Your submission was sent successfully! Close

CVE-2020-25721

Published: 9 November 2021

Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.

Notes

AuthorNote
mdeslaur
Fixing this in Ubuntu 18.04 LTS would require substantial
code backports. We will not be fixing this issue in Ubuntu 18.04
LTS. In environments where this is of concern, we recommend
updating to a more recent Ubuntu version.
Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
bionic Ignored

focal
Released (2:4.13.14+dfsg-0ubuntu0.20.04.1)
hirsute
Released (2:4.13.14+dfsg-0ubuntu0.21.04.1)
impish
Released (2:4.13.14+dfsg-0ubuntu0.21.10.1)
jammy
Released (2:4.13.14+dfsg-0ubuntu1)
trusty Needs triage

upstream
Released (4.13.14)
xenial Needs triage