CVE-2020-25720

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Incorrect Privilege Assignment

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-264CWE-285

Related Identifiers

ALT-PU-2023-1808

ALT-PU-2023-1904

ALT-PU-2023-7794

ALT-PU-2024-12484

AZL-53220

BDU:2025-00114

CVE-2020-25720

SUSE-SU-2023:2929-1

SUSE-SU-2023_2929-1

Affected Products

Alt Linux

Astra Linux

Debian

Red Os

Samba

Suse

CVE-2020-25720

Weakness Enumeration

Related Identifiers

Affected Products

References · 39