CVE-2020-25720Samba vulnerability

CWE-2645 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 47.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SambaDebian Samba
Timeline
PublishedNov 17

Description

A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator m

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

debiandebian/samba< samba 2:4.17.8+dfsg-1 (bookworm)
Debiansamba/samba< 2:4.17.8+dfsg-1+2

🔴Vulnerability Details

2
OSV
CVE-2020-25720: A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes o2024-11-17
GHSA
GHSA-r7p2-7qw3-phxg: A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes o2024-11-17

📋Vendor Advisories

2
Red Hat
samba: check attribute access rights for LDAP adds of computers2022-06-14
Debian
CVE-2020-25720: samba - A vulnerability was found in Samba where a delegated administrator with permissi...2020