CVE-2020-25721Improper Input Validation in Samba

CWE-20Improper Input Validation11 documents6 sources
Severity
8.8HIGHNVD
OSV5.9
EPSS
0.4%
top 41.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SambaDebian Samba
Timeline
PublishedMar 16
Latest updateMar 17

Description

Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

NVDsamba/samba4.13.04.13.14+2
debiandebian/samba< samba 2:4.13.14+dfsg-1 (bookworm)
Debiansamba/samba< 2:4.13.13+dfsg-1~deb11u2+3
Ubuntusamba/samba< 2:4.13.14+dfsg-0ubuntu0.20.04.4+2
CVEListV5samba/sambaAffected - All versions since Samba 4.0.0, Fixed-In - v4.15.2, v4.14.10 and v4.13.14

🔴Vulnerability Details

5
GHSA
GHSA-wcq8-frw5-cgvr: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid)2022-03-17
OSV
CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid)2022-03-16
OSV
samba regression2021-12-13
OSV
samba regressions2021-12-06
OSV
samba vulnerabilities2021-11-11

📋Vendor Advisories

5
Ubuntu
Samba regression2021-12-13
Ubuntu
Samba regressions2021-12-06
Ubuntu
Samba vulnerabilities2021-11-11
Red Hat
samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)2021-11-09
Debian
CVE-2020-25721: samba - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Sam...2020