CVE-2020-25717

Опубликовано: 09 нояб. 2021

Источник: redhat

CVSS3: 8.1

EPSS Низкий

Описание

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

Меры по смягчению последствий

Setting "gensec:require_pac=true" in the smb.conf makes, due to a cache prime in winbind, the DOMAIN\user lookup succeed, provided nss_winbind is in use, 'winbind use default domain = no' (the default) and no error paths are hit.
It would be prudent to pre-create disabled users in Active Directory matching on all privileged names not held in Active Directory, eg

samba-tool user add root -H ldap://$SERVER -U$USERNAME%$PASSWORD --random-password samba-tool user add ubuntu -H ldap://$SERVER -U$USERNAME%$PASSWORD --random-password

(repeat for eg all system users under 1000 in /etc/passwd or special to any other AD-connected services, eg perhaps "admin" for a web-app)

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	samba	Out of support scope
Red Hat Enterprise Linux 6	samba4	Out of support scope
Red Hat Enterprise Linux 9	samba	Not affected
Red Hat Enterprise Linux 7	samba	Fixed	RHSA-2021:5192	16.12.2021
Red Hat Enterprise Linux 8	samba	Fixed	RHSA-2021:5082	13.12.2021
Red Hat Enterprise Linux 8	samba	Fixed	RHSA-2021:5082	13.12.2021
Red Hat Enterprise Linux 8.2 Extended Update Support	samba	Fixed	RHSA-2022:0074	11.01.2022
Red Hat Enterprise Linux 8.4 Extended Update Support	samba	Fixed	RHSA-2022:0008	04.01.2022
Red Hat Gluster Storage 3.5 for RHEL 7	samba	Fixed	RHSA-2021:4844	29.11.2021
Red Hat Gluster Storage 3.5 for RHEL 8	samba	Fixed	RHSA-2021:4843	29.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=2019672samba: Active Directory (AD) domain user could become root on domain members

EPSS

Процентиль: 38%

0.00161

Низкий

8.1 High

CVSS3

Связанные уязвимости

CVE-2020-25717

CVSS3: 8.1

ubuntu

больше 3 лет назад

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

CVE-2020-25717

CVSS3: 8.1

nvd

больше 3 лет назад

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

CVE-2020-25717

CVSS3: 8.1

msrc

8 месяцев назад

Описание отсутствует

CVE-2020-25717

CVSS3: 8.1

debian

больше 3 лет назад

A flaw was found in the way Samba maps domain users to local users. An ...

openSUSE-SU-2021:3662-1

suse-cvrf

больше 3 лет назад

Security update for samba

EPSS

Процентиль: 38%

0.00161

Низкий

8.1 High

CVSS3