{"id":515219,"date":"2022-12-17T05:44:42","date_gmt":"2022-12-17T07:44:42","guid":{"rendered":"https:\/\/teknomers.com\/fr\/samba-publie-des-mises-a-jour-de-securite-pour-corriger-plusieurs-vulnerabilites-de-haute-gravite\/"},"modified":"2022-12-17T05:44:43","modified_gmt":"2022-12-17T07:44:43","slug":"samba-publie-des-mises-a-jour-de-securite-pour-corriger-plusieurs-vulnerabilites-de-haute-gravite","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/samba-publie-des-mises-a-jour-de-securite-pour-corriger-plusieurs-vulnerabilites-de-haute-gravite\/","title":{"rendered":"Samba publie des mises \u00e0 jour de s\u00e9curit\u00e9 pour corriger plusieurs vuln\u00e9rabilit\u00e9s de haute gravit\u00e9"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">17 d\u00e9cembre 2022<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 du serveur \/ S\u00e9curit\u00e9 du r\u00e9seau<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Samba a publi\u00e9 des mises \u00e0 jour logicielles pour rem\u00e9dier \u00e0 plusieurs vuln\u00e9rabilit\u00e9s qui, si elles sont exploit\u00e9es avec succ\u00e8s, pourraient permettre \u00e0 un attaquant de prendre le contr\u00f4le des syst\u00e8mes affect\u00e9s.<\/p>\n<p>Les failles de haute gravit\u00e9, suivies comme <strong>CVE-2022-38023, CVE-2022-37966, CVE-2022-37967 et CVE-2022-45141<\/strong>ont \u00e9t\u00e9 corrig\u00e9s dans les versions 4.17.4, 4.16.8 et 4.15.13 <a rel=\"nofollow noopener\" href=\"https:\/\/www.samba.org\/samba\/history\/\" target=\"_blank\">lib\u00e9r\u00e9<\/a> le 15 d\u00e9cembre 2022.<\/p>\n<p>Samba est une suite d&#8217;interop\u00e9rabilit\u00e9 Windows open source pour les syst\u00e8mes d&#8217;exploitation Linux, Unix et macOS qui offre des services de serveur de fichiers, d&#8217;impression et Active Directory.<\/p>\n<div class=\"ad_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/uptycs-inside\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/12\/1670949871_285_De-graves-attaques-auraient-pu-etre-mises-en-scene-via.png\" width=\"728\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Une br\u00e8ve description de chacune des faiblesses est ci-dessous &#8211;<\/p>\n<ul>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/www.samba.org\/samba\/security\/CVE-2022-38023.html\" target=\"_blank\"><strong>CVE-2022-38023<\/strong><\/a>  (score CVSS : 8,1) &#8211; Utilisation du type de cryptage faible RC4-HMAC Kerberos dans <a rel=\"nofollow noopener\" href=\"https:\/\/wiki.samba.org\/index.php\/Samba_Security_Documentation#NETLOGON_Secure_Channel_.28Schannel.29\" target=\"_blank\">Canal s\u00e9curis\u00e9 NetLogon<\/a> <\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/www.samba.org\/samba\/security\/CVE-2022-37966.html\" target=\"_blank\"><strong>CVE-2022-37966<\/strong><\/a>  (Score CVSS\u00a0: 8,1) &#8211; Une vuln\u00e9rabilit\u00e9 d&#8217;\u00e9l\u00e9vation des privil\u00e8ges dans Windows Kerberos RC4-HMAC<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/www.samba.org\/samba\/security\/CVE-2022-37967.html\" target=\"_blank\"><strong>CVE-2022-37967<\/strong><\/a>  (Score CVSS\u00a0: 7,2) &#8211; Une vuln\u00e9rabilit\u00e9 d&#8217;\u00e9l\u00e9vation des privil\u00e8ges dans Windows Kerberos<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/www.samba.org\/samba\/security\/CVE-2022-45141.html\" target=\"_blank\"><strong>CVE-2022-45141<\/strong><\/a>  (Score CVSS\u00a0: 8,1) &#8211; Utilisation du cryptage RC4-HMAC lors de l&#8217;\u00e9mission de tickets Kerberos dans le contr\u00f4leur de domaine Samba Active Directory (<a rel=\"nofollow noopener\" href=\"https:\/\/wiki.samba.org\/index.php\/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC\" target=\"_blank\">AD DC<\/a>) en utilisant Heimdal<\/li>\n<\/ul>\n<p>Il convient de noter que les deux <a rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-37966\" target=\"_blank\">CVE-2022-37966<\/a> et <a rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-37967\" target=\"_blank\">CVE-2022-37967<\/a>qui permettent \u00e0 un adversaire d&#8217;obtenir des privil\u00e8ges d&#8217;administrateur, ont \u00e9t\u00e9 divulgu\u00e9s pour la premi\u00e8re fois par Microsoft dans le cadre de ses mises \u00e0 jour du Patch Tuesday de novembre 2022.<\/p>\n<p>&#8220;Un attaquant non authentifi\u00e9 pourrait mener une attaque qui pourrait exploiter les vuln\u00e9rabilit\u00e9s du protocole cryptographique dans RFC 4757 (type de chiffrement Kerberos RC4-HMAC-MD5) et MS-PAC (sp\u00e9cification Privilege Attribute Certificate Data Structure) pour contourner les fonctions de s\u00e9curit\u00e9 dans un environnement Windows AD,&#8221; la soci\u00e9t\u00e9 a d\u00e9clar\u00e9 CVE-2022-37966.<\/p>\n<p>Les correctifs arrivent \u00e9galement comme l&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) cette semaine <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2022\/12\/15\/cisa-releases-forty-one-industrial-control-systems-advisories\" target=\"_blank\">publi\u00e9<\/a> 41 Avis de syst\u00e8mes de contr\u00f4le industriel (ICS) concernant divers d\u00e9fauts affectant les produits Siemens et Prosys OPC.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/12\/samba-issues-security-updates-to-patch.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80217 d\u00e9cembre 2022\ue804Ravie LakshmananS\u00e9curit\u00e9 du serveur \/ S\u00e9curit\u00e9 du r\u00e9seau Samba a publi\u00e9 des mises \u00e0 jour logicielles pour rem\u00e9dier \u00e0 plusieurs vuln\u00e9rabilit\u00e9s qui, si elles sont exploit\u00e9es avec succ\u00e8s, pourraient permettre \u00e0 un attaquant de prendre le contr\u00f4le des syst\u00e8mes affect\u00e9s. Les failles de haute gravit\u00e9, suivies comme CVE-2022-38023, CVE-2022-37966, CVE-2022-37967 et CVE-2022-45141ont \u00e9t\u00e9 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":515220,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4168,25646,4158,4165,4161,133,11128,11685,3995,4157,4159,4171,4170,4167,5115,4160,4163,4162,701,185,2212,29922,1835,4172,4169,4166,4164,12365],"class_list":["post-515219","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-comment-pirater","tag-corriger","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-des","tag-gravite","tag-haute","tag-jour","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-mises","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-plusieurs","tag-pour","tag-publie","tag-samba","tag-securite","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-vulnerabilites"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/515219","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=515219"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/515219\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/515220"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=515219"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=515219"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=515219"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}