Vulnerability CVE-2020-25719

Vulnerability Name:

CVE-2020-25719 (CCN-215461)

Assigned:

2020-09-16

Published:

2021-11-08

Updated:

2022-10-21

Summary:

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

CVSS v3 Severity:

7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
6.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.2 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
6.3 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-362
CWE-287

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2020-25719

Source: CCN
Type: Red Hat Bugzilla Bug 2019732
(CVE-2020-25719) - CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2019732

Source: XF
Type: UNKNOWN
samba-cve202025719-sec-bypass(215461)

Source: CCN
Type: Samba Web site
Samba AD DC did not always rely on the SID and PAC in Kerberos tickets

Source: MISC
Type: Mitigation, Vendor Advisory
https://www.samba.org/samba/security/CVE-2020-25719.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.15.0 and < 4.15.2)

OR cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.14.0 and < 4.14.10)

OR cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.0.0 and < 4.13.14)

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:samba:samba:4.13.0:-:*:*:*:*:*:*

OR cpe:/a:samba:samba:4.14.0:-:*:*:*:*:*:*

OR cpe:/a:samba:samba:4.15.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7662	P	libsamba-policy-devel-4.17.7+git.330.4057cd7a27a-150500.1.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7682	P	libtiff-devel-4.0.9-150000.45.25.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7661	P	libsamba-errors-devel-4.13.13+git.539.fdbc44a8598-3.20.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:807	P	Security update for python3 (Important)	2022-10-06
oval:org.opensuse.security:def:3708	P	Security update for git (Important)	2022-07-26
oval:org.opensuse.security:def:3071	P	ft2demos-2.6.3-7.15.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3072	P	fuse-2.9.3-6.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94701	P	libsamba-errors-devel-4.13.13+git.539.fdbc44a8598-3.20.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94702	P	libsamba-policy-devel-4.15.5+git.328.f1f29505d84-150400.1.44 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:112126	P	ctdb-4.15.2+git.193.a4d6307f1fd-1.1 on GA media (Moderate)	2022-01-17
oval:com.redhat.rhsa:def:20215195	P	RHSA-2021:5195: ipa security and bug fix update (Moderate)	2021-12-16
oval:com.redhat.rhsa:def:20215142	P	RHSA-2021:5142: idm:DL1 security update (Moderate)	2021-12-15
oval:org.opensuse.security:def:102137	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:99159	P	(Important)	2021-11-10
oval:org.opensuse.security:def:8396	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:1740	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:100349	P	(Important)	2021-11-10
oval:org.opensuse.security:def:64797	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:102298	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:99431	P	(Important)	2021-11-10
oval:org.opensuse.security:def:73919	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:100678	P	(Important)	2021-11-10
oval:org.opensuse.security:def:67313	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:6224	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:99694	P	(Important)	2021-11-10
oval:org.opensuse.security:def:76381	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:111781	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:101538	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:68771	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:1576	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:100013	P	(Important)	2021-11-10
oval:org.opensuse.security:def:76551	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:42238	P	Security update for samba and ldb (Important)	2021-11-10

BACK