CVE-2020-25719
Vulnerability Summary
Timeline
Description
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
CVSS Metrics
- v3.1•HIGH•Score: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 9AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 0.21%• Percentile: 44%
Techniques & Countermeasures
- CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
- CWE-287•Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Systems
- canonical•ubuntu_linux
20.04 | 21.04 | 21.10
- debian•debian_linux
9.0 | 10.0
- fedoraproject•fedora
33 | 34 | 35
- redhat•enterprise_linux
7.0 | 8.0
- redhat•enterprise_linux_desktop
7.0
- redhat•enterprise_linux_eus
8.2 | 8.4
- redhat•enterprise_linux_for_ibm_z_systems
7.0 | 8.0
- redhat•enterprise_linux_for_ibm_z_systems_eus
8.2 | 8.4
- redhat•enterprise_linux_for_power_big_endian
7.0
- redhat•enterprise_linux_for_power_little_endian
7.0 | 8.0
- redhat•enterprise_linux_for_power_little_endian_eus
8.2 | 8.4
- redhat•enterprise_linux_for_scientific_computing
7.0
- redhat•enterprise_linux_server_aus
8.2 | 8.4
- redhat•enterprise_linux_server_tus
8.2 | 8.4
- redhat•enterprise_linux_server_update_services_for_sap_solutions
8.2 | 8.4
- redhat•enterprise_linux_workstation
7.0
- samba•samba
≥ 4.0.0, < 4.13.14 | ≥ 4.14.0, < 4.14.10 | ≥ 4.15.0, < 4.15.2