ukusho ukuthi, nakuba i-samba ifakiwe kumakhosombe e-Ubuntu, kufanele wazi ukuthi amaphakheji awabuyekezwa lapho kukhishwa inguqulo entsha, ngakho-ke kulokhu sikhetha ukusebenzisa indawo yokugcina.
Into yokuqala esizoyenza ukuvula i-terminal futhi kuyo sizobhala umyalo olandelayo ukwengeza indawo yokugcina ohlelweni:
sudo add-apt-repository ppa:linux-schools/samba-latest sudo apt-get update
Lapho indawo yokugcina seyengeziwe, siqhubeka nokufaka i-samba ohlelweni futhi kulokhu, sithayipha umyalo olandelayo:
sudo apt install samba
Uma usuvele unayo inguqulo yangaphambilini efakiwe, izobuyekezwa ngokuzenzakalelayo.