CLSA-2026-1777945598

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1777945598
Upstream
Published
2026-05-05T01:46:44Z
Modified
2026-06-04T09:47:11.027449363Z
Summary
Fix CVE(s): CVE-2020-25717, CVE-2020-25719, CVE-2020-25722
Details
  • SECURITY UPDATE: domain user can become root on a domain member by renaming a machine account
    • debian/patches/CVE-2020-25717.patch: backport the el6/ol6 8-commit subset (samba 3.6.23 precedent); introduce the new "min domain uid" smb.conf parameter (default 1000) and enforce it in checkaccount() so a domain logon resolving to a uid below the threshold is rejected with NTSTATUSINVALIDTOKEN, drop the DOMAIN\user to user prefix-stripping fallback in smbgetpwnam(), stop autocreating local users from checkaccount() and from the kerberos guest fallback by passing create=false, drop the !winbindping() branch in createlocaltoken() so a missing winbindd no longer silently switches the unix-token computation, and require a PAC in any domain mode (DC or member) inside gensecgeneratesessioninfopac() returning NTSTATUSNOIMPERSONATION_TOKEN otherwise (the gensec hunk is the jointly tagged CVE-2020-25717+CVE-2020-25719 commit, so this update also delivers the member-server portion of CVE-2020-25719; the DC-side portion of CVE-2020-25719 is tracked separately under ELSCVE-104393)
    • CVE-2020-25717
  • SECURITY UPDATE: privileged attribute escalation and structural objectclass change in active directory ldap server
    • debian/patches/CVE-2020-25722.patch: in source4/dsdb/samdb/ldbmodules/objectclass.c, capture the current structural objectclass at the start of objectclassdomod and reject any modify that would change it; in source4/dsdb/samdb/ldbmodules/samldb.c, factor the domain ntSecurityDescriptor lookup into samldbgetdomainsecdesc() and add samldbchecksensitiveattributes() invoked from samldbadd() and samldbmodify() to refuse non-system writes to sidHistory, gate msDS-SecondaryKrbTgtNumber on the DS-Install-Replica extended right, and gate msDS-AllowedToDelegateTo on SePrivEnableDelegation
    • CVE-2020-25722
References

Affected packages

TuxCare:Ubuntu:16.04
ctdb

Package

Name
ctdb
Purl
pkg:deb/tuxcare/ctdb?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
libnss-winbind

Package

Name
libnss-winbind
Purl
pkg:deb/tuxcare/libnss-winbind?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
libpam-winbind

Package

Name
libpam-winbind
Purl
pkg:deb/tuxcare/libpam-winbind?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
libparse-pidl-perl

Package

Name
libparse-pidl-perl
Purl
pkg:deb/tuxcare/libparse-pidl-perl?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
libsmbclient

Package

Name
libsmbclient
Purl
pkg:deb/tuxcare/libsmbclient?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
libsmbclient-dev

Package

Name
libsmbclient-dev
Purl
pkg:deb/tuxcare/libsmbclient-dev?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
libwbclient-dev

Package

Name
libwbclient-dev
Purl
pkg:deb/tuxcare/libwbclient-dev?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
libwbclient0

Package

Name
libwbclient0
Purl
pkg:deb/tuxcare/libwbclient0?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
python-samba

Package

Name
python-samba
Purl
pkg:deb/tuxcare/python-samba?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
registry-tools

Package

Name
registry-tools
Purl
pkg:deb/tuxcare/registry-tools?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
samba

Package

Name
samba
Purl
pkg:deb/tuxcare/samba?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
samba-common

Package

Name
samba-common
Purl
pkg:deb/tuxcare/samba-common?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
samba-common-bin

Package

Name
samba-common-bin
Purl
pkg:deb/tuxcare/samba-common-bin?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
samba-dev

Package

Name
samba-dev
Purl
pkg:deb/tuxcare/samba-dev?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
samba-dsdb-modules

Package

Name
samba-dsdb-modules
Purl
pkg:deb/tuxcare/samba-dsdb-modules?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
samba-libs

Package

Name
samba-libs
Purl
pkg:deb/tuxcare/samba-libs?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
samba-testsuite

Package

Name
samba-testsuite
Purl
pkg:deb/tuxcare/samba-testsuite?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
samba-vfs-modules

Package

Name
samba-vfs-modules
Purl
pkg:deb/tuxcare/samba-vfs-modules?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
smbclient

Package

Name
smbclient
Purl
pkg:deb/tuxcare/smbclient?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"
winbind

Package

Name
winbind
Purl
pkg:deb/tuxcare/winbind?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.34+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777945598.json"