CVE-2020-25719
Severity
7.2HIGH
EPSS
0.2%
top 56.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 18
Latest updateFeb 19
Description
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9
Affected Packages5 packages
Also affects: Debian Linux 10.0, 9.0, Fedora 33, 34, 35, Ubuntu Linux 20.04, 21.04, 21.10, Enterprise Linux 7.0, 8.0, 8.2, 8.4
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-882h-52g4-fpjv: A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication↗2022-02-19
CVEList▶
CVE-2020-25719: A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication↗2022-02-18
OSV▶
CVE-2020-25719: A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication↗2022-02-18
📋Vendor Advisories
4Microsoft▶
A flaw was found in the way Samba as an Active Directory Domain Controller implemented Kerberos name-based authentication. The Samba AD DC could become confused about the user a ticket represents if i↗2022-02-08
Debian▶
CVE-2020-25719: samba - A flaw was found in the way Samba, as an Active Directory Domain Controller, imp...↗2020