published corrective package releases Samba 4.15.2, 4.14.10 and 4.13.14 with the elimination of 8 vulnerabilities, most of which can lead to a complete compromise of the Active Directory domain. It is noteworthy that one of the problems corrected in 2016, and five – from 2020, yet one correction led to the inability to run winbindd in the presence settings “allow trusted domains = no” (the developers intend to promptly publish another update to fix). Release packages in distributions updates can be followed on the pages: Debian , Ubuntu , RHEL , SUSE , Fedora , Arch , FreeBSD
Fix vulnerabilities:
- CVE-2020-25717 – due to flaws of logic mapping domain users users of the local system, Active Directory domain user with the ability to create new accounts on your system, controlled via the ms-DS-MachineAccountQuota, could gain access to the root, to other systems that are part of a domain.
- CVE-2021-3738 – an appeal to the memory area is already liberated (Use after free) in the implementation of RPC-server Samba AD DC (dsdb), which could potentially lead to privilege escalation for manipulation with the installation of connections.
- CVE-2016-2124 – client connections established using the protocol the SMB1, could be transferred to transfer the authentication parameters plaintext or through NTLM (e.g., to determine the credentials when making MITM-attack) even if the user or application defined in the settings mandatory authentication via Kerberos.
- CVE-2020-25722 – in an Active Directory domain controller on a Samba-based not performed due diligence access to stored data, allowing any user to bypass the authorization and fully compromise the domain name.
- CVE-2020-25718 – in an Active Directory domain controller on a Samba-based not properly insulated the Kerberos ticket-s, issued by the RODC (Read-only domain controller), which could be used to get at the ticket RODC administrator, without having the authority.
/Media reports.