Vulnerability CVE-2020-25721

Vulnerability Name:

CVE-2020-25721 (CCN-218109)

Assigned:

2020-09-16

Published:

2021-11-08

Updated:

2022-03-22

Summary:

Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.6 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)
6.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): High

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

8.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Complete

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2020-25721

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2021728

Source: MISC
Type: Issue Tracking, Vendor Advisory
https://bugzilla.samba.org/show_bug.cgi?id=14725

Source: CCN
Type: The Samba-Bugzilla - Bug 14834
[SECURITY] Andrew's Kerberos Concerns and other issues (Nov 9 2021 Release bug)

Source: XF
Type: UNKNOWN
samba-cve202025721-priv-esc(218109)

Source: CCN
Type: Samba Web site
Kerberos acceptors need easy access to stable AD identifiers (eg objectSid)

Source: MISC
Type: Vendor Advisory
https://www.samba.org/samba/security/CVE-2020-25721.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.13.0 and < 4.13.14)

OR cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.14.0 and < 4.14.10)

OR cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.15.0 and < 4.15.2)

Configuration CCN 1:

cpe:/a:samba:samba:4.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7661	P	libsamba-errors-devel-4.13.13+git.539.fdbc44a8598-3.20.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7682	P	libtiff-devel-4.0.9-150000.45.25.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7662	P	libsamba-policy-devel-4.17.7+git.330.4057cd7a27a-150500.1.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:807	P	Security update for python3 (Important)	2022-10-06
oval:org.opensuse.security:def:3708	P	Security update for git (Important)	2022-07-26
oval:org.opensuse.security:def:3072	P	fuse-2.9.3-6.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3071	P	ft2demos-2.6.3-7.15.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94701	P	libsamba-errors-devel-4.13.13+git.539.fdbc44a8598-3.20.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94702	P	libsamba-policy-devel-4.15.5+git.328.f1f29505d84-150400.1.44 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:4303	P	Security update for samba (Critical)	2022-02-14
oval:org.opensuse.security:def:5339	P	Security update for samba (Critical)	2022-02-14
oval:org.opensuse.security:def:6156	P	Security update for samba (Critical)	2022-02-14
oval:org.opensuse.security:def:112126	P	ctdb-4.15.2+git.193.a4d6307f1fd-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:99694	P	(Important)	2021-11-10
oval:org.opensuse.security:def:76381	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:111781	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:101538	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:68771	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:1576	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:100013	P	(Important)	2021-11-10
oval:org.opensuse.security:def:76551	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:42238	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:102137	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:99159	P	(Important)	2021-11-10
oval:org.opensuse.security:def:8396	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:1740	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:100349	P	(Important)	2021-11-10
oval:org.opensuse.security:def:64797	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:102298	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:99431	P	(Important)	2021-11-10
oval:org.opensuse.security:def:73919	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:100678	P	(Important)	2021-11-10
oval:org.opensuse.security:def:67313	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:6224	P	Security update for samba and ldb (Important)	2021-11-10

BACK