CVE-2020-25717

CWE-20Improper Input Validation14 documents8 sources
Severity
8.1HIGH
EPSS
0.5%
top 33.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
24
Samba SambaCanonical Ubuntu LinuxDebian Debian Linux+21 more
Timeline
PublishedFeb 18
Latest updateFeb 19

Description

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages12 packages

NVDsamba/samba3.0.04.13.14+2
Debiansamba< 2:4.13.13+dfsg-1~deb11u2+3
Ubuntusamba< 2:4.7.6+dfsg~ubuntu-0ubuntu2.26+1
CVEListV5sambasamba 4.15.2, samba 4.14.10, samba 4.13.14
NVDredhat/openstack13, 16.1, 16.2+2

Also affects: Debian Linux 10.0, 9.0, Fedora 33, 34, 35, Ubuntu Linux 18.04, 20.04, 21.04, 21.10, Enterprise Linux 7.0, 8.0, 8.2, 8.4

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

8
GHSA
GHSA-fv5q-mr4m-w2qm: A flaw was found in the way Samba maps domain users to local users2022-02-19
CVEList
CVE-2020-25717: A flaw was found in the way Samba maps domain users to local users2022-02-18
OSV
CVE-2020-25717: A flaw was found in the way Samba maps domain users to local users2022-02-18
OSV
samba regression2021-12-13
OSV
samba regression2021-12-13

📋Vendor Advisories

5
Microsoft
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.2022-02-08
Ubuntu
Samba vulnerabilities2021-12-06
Ubuntu
Samba vulnerabilities2021-11-11
Red Hat
samba: Active Directory (AD) domain user could become root on domain members2021-11-09
Debian
CVE-2020-25717: samba - A flaw was found in the way Samba maps domain users to local users. An authentic...2020