CVE-2020-25722Incorrect Authorization in Samba

CWE-863Incorrect Authorization10 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 38.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SambaCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedFeb 18
Latest updateFeb 19

Description

Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDsamba/samba4.0.04.13.14+2
Debiansamba/samba< 2:4.13.13+dfsg-1~deb11u2+3
CVEListV5samba/sambasamba 4.15.2, samba 4.14.10, samba 4.13.14

Also affects: Debian Linux 10.0, 9.0, Fedora 33, 34, 35, Ubuntu Linux 18.04, 20.04, 21.04, 21.10

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
GHSA
GHSA-5hcc-fcfj-mj9h: Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data2022-02-19
OSV
CVE-2020-25722: Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data2022-02-18
CVEList
CVE-2020-25722: Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data2022-02-18
OSV
samba vulnerabilities2021-12-06

📋Vendor Advisories

5
Microsoft
Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.2022-02-08
Ubuntu
Samba vulnerabilities2021-12-06
Ubuntu
Samba vulnerabilities2021-11-11
Red Hat
samba: Samba AD DC did not do sufficient access and conformance checking of data stored2021-11-09
Debian
CVE-2020-25722: samba - Multiple flaws were found in the way samba AD DC implemented access and conforma...2020
CVE-2020-25722 — Incorrect Authorization in Samba | cvebase