Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-25719

Опубликовано: 09 нояб. 2021
Источник: redhat
CVSS3: 7.2
EPSS Низкий

Описание

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6sambaNot affected
Red Hat Enterprise Linux 6samba4Not affected
Red Hat Enterprise Linux 7sambaNot affected
Red Hat Enterprise Linux 8sambaNot affected
Red Hat Enterprise Linux 9ipaNot affected
Red Hat Enterprise Linux 9sambaNot affected
Red Hat Storage 3sambaNot affected
Red Hat Enterprise Linux 7ipaFixedRHSA-2021:519516.12.2021
Red Hat Enterprise Linux 8idmFixedRHSA-2021:514215.12.2021
Red Hat Enterprise Linux 8.2 Extended Update SupportidmFixedRHSA-2022:007611.01.2022

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=2019732samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets

EPSS

Процентиль: 38%
0.00161
Низкий

7.2 High

CVSS3

Связанные уязвимости

CVSS3: 7.2
ubuntu
больше 3 лет назад

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

CVSS3: 7.2
nvd
больше 3 лет назад

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

CVSS3: 7.2
msrc
10 месяцев назад

Описание отсутствует

CVSS3: 7.2
debian
больше 3 лет назад

A flaw was found in the way Samba, as an Active Directory Domain Contr ...

rocky
больше 3 лет назад

Moderate: idm:DL1 security update

EPSS

Процентиль: 38%
0.00161
Низкий

7.2 High

CVSS3