Vulnerability CVE-2020-25718

Vulnerability Name:

CVE-2020-25718 (CCN-221521)

Assigned:

2020-09-16

Published:

2021-11-03

Updated:

2022-11-07

Summary:

A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-862

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-25718

Source: CCN
Type: Red Hat Bugzilla - Bug 2019726
CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2019726

Source: XF
Type: UNKNOWN
samba-cve202025718-info-disc(221521)

Source: CCN
Type: Samba Web site
CVE-2020-25718.html

Source: MISC
Type: Vendor Advisory
https://www.samba.org/samba/security/CVE-2020-25718.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.15.0 and < 4.15.2)

OR cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.14.0 and < 4.14.10)

OR cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.0.0 and < 4.13.14)

Configuration 2:

cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:samba:samba:4.13.0:-:*:*:*:*:*:*

OR cpe:/a:samba:samba:4.14.0:-:*:*:*:*:*:*

OR cpe:/a:samba:samba:4.15.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7682	P	libtiff-devel-4.0.9-150000.45.25.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7661	P	libsamba-errors-devel-4.13.13+git.539.fdbc44a8598-3.20.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7662	P	libsamba-policy-devel-4.17.7+git.330.4057cd7a27a-150500.1.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:807	P	Security update for python3 (Important)	2022-10-06
oval:org.opensuse.security:def:3708	P	Security update for git (Important)	2022-07-26
oval:org.opensuse.security:def:3072	P	fuse-2.9.3-6.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3071	P	ft2demos-2.6.3-7.15.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94701	P	libsamba-errors-devel-4.13.13+git.539.fdbc44a8598-3.20.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94702	P	libsamba-policy-devel-4.15.5+git.328.f1f29505d84-150400.1.44 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:112126	P	ctdb-4.15.2+git.193.a4d6307f1fd-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:99694	P	(Important)	2021-11-10
oval:org.opensuse.security:def:76381	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:111781	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:101538	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:68771	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:1576	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:100013	P	(Important)	2021-11-10
oval:org.opensuse.security:def:76551	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:42238	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:102137	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:99159	P	(Important)	2021-11-10
oval:org.opensuse.security:def:8396	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:1740	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:100349	P	(Important)	2021-11-10
oval:org.opensuse.security:def:64797	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:102298	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:99431	P	(Important)	2021-11-10
oval:org.opensuse.security:def:73919	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:100678	P	(Important)	2021-11-10
oval:org.opensuse.security:def:67313	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:6224	P	Security update for samba and ldb (Important)	2021-11-10

BACK