CVE-2020-25719

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-25719
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25719.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-25719
Downstream
Related
Published
2022-02-18T18:15:08.563Z
Modified
2026-02-07T05:12:59.981994Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

References

Affected packages

Git / github.com/samba-team/samba

Affected ranges

Type
GIT
Repo
https://github.com/samba-team/samba
Events
Introduced
4f5cfc9cc2631559f7e76a658c8984910b4d509f
Fixed
72d49f598976c7b8ab26523150b2c1a027b656a7
Introduced
9b49519cae3e967af9ea48dc5fcfb6c145e31db4
Fixed
9312b1832e5a808a63fc7f9e7d6e70348cc9eb86
Introduced
74b591b70639edf85f6d6382f3b9a6bfc616791f
Fixed
ac8c226ed9d8c067f6053c6f7f8f6457b86c2f52

Affected versions

ldb-2.*
ldb-2.3.0
ldb-2.3.1
ldb-2.3.2
samba-4.*
samba-4.14.0
samba-4.14.1
samba-4.14.2
samba-4.14.3
samba-4.14.4
samba-4.14.5
samba-4.14.6
samba-4.14.7
samba-4.14.8
samba-4.14.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25719.json"