Your submission was sent successfully! Close

CVE-2020-25719

Published: 9 November 2021

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

Notes

AuthorNote
mdeslaur
Fixing this in Ubuntu 18.04 LTS would require substantial
code backports. We will not be fixing this issue in Ubuntu 18.04
LTS. In environments where this is of concern, we recommend
updating to a more recent Ubuntu version.
Priority

Medium

CVSS 3 base score: 7.2

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
bionic Ignored

focal
Released (2:4.13.14+dfsg-0ubuntu0.20.04.1)
hirsute
Released (2:4.13.14+dfsg-0ubuntu0.21.04.1)
impish
Released (2:4.13.14+dfsg-0ubuntu0.21.10.1)
jammy
Released (2:4.13.14+dfsg-0ubuntu1)
trusty Needs triage

upstream
Released (4.13.14)
xenial Needs triage