Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-25721

Published: 16/03/2022 Updated: 17/09/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Samba

Vulnerability Summary

Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

samba samba

Vendor Advisories

Debian Security Advisories: DSA-5003-1 samba -- security update
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix CVE-2016-2124 Stefan Metzmacher reported that SMB1 client connections can be downgraded to plaintext authentication CVE-2020-25717 Andrew Bartlett reported that Samba may map domain users to local users in an undesired way, al ...
Arch Linux Issues:
A security issue has been found in Samba versions 400 to 4151 Samba as an AD DC did not provide a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets ...
Amazon Linux 2022: ALAS2022-2022-022
A flaw was found in the way samba implemented SMB1 authentication An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required (CVE-2016-2124) A flaw was found in the way Samba maps domain users to local users An authenticated attacker could use this flaw to cause possible pri ...
Amazon Linux 2022: ALAS-2022-224
ALAS-2022-224 Amazon Linux 2022 Security Advisory: ALAS-2022-224 Advisory Release Date: 2022-12-06 16:42 Pacific ...

Mailing Lists

Full Disclosure: Fwd: Samba 4.15.2, 4.14.10, 4.13.14 Security Releases are available for Download
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Fwd: Samba 4152, 41410, 41314 Security Releases are available for Download <!--X-Subject-Header-End--> <!--X-Head-of-Mes ...

References

CWE-20https://bugzilla.redhat.com/show_bug.cgi?id=2021728https://www.samba.org/samba/security/CVE-2020-25721.htmlhttps://bugzilla.samba.org/show_bug.cgi?id=14725https://security.gentoo.org/glsa/202309-06https://www.debian.org/security/2021/dsa-5003https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook