PT-2020-6709 · Samba+9 · Samba+9

Published

2020-09-16

Updated

2024-06-15

CVE-2020-25719

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description The issue is related to weaknesses in the authentication procedure of the Samba network interaction package. It allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The flaw is found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication, potentially leading to total domain compromise if the Samba AD DC becomes confused about the user a ticket represents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-287

Related Identifiers

ALSA-2021:5142

ALT-PU-2021-3247

ALT-PU-2021-3296

ALT-PU-2021-3339

ALT-PU-2021-3470

AZL-36995

AZL-8704

BDU:2022-05701

CESA-2021_5142

CESA-2021_5195

CVE-2020-25719

DSA-5003-1

ECHO-A223-D6F2-08E2

MGASA-2021-0585

OESA-2021-1461

OPENSUSE-SU-2021:3647-1

OPENSUSE-SU-2021_3647-1

OPENSUSE-SU-2024:11631-1

RHSA-2021:5142

RHSA-2021:5195

RHSA-2021_5142

RHSA-2021_5195

RHSA-2022:0007

RHSA-2022:0076

RLSA-2021:5142

SUSE-SU-2021:3647-1

SUSE-SU-2022:0361-1

USN-5142-1

USN-5142-2

USN-5142-3

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Samba

Suse

Ubuntu

PT-2020-6709 · Samba+9 · Samba+9

CVE-2020-25719

Weakness Enumeration

Related Identifiers

Affected Products

References · 96