Your submission was sent successfully! Close

CVE-2020-25719

Published: 09 November 2021

Samba AD DC did not always rely on the SID and PAC in Kerberos tickets. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

Priority

Medium

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
Upstream
Released (4.13.14)
Ubuntu 21.10 (Impish Indri)
Released (2:4.13.14+dfsg-0ubuntu0.21.10.1)
Ubuntu 21.04 (Hirsute Hippo)
Released (2:4.13.14+dfsg-0ubuntu0.21.04.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2:4.13.14+dfsg-0ubuntu0.20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Needs triage